Offensive IoT Exploitation


IoT in 2018 is everywhere - it's in our cars, refrigerators, televisions, home automation systems, ICS, medical devices and any place you can imagine. 


What about the security of these devices? Turns out, most of these devices are not really secure.


But how would you get  ready to perform IoT penetration testing and exploitation


Turns out IoT security is more complex than you can think. 


You have to learn about Firmware, Embedded Devices, Serial communication protocols, Software Defined Radio, Bluetooth Low Energy(BLE), ZigBee and what not! 


We at Attify decided to create a training curriculum, based on our experience of conducting 100+ penetration testing engagements in the past year.


A class which is not just going through the slides and theoretical information, but actually giving everyone an opportunity to perform exploitation techniques on real world IoT devices


That's how Offensive IoT Exploitation was born - A 3/5 day class, which covers everything from the very basics to getting you ready for real-world IoT device pentesting. 


The class is taught by actual practitioners (not just security trainers), so that you get to see what happens in a real world penetration testing engagement - what kind of vulnerabilities you would most commonly see, how to identify them, how to exploit them and most importantly the tools and tactics which we use at Attify


Think of it as a mastermind session - where you get to not only sit for 3 or 5 days with people extremely passionate about IoT exploitation techniques, mentored by someone who has been doing this for years. 

We start the class with Internals of IoT, identifying attack surface, developing the pentest mindset, then moving into Firmware RE to internals of electronics to Embedded Device Hacking gradually into Software Defined Radio and finally exploiting BLE and ZigBee communication protocols - all with hands-on labs and exercises.  


Attend this class only if - 

1. You are really enthusiastic about IoT security/exploitation

2. You want to make a career in IoT penetration testing 

3. You want to find 0-days in Internet of Things and Smart devices 


The seats in these classes are extremely limited to encourage maximum collaboration and knowledge sharing. 


See below for our upcoming classes or contact us to conduct a training in your organization. 


Topics covered

course outline

After the class, the attendees will be able to: 

  • Extract and analyze device firmwares

  • Debug and Disassemble binaries

  • Exploit UART, SPI, I2C and JTAGs

  • JTAG debugging, exploitation

  • Dump firmware through various techniques

  • Debug hardware and software

  • Analyze security of MQTT and other communication protocols

  • Attack cloud and mobile component of an IoT device

  • Sniff, Replay, MITM and Attack Radio communications

  • BLE and Zigbee exploitation

  • ARM and MIPS Reversing

  • Conventional and Un-conventional attack techniques

  • Side Channel and Glitching based Attacks

  • Write exploits for the platforms
    and more.

All the above mentioned topics are taught with an extremely hands-on lab based practical sessions. 

Additional Information


What students will be provided with

  • IoT devices

  • Attify's IoT pentesting VM

  • Printed Lab reference material and handouts

  • 600+ slides (PDF Copy)

  • Hardware Hacking Kit to take home (3-day version) and IoT Exploitation kit (5-day version)

Who can attend this course

  • IoT Security Enthusiasts

  • Security Professionals and Penetration Testers

  • Embedded Developers


  • 3-days Pentesters Edition

  • 5-days Bootcamp (covers everything from basic to advanced)


Upcoming Classes

Online version of the class available here -

Contact us using the link below to conduct one at your organization.

BlackHat OWASP AppSec Brucon
Training feedback
IoT Security training feedback
IoT Exploitation training feedback