Offensive IoT Exploitation
IoT in 2018 is everywhere - it's in our cars, refrigerators, televisions, home automation systems, ICS, medical devices and any place you can imagine.
What about the security of these devices? Turns out, most of these devices are not really secure.
But how would you get ready to perform IoT penetration testing and exploitation?
Turns out IoT security is more complex than you can think.
You have to learn about Firmware, Embedded Devices, Serial communication protocols, Software Defined Radio, Bluetooth Low Energy(BLE), ZigBee and what not!
We at Attify decided to create a training curriculum, based on our experience of conducting 100+ penetration testing engagements in the past year.
A class which is not just going through the slides and theoretical information, but actually giving everyone an opportunity to perform exploitation techniques on real world IoT devices.
That's how Offensive IoT Exploitation was born - A 3/5 day class, which covers everything from the very basics to getting you ready for real-world IoT device pentesting.
The class is taught by actual practitioners (not just security trainers), so that you get to see what happens in a real world penetration testing engagement - what kind of vulnerabilities you would most commonly see, how to identify them, how to exploit them and most importantly the tools and tactics which we use at Attify.
Think of it as a mastermind session - where you get to not only sit for 3 or 5 days with people extremely passionate about IoT exploitation techniques, mentored by someone who has been doing this for years.
We start the class with Internals of IoT, identifying attack surface, developing the pentest mindset, then moving into Firmware RE to internals of electronics to Embedded Device Hacking gradually into Software Defined Radio and finally exploiting BLE and ZigBee communication protocols - all with hands-on labs and exercises.
Attend this class only if -
1. You are really enthusiastic about IoT security/exploitation
2. You want to make a career in IoT penetration testing
3. You want to find 0-days in Internet of Things and Smart devices
The seats in these classes are extremely limited to encourage maximum collaboration and knowledge sharing.
See below for our upcoming classes or contact us to conduct a training in your organization.
After the class, the attendees will be able to:
Extract and analyze device firmwares
Debug and Disassemble binaries
Exploit UART, SPI, I2C and JTAGs
JTAG debugging, exploitation
Dump firmware through various techniques
Debug hardware and software
Analyze security of MQTT and other communication protocols
Attack cloud and mobile component of an IoT device
Sniff, Replay, MITM and Attack Radio communications
BLE and Zigbee exploitation
ARM and MIPS Reversing
Conventional and Un-conventional attack techniques
Side Channel and Glitching based Attacks
Write exploits for the platforms
All the above mentioned topics are taught with an extremely hands-on lab based practical sessions.
What students will be provided with
Attify's IoT pentesting VM
Printed Lab reference material and handouts
600+ slides (PDF Copy)
Hardware Hacking Kit to take home (3-day version) and IoT Exploitation kit (5-day version)
Who can attend this course
IoT Security Enthusiasts
Security Professionals and Penetration Testers
3-days Pentesters Edition
5-days Bootcamp (covers everything from basic to advanced)
Online version of the class available here - https://www.attify-store.com/collections/real-world-training/products/offensive-iot-exploitation-live-training
Contact us using the link below to conduct one at your organization.