Offensive IoT Exploitation

COURSE ABSTRACT

IoT in 2018 is everywhere - it's in our cars, refrigerators, televisions, home automation systems, ICS, medical devices and any place you can imagine. 

 

What about the security of these devices? Turns out, most of these devices are not really secure.

 

But how would you get  ready to perform IoT penetration testing and exploitation

 

Turns out IoT security is more complex than you can think. 

 

You have to learn about Firmware, Embedded Devices, Serial communication protocols, Software Defined Radio, Bluetooth Low Energy(BLE), ZigBee and what not! 

 

We at Attify decided to create a training curriculum, based on our experience of conducting 100+ penetration testing engagements in the past year.

 

A class which is not just going through the slides and theoretical information, but actually giving everyone an opportunity to perform exploitation techniques on real world IoT devices

 

That's how Offensive IoT Exploitation was born - A 3/5 day class, which covers everything from the very basics to getting you ready for real-world IoT device pentesting. 

 

The class is taught by actual practitioners (not just security trainers), so that you get to see what happens in a real world penetration testing engagement - what kind of vulnerabilities you would most commonly see, how to identify them, how to exploit them and most importantly the tools and tactics which we use at Attify

 

Think of it as a mastermind session - where you get to not only sit for 3 or 5 days with people extremely passionate about IoT exploitation techniques, mentored by someone who has been doing this for years. 
 

We start the class with Internals of IoT, identifying attack surface, developing the pentest mindset, then moving into Firmware RE to internals of electronics to Embedded Device Hacking gradually into Software Defined Radio and finally exploiting BLE and ZigBee communication protocols - all with hands-on labs and exercises.  

 

Attend this class only if - 

1. You are really enthusiastic about IoT security/exploitation

2. You want to make a career in IoT penetration testing 

3. You want to find 0-days in Internet of Things and Smart devices 

 

The seats in these classes are extremely limited to encourage maximum collaboration and knowledge sharing. 

 

See below for our upcoming classes or contact us to conduct a training in your organization. 

 


Topics covered

course outline

After the class, the attendees will be able to: 

  • Extract and analyze device firmwares 
  • Debug and Disassemble binaries 
  • Exploit UART, SPI, I2C and JTAGs 
  • JTAG debugging, exploitation
  • Dump firmware through various techniques 
  • Debug hardware and software 
  • Analyze security of MQTT and other communication protocols 
  • Attack cloud and mobile component of an IoT device
  • Sniff, Replay, MITM and Attack Radio communications 
  • BLE and Zigbee exploitation
  • ARM and MIPS Reversing
  • Conventional and Un-conventional attack techniques 
  • Side Channel and Glitching based Attacks
  • Write exploits for the platforms
    and more. 

All the above mentioned topics are taught with an extremely hands-on lab based practical sessions. 


Additional Information

 

What students will be provided with

  • IoT devices  
  • Attify's IoT pentesting VM
  • Printed Lab reference material and handouts
  • 600+ slides (PDF Copy)
  • Hardware Hacking Kit to take home (3-day version) and IoT Exploitation kit (5-day version)

Who can attend this course

  • IoT Security Enthusiasts
  • Security Professionals and Penetration Testers
  • Embedded Developers

VERSIONS

  • 3-days Pentesters Edition
  • 5-days Bootcamp (covers everything from basic to advanced) 

 

Upcoming Classes

BlackHat OWASP AppSec Brucon
Training feedback
IoT Security training feedback
IoT Exploitation training feedback

PRICING FOR IOT PENTESTING TRAINING

Less than 7

$18,999

2-days Training

  • Delivered by Attify's instructors
  • Certification CTF
  • Labs Access and Additional materials
  • Video access to the entire course
  • Slack Collaboration Access
  • IoT Exploitation kit (Basic) for all

Upto 15 people

$34,999

3-Day Training

  • Delivered by Attify's instructors
  • Certification CTF
  • Labs Access and Additional material
  • Video access to the entire course
  • Slack Collaboration Access
  • IoT Exploitation kit (Basic) for all
Most popular

Online Training

$11,999*

2-Day Training

  • Delivered by Attify's instructors
  • Certification CTF
  • Lab Access and Additional materials
  • Video Access to the recording
  • Slack Collaboration Access
  • IoT Exploitation kit (Basic) for all

Notes on the pricing: 

  • The above pricing is valid only for the United States and Canada
  • For other countries, there would be an additional charge of $3,000 for the travel and accommodation 
  • For Online training, there will be an additional $1000 + Shipping cost/attendee for the IoT Exploitation kit. 

REQUEST TO CONDUCT OFFENSIVE IOT EXPLOITATION AT YOUR ORGANIZATION