Offensive IoT Exploitation
COURSE ABSTRACT
IoT or the Internet of Things is one of the most upcoming trends in technology as of now. A lot many new devices are coming up every single month. However, not much attention has been paid to the device's security till now.
"Offensive IoT Exploitation" is a brand new and unique course which offers pentesters the ability to assess and exploit the security of these smart devices. The training will cover different varieties of IoT devices, assessing their attack surfaces and writing exploits for them. The 3-day (or 5-day) class will be hands-on giving attendees the ability to try things themselves rather than just watching the slides.
We will start from the very beginning discussing about the architecture of IoT devices, and then slowly moving to firmware analysis, identifying attack surface, finding vulnerabilities and then finally exploiting the vulnerabilities.
The course labs include both emulated environments as well as real live devices which will be provided to the attendees during the training. A custom VM - AttifyOS will be provided by the trainer which will be used for the entire class.
Offensive IoT Exploitation is the course for you if you want to try exploitation on different IoT devices and discover security vulnerabilities and 0-days in IoT devices.
At the end of the class, there will be a final CTF challenge where the attendees will have to identify security vulnerabilities and exploit them, in a completely unknown device.
Note: The training is available as both on-site and live online instructor-led class.
Topics covered
course outline
After the class, the attendees will be able to:
Extract and analyze device firmwares
Debug and Disassemble binaries
Exploit UART, SPI, I2C and JTAGs
JTAG debugging, exploitation
Dump firmware through various techniques
Debug hardware and software
Analyze security of MQTT, CoAP and M2MXML protocols
Attack cloud and mobile component of an IoT device
Sniff, Replay, MITM and Attack Radio communications
BLE and Zigbee exploitation
ARM and MIPS Reversing
Conventional and Un-conventional attack techniques
Side Channel Attacks (Clock, Vcc glitching, breaking crypto)
Write exploits for the platforms
and more.
All the above mentioned topics are taught with an extremely hands-on lab based practical sessions.
Additional Information
What students will be provided with
IoT devices
Attify's IoT pentesting VM
Printed Lab reference material and handouts
600+ slides (PDF Copy)
Hardware Hacking Kit to take home
Who can attend this course
IoT Security Enthusiasts
Security Professionals and Penetration Testers
Embedded Developers
VERSIONS
2-days Beginner Edition
2-days Intermediate Edition
2-days Advanced Edition
3-days Pentesters Edition
5-days Bootcamp (covers everything from basic to advanced)