Offensive Internet of Things (IoT) Exploitation is an in-depth course in IoT security and teaches you how to pentest and exploit the so-called “smart” devices. This online class is taught using practical, real world examples on how to to analyze and pentest hardware, firmware, software components, network communication, mobile apps used to control devices and their radio communication protocols.

IoT is one of the hottest trends in technology right now! There seems to be an arms race between both consumer and industrial vendors to connect almost everything to the Internet – your fridge, thermostat, coffee machine, watch, shoes, dog’s collar and toaster are all included! This new frenzy to connect “everything” to the Internet is here to stay and we are already seeing millions of these “smart” devices in homes, offices and public areas.

During the previous “Mobile Application” age, security took a backseat and almost every other app was insecure to the most basic and embarrassing of vulnerabilities. Unfortunately, to our horror, this golden age of “IoT – smart devices” is no different!

The key challenge in learning how to pentest and secure IoT devices is understanding the complex interaction between hardware and firmware. This includes being able to find debug ports to connect to or even having the ability to read/write directly to a chip! This course will take you through this complex yet extremely interesting and exciting journey.

This course is beginner friendly and starts from the very basics of IoT devices and their security – how to get started? Hardware? Software? Tools? Techniques? Will all be answered. This training is ideal for penetration testers, security engineers, managers, bug bounty hunters and anyone interested in uncovering how “smart” these devices really are 🙂

A non-exhaustive list of topics to be covered include:

  • Introduction to Offensive IoT Exploitation
  • Mapping attack surface of an IoT device
  • Firmware analysis – identifying hardcoded secrets
  • Emulating firmware binary
  • Backdooring a firmware
  • Firmware emulation using FAT
  • Web application security for IoT devices
  • Burp 101
  • Exploiting command injection
  • CSRF and firmware diffing
  • Conventional attack vectors – Password cracking
  • Conventional attack vectors intro
  • Analyzing smart plugs
  • Controlling smart plug by defeating encryption
  • ARM 101
  • Buffer overflow on ARM
  • Exploit writing on ARM
  • Using radare2 for MIPS binary analysis
  • Exploitation using GDB remote debugging on MIPS
  • Introduction to UART
  • Serial interfacing over UART
  • NAND Glitching attack
  • SPI and I2c – Getting started
  • Dumping EEPROM data
  • Identifying JTAG pinouts using Arduino
  • Identifying pins using JTAGulator
  • JTAG – Introduction and Getting started
  • JTAG debugging
  • Introduction to SDR and basic radio components
  • Getting started with GNU Radio companion
  • Decoding an AM signal
  • Capturing FM signals using RTL-SDR
  • Analyzing wireless doorbells using RTL-SDR
  • Sensitive information extraction from Signal
  • Introduction to Zigbee
  • Sniffing and replaying data using Zigbee
  • Conclusion