IoT Exploitation

CR114


5 Days

Download Full Syllabus Request a Quote
All Our Courses Now Also LIVE

Course Outline

The Internet of Things maps all physical devices, vehicles, weapons, home appliances and other items, embedded with electronics, software and sensors that have an IP address and network connectivity. This highly immersive and advanced training plan will cover the fundamentals of how IoT devices operate and communicate, and disclose what lies in the background of their physical set-up. Students will explore different methodologies of detecting vulnerabilities on

these devices and learn how to exploit them on the hardware, software and application layers. Participants will exercise those techniques and will practice further using physical tools designed to help with the penetration process. The course also prepares attendees to master radio and Bluetooth exploitation methods, that are critical assets for IoT researchers. By completing the training, participants will have prominent skills and practical experience in the domain of IoT exploitation, and will be familiar with some of the most advanced tools and techniques on the market.

Upcoming Meetings

Modules

Introduction to IoT
  • Exploring Shodan
  • Graphic user interface
  • Command line interface: Using automation, Collecting data with advance filtering, Extracting data
  • Mapping operating-systems, applications and IoT devices to specific vulnerabilities
Firmware Analysis & Exploitation
  • Mounting file systems
  • Firmware analysis
  • Using Binwalk: Identifying hardcoded vendor “secrets”
  • Emulating firmware binary
  • Firmware analysis toolkit - using firmware emulation
Exploiting Web Application Vulnerabilities on IoT Devices
  • OWASP IoT Top 10
  • Exploitation with Burp Suite
  • Exploitation using command injection
  • Exploitation using brute force
  • Exploitation with CSRF
  • Extracting vendor credentials
Using Physical Tools for IoT Exploitation
  • Reconnaissance basics
  • Identifying serial interfaces
  • Identifying pinouts with multimeter
  • UART
  • NAND attack
  • JTAG
  • Identifying JTAG pinouts
  • Using JTAGulator
  • Debugging with JTAG
  • USB-TTL
SDR (Software-Defined Radio) Based IoT Exploitation
  • Introduction to SDR
  • Radio communication analysis
  • Attacking protocols
  • RTL-SDR
  • Capturing FM signals
  • Analyzing wireless signals
  • Extracting text from signals
  • Attacking RF (radio frequency)
  • Introduction to RF
  • RF traffic analysis
  • RF replay attack
  • HackRF

Prerequisites

  • Solid knowledge and experience in infrastructure security and network penetration testing
  • Familiarity with Linux
  • Basic assembly
  • Familiarity with web-app penetration testing – an advantage

Upcoming Meetings

Learning how to locate vulnerabilities and exploit IoT devices on 3 different layes: hardware, software and application."
Download Full Syllabus

Target Audience

    • Israel
    • Poland
    • USA
    • Russia
    • India
    Skip to content