Course Description
Course contents
- Introduction to IOT
- IOT Architecture
- IoT attack surface
- Expliot – IoT exploitation framework
- Intorduction
- Architecture
- Test Cases
- IoT Protocols Overview
- MQTT
- Introduction
- Protocol Internals
- Reconnaisance
- Information leakage
- DOS attacks
- Hands-on with open source tools
- CoAP
- Introduction
- Protocol Internals
- Reconnaissance
- Cross-protocol attacks
- Hands-on with open source tools
- Understanding Radio
- Signal Processing
- Software Defined Radio
- Gnuradio
- Introduction to gnuradio concepts
- Creating a flow graph
- Analysing radio signals
- Recording specific radio signal
- Replay Attacks
- Radio IoT Protocols Overview
- Zigbee
- Introduction and protocol Overview
- Reconnaissance (Active and Passive)
- Sniffing and Eavesdropping
- Replay attacks
- Hands-on with RZUSBstick and open source tools
- BLE
- Introduction and protocol Overview
- Reconnaissance (Active and Passive) with HCI tools
- GATT service Enumeration
- Sniffing GATT protocol communication
- Reversing GATT protocol communication
- Read and writing on GATT protocol
- Cracking encryption
- Hands-on with open source tools
- Mobile security (Android)
- Introduction to Android
- App architecture
- Security architecture
- App reversing and Analysis
- ARM
- Architecture
- Instruction Set
- Procedure call convention
- System call convention
- Reversing
- Hands-on Labs
- Device Reconnaissance
- Firmware
- Types
- Firmware updates
- Firmware analysis and reversing
- Firmware modification
- Firmware encryption
- Simulating device environment
- Conventional Attacks
- External Storage Attacks
- Symlink files
- Compressed files
- IoT hardware Overview
- Introduction to hardware
- Components
- Memory
- Packages
- Hardware Tools
- Bus Pirate
- EEPROM readers
- Jtagulator/Jtagenum
- Logic Analyzer
- Attacking Hardware Interfaces
- Hardware Reconnaissance
- Analyzing the board
- Datasheets
- UART
- What is UART
- Identifying UART interface
- Method 1
- Method 2
- Accessing sensor via UART
- Brute-forcing Custom consoles
- I2C
- Introduction
- I2C Protocol
- Interfacing with I2C
- Manipulating Data via I2C
- Sniffing run-time I2C communication
- Introduction
- SPI
- Introduction
- SPI Protocol
- Interfacing with SPI
- Manipulating data via SPI
- Sniffing run-time SPI communication
- Introduction
- JTAG
- Introduction
- Identifying JTAG interface
- Method 1
- Method 2
- Extracting firmware from the microcontroller
- Run-time patching the firmware code
- Live Debugging of the system
- Identifying JTAG interface
- Introduction
- Hardware Reconnaissance
Target audience
- Penetration testers tasked with auditing IoT
- Bug hunters who want to find new bugs in IoT products
- Government officials from defensive or offensive units
- Red team members tasked with compromising the IoT infrastructure
- Security professionals who want to build IoT security skills
- Embedded security enthusiasts
- IoT Developers and testers
- Anyone interested in IoT security
Requirements
- Basic knowledge of web and mobile security
- Knowledge of Linux OS
- Basic knowledge of programming – python
Hardware/Software Requirements
- Laptop with at least 50 GB free space
- 8+ GB minimum RAM (4+GB for the VM)
- External USB access (min. 2 USB ports)
- Administrative privileges on the system
- Virtualization software – Latest VirtualBox (5.2.X) (including Virtualbox extension pack)
- Linux host machines should have exfat-utils and exfat-fuse installed (ex: sudo apt-get install exfat-utils exfat-fuse).
- Virtualization (Vx-t) option enabled in the BIOS settings for virtualbox to work
What attendees will be provided With
- Commercial IoT Devices for hands-on (only during the class)
- DIVA – IoT: custom vulnerable IoT sensor Testbed for hands-on (only during the class)
- Hardware tools for sensor analysis for hands-on (only during the class)
- eXos VM – Platform for IoT Penetration testing
- Training material/slides
- Practical IoT hacking Lab manual PDF
What to expect
- Hands-on Labs
- Reversing fun
- Getting familiar with the IoT security
- This course will give you a direction to start performing pentests on IoT products
What not to expect
- Becoming a hardware/IoT hacker overnight. Use the knowledge gained in the training to start pentesting IoT devices and sharpen your skills.
Trainer Biography
Aseem Jakhar is the Director, research at Payatu payatu.com a boutique security testing company specializing in IoT, embedded, mobile and cloud security assessments. He is well known in the hacking and security community as the founder of null – The open security community, registered not-for-profit organization http://null.co.in and also the founder of nullcon security conference nullcon.net and hardwear.io security conference http://hardwear.io He has worked on various security software including UTM appliances, messaging/security appliances, anti-spam engine, anti-virus software, Transparent HTTPS proxy with captive portal, bayesian spam filter to name a few. He currently spends his time researching on IoT security and hacking things. He is an active speaker and trainer at security conferences like AusCERT, Black Hat, BruCON, Defcon, Hack In The Box, Hack.lu, Hack in Paris, PHDays and many more. He is the author of various open source security tools including:
- ExplIoT – An open source Internet Of Things Security Testing and Exploitation framework – https://bitbucket.org/aseemjakhar/expliot_framework
- Linux thread injection kit – Jugaad (https://bitbucket.org/aseemjakhar/jugaad) and Indroid (https://bitbucket.org/aseemjakhar/indroid) which demonstrate a stealthy in- memory malware infection technique.
- DIVA (Damn Insecure and Vulnerable App) for Android which gamifies Android App vulnerabilities and is used for learning Android Security issues. https://github.com/payatu/diva-android
- Dexfuzzer – Dex file format Fuzzer. https://bitbucket.org/aseemjakhar/dexfuzzer/src
Arun Magesh works as IoT Security Researcher at payatu and has worked on numerous smart devices pentest in the past couple of years. With an electrical engineering academic background, he serves as a core committee member for several IoT local chapters and hackerspaces in India, where he regularly delivers talks and hands-on workshops. He has 5+ years hands-on experience in both building and breaking IoT devices and has been previously awarded for India’s Top 25 under 25 technologist and also a Intel Software Innovator. His main focus area in IoT is embedded device and SDR security. He has also build and contributed to a number of projects such as Brain-Computer interfacing and Augment Reality solutions. He has delivered training to numerous governmental and private organizations around the globe.