About The Training

The great power of the Internet of Things comes with the great responsibility of security. Being the hottest technology, the developments and innovations are happening at a stellar speed, but the security of IoT is yet to catch up. Since the safety and security repercussions are serious and at times life-threatening, there is no way you can afford to neglect the security of IoT products. "Practical Internet of Things (IoT) Hacking" is a unique course that offers security professionals, a comprehensive understanding of the complete IoT Technology suite including, Radio IoT protocols, firmware, hardware, and their underlying weaknesses. The extensive hands-on labs enable attendees to identify, exploit, or fix vulnerabilities in IoT, not just on emulators but also on real smart devices. The course focuses on the attack surface on current and evolving IoT technologies in various domains such as home, enterprise Automation, etc. It covers the ground-up on various IoT protocols including internals, specific attack scenarios for individual protocols, and open-source software/hardware tools one needs to have in their IoT penetration testing arsenal. It also covers hardware attack vectors and approaches to identify respective vulnerabilities. Throughout the course, we will use Raspberry Pi which was created by us specifically for IoT penetration testing. We will also distribute DIVA – IoT, a vulnerable IoT sensor made in-house for hands-on exercises. The "Practical Internet of Things (IoT) Hacking " course is aimed at security professionals who want to enhance their skills and move to/specialize in IoT security. Godspeed!

Basic - Intermediate

Hardware:

• Introduction to IoT - IoT Architecture and IoT Attack Surfaces
• IoT Hardware Overview - Introduction to Hardware, Components, Memory and Packages, Hardware Tools needed for Hardware pen-testing arsenal
• Identifying the Attack Surfaces - Hardware Recon and Analyzing the PCB board, Reading Datasheets
• Hardware Debug Ports - Introduction and Importance
• Attacking UART - Introduction, UART pin/pad Identification Hands-on, Accessing UART Lab, Brute-forcing custom UART console Lab, Demo on Attacking Bootloader via UART
• Attacking JTAG Debug port - Introduction to JTAG, Identifying the JATG port hands-on Lab, Firmware Extraction from the Microcontroller Hands-on Lab, Run-time patching the firmware Hands-on Lab
• Attacking I2C Protocol - Introduction to I2C Protocol, Interfacing with I2C-based flash chips, Data extraction from the I2C Flash chips Hands-on Lab, Patching data on the I2C flash chips Hands-on Lab, Sniffing the I2C communication Hands-on Lab
• Attacking SPI Protocol - Introduction to SPI protocol, Interfacing with SPI protocol Lab, Firmware/Data extraction from the SPI flash chips Hands-on Lab, Patching data on the SPI flash chips Hands-on Lab, Sniffing the SPI communication Hands-on Lab

ARM:

• Overview & Architecture
• Processor Mode
• Register
• Instruction Set
• Data Processing Instructions
• Data Movement Instructions
• Control Flow instructions
• Stack Operations
• System call convention

Firmware:

• Basic Introduction
• Types of firmware
• Bare-Metal Firmware Introduction
• Static Analysis
• Reverse Engineering using Ghidra
• Instruction Set Identification
• Dynamic Analysis
• On-Chip Debugging (JTAG)

OS-Based Firmware:

• Introduction
• Static Analysis
• Firmware Extraction/Modification
• Credential Search
• Dynamic Analysis
• User space binary emulation

Radio IoT Protocols:

• BLE
• Introduction and Protocol Overview
• Reconnaissance (Active and Passive) with HCI tools
• Enumeration of BLE Services and Characteristics
• Sniffing BLE communication
• Reversing GATT protocol communication
• Read and write on the GATT protocol
• Fuzzing Characteristic values
• Walkthrough of recent BLE 5.x attacks

• Laptop with at least 50 GB of free space
• Prefer Windows or Linux system (Macs on Apple chips (m1 etc) will not work)
• 8+ GB minimum RAM (4+GB for the VM)
• External USB access (min. 2 USB ports)
• Administrative privileges on the system
• Remote access and control software- Latest VNC Viewer
• Virtualization software – Latest VirtualBox (6.X) (including VirtualBox extension pack)
• Virtualization (Vx-t) option enabled in the BIOS settings for VirtualBox to work

• Basic Knowledge of Hardware
• Knowledge of Linux OS

• Penetration testers tasked with auditing IoT Hardware or Analyzing Firmware
• Bug hunters who want to find new bugs in IoT products
• Government officials from defensive or offensive units
• Red team members tasked with compromising the IoT devices
• Embedded security enthusiasts
• IoT Developers and testers
• Anyone interested in IoT security

• Hands-on Labs
• Reverse Engineering
• Getting familiar with the IoT security
• This course will give you a direction to start performing pen tests on IoT product

1. Commercial IoT Devices for hands-on (only during the class)
2. DIVA - IoT: custom vulnerable IoT target for hands-on (only during the class)
3. Hardware tools for sensor analysis for hands-on (only during the class)
4. Training material/slides
5. Practical IoT Hacking Lab Manual PDF

Becoming a hardware/IoT hacker overnight. Use the knowledge gained in the training to start pen-testing IoT devices and sharpen your skills.