IOT Hacking Penetration Testing

IoT Hacking, Exploitation & Penetration Testing

Course Overview

IoT or the Internet of Things is the new buzzword all around and refers to a networked computing environment that enables devices able to monitor, record and report data, as well as allows users to interact with devices, perform actions remotely or use a stream of useful information when performing tasks.

However, not enough attention has been paid to the security aspect of these so-called “smart” devices. This course will help anyone interested, get started on IoT security and penetration testing of “smart” devices.

To assess the security of IoT devices, we must first understand the various components involved in it, and then identify what kind of security issues could affect each component and then look into each of them. That is exactly the approach candidate will be learning in this course.

This course covers and discusses IoT protocols, potential risks, vulnerabilities, exploitation, and data breaches.

Who Should Attend

The training seminar is ideal for those working in positions such as, but not limited to:

  • Penetration testers tasked with auditing IoT.
  • Team members tasked with compromising the IoT infrastructure.
  • Security professionals who want to build IoT security skills.
  • IoT Developers and testers.
  • Or, anyone interested in IoT security.

Pre-requisites

  • Basic knowledge of web and mobile security
  • Basic knowledge of Linux OS
  • Basic knowledge of programming (C, python) would be a plus

Course Duration

  • 40 Hours.

Course Content

Introduction to IOT

Understanding Embedded / IoT Linux Architecture

  • Embedded/IoT device architecture basics
  • Understanding the Boot Process
  • Multi-stage Bootloaders
  • Creating a custom toolchain with crosstool-NG
  • U-boot build and deep dive
  • Booting a device manually with u-boot
  • Kernel and Device Tree basics
  • Custom Kernel and DTB builds
  • Building the runtime C library (uClibc)
  • Building the root filesystem and BusyBox
  • Debugging the system over UART
  • Understanding Kernel mode rootkits
  • Embedded/IoT system constraints

Understanding IoT attack surface

IoT Protocols & Attack Methodologies

  • MQTT (Message Queuing Telemetry Transport) Protocol
  • CoAP (The Constrained Application Protocol) Protocol
  • CanBus Protocol

Radio IoT Protocols & Attack Methodologies

  • Zigbee Protocol
  • BLE (Bluetooth Low Energy) Protocol

Learning IoT Exploitation Framework

Mobile (Android) Penetrating Testing

Architecture & Attack Methodologies

  • ARM (Advanced RISC Machine) architecture
  • MIPS architecture

Understanding IoT Firmware & Attack Methodologies

External Storage Attacks

Understanding IoT hardware & Attack Methodologies

  • I2C(Inter-Integrated Circuit)
  • SPI(Serial Peripheral Interface)
  • UART(Universal Asynchronous Receiver-Transmitter)
  • JTAG(Joint Test Action Group)

Additional Topic: Pentesting using the Raspberry Pi

  • In this topic candidate will learn the basics of how to use the affordable Raspberry Pi as a penetration testing platform running Kali Linux.