Attify Store

Sold out

ABOUT THE COURSE

 

After tons of research and conducting 100+ IoT device pentests so far, we have put a training together which will teach you how to pentest IoT devices.  

 

"Offensive IoT Exploitation" or "IoT Security for Pentesters (online class)" is an IoT hacking class where we take an offensive approach to break the security of so-called "smart devices". It's an action packed class covering a number of topics including Embedded Device Hacking, Firmware Reverse Engineering, Binary Exploitation, Radio - BLE and ZigBee exploitation and more.

 

The training puts special emphasis on learning-by-doing, which means that you will get a chance to attack and pwn various real-world devices through the skillsets taught by the instructor.

 

The training starts with you getting familiar with the various internal concepts of IoT security architecture, previous vulnerabilities and case studies in IoT devices and takes you all the way through getting firmware for a given target device, reverse engineering it, finding security issues and exploiting them. You will learn concepts such as ARM and MIPS exploitation, Firmware extraction and debugging, Firmware emulation and more.

 

Next module is where things start getting hardcore. The module starts with you taking apart a real world IoT device to understand the underlying circuit boards, its various components and using that knowledge to get a root shell on the device. The exploitation does not end there! You will also learn about topics such as UART exploitation, JTAG debugging and dumping flash chip contents from a device. All of this will be taught with actual labs and handouts so that you are able to grasp 100% of what is taught in the class, and apply it to any IoT device you encounter.

 

Finally, the final modules contain everything that you need to attack devices remotely! Be it Bluetooth Low Energy Exploitation or sniffing and attacking ZigBee devices or even creating your custom radio - we've got it covered! With a combination of labs and exercises, you will learn what it takes for a real-world highly targeted attacker to break into an IoT device.

 

THAT'S NOT ALL!

 

Once the training is over, you will still have access to the video lectures, course contents, lab manual and slack channel for discussions, all because, WE WANT YOU TO BE AN IOT SECURITY PENTESTER! 

 

We have seen this class change lives of so many people in the past, when we taught this course at conferences such as BlackHat USA, OWASP AppSec, HackFest and many more, including private organizations and three letter agencies. We know that this stuff works. Period.

 

Finally, this class is not just a training class. It's an experience where we want you to get the most out of it. We want you to dedicate few days of your life, living, breathing and learning IoT security - and rest assured, we will deliver what people say as "The best training of their lives in security".

COURSE OUTLINE


After the class, the attendees will be able to:

  • Extract and analyze device firmware
  • Debug and Disassemble binaries
  • Exploit UART, SPI and JTAGs
  • JTAG debugging, exploitation
  • Dump firmware through various techniques
  • Debug hardware and software
  • Analyze security of MQTT, CoAP and M2MXML protocols
  • Attack cloud and mobile component of an IoT device
  • Sniff, Replay, MITM and Attack Radio communications
  • BLE and Zigbee exploitation
  • ARM and MIPS Reversing
  • Conventional and Unconventional attack techniques
  • Write exploits for the platforms
  • and more.

All the above-mentioned topics are taught in extremely hands-on lab-based practical sessions.

 

WHAT STUDENTS WILL BE PROVIDED WITH

 

IoT devices  

Attify's IoT pentesting VM

Printed Lab reference material and handouts

600+ slides (PDF Copy)

IoT Exploitation Learning Kit


WHO CAN ATTEND THIS COURSE

 

IoT Security Enthusiasts

Security Professionals and Penetration Testers

Embedded Developers