After tons of research and conducting 100+ IoT device pentests so far, we have put a training together which will teach youhow to pentest IoT devices.
"Offensive IoT Exploitation" or "Practical IoT Exploitation" is an IoT hacking class where we take an offensive approach to break the security of so-called "smart devices". It's a 3-day action packed class covering a number of topics includingEmbedded Device Hacking, Firmware Reverse Engineering, Binary Exploitation, Radio - BLE and ZigBee exploitation and more.
The training puts special emphasis on learning-by-doing, which means that in the three days, you will get a chance to attack and pwn various real-world devices through the skillsets taught by the instructor. There will be no hand-holding, and this class is not for the ones who don't want to perform the exercises in class.
TheDay 1of the training starts with you getting familiar with the various internal concepts of IoT security architecture, previous vulnerabilities and case studies in IoT devices and takes you all the way through getting firmware for a given target device, reverse engineering it, finding security issues and exploiting them. You will learn concepts such as ARM and MIPS exploitation, Firmware extraction and debugging, Firmware emulation and more.
Day 2is where things start getting hardcore. The day starts with you taking apart a real world IoT device to understand the underlying circuit boards, its various components and using that knowledge to get a root shell on the device. The exploitation does not end there! You will also learn about topics such as UART exploitation, JTAG debugging and dumping flash chip contents from a device. All of this will be taught with actual labs and handouts so that you are able to grasp 100% of what is taught in the class, and apply it to any IoT device you encounter.
Finally, the Day 3 contains everything that you need to attack devices remotely! Be it Bluetooth Low Energy Exploitation or sniffing and attacking ZigBee devices or even creating your custom radio - we've got it covered! With a combination of labs and exercises, you will learn what it takes for a real-world highly targeted attacker to break into an IoT device.
THAT'S NOT ALL!
Once the training is over, you will still have access to the video lectures, course contents, lab manual and slack channel for discussions, all because, WE WANT YOU TO BE AN IOT SECURITY PENTESTER!
We have seen this class change lives of so many people in the past, when we taught this course at conferences such as BlackHat USA, OWASP AppSec, HackFest and many more, including private organizations and three letter agencies. We know that this stuff works. Period.
Our instructors have even written books on IoT Security - you will even be getting signed copies of those if you register early!
Finally, this class is not just a training class. It's an experience where we want you to get the most out of it. We want you to dedicate 3 days of your life, living, breathing and learning IoT security - and rest assured, we will deliver what people say as "The best training of their lives in security".
Still not convinced? Take a look at our blog and see if this is something that interests you. If yes, come back here and sign up for the class. Remember, the registrations are only online and we don't accept last-minute registrations. Look forward to seeing you in the class!
After the class, the attendees will be able to:
Extract and analyze device firmware
Debug and Disassemble binaries
Exploit UART, SPI and JTAGs
JTAG debugging, exploitation
Dump firmware through various techniques
Debug hardware and software
Analyze security of MQTT, CoAP and M2MXML protocols
Attack cloud and mobile component of an IoT device
Sniff, Replay, MITM and Attack Radio communications
BLE and Zigbee exploitation
ARM and MIPS Reversing
Conventional and Unconventional attack techniques
Write exploits for the platforms and more.
All the above-mentioned topics are taught in extremely hands-on lab-based practical sessions.