Offensive IoT Exploitation



Introducing Offensive IoT Exploitation 2.0, the only IoT Security training course proven over 4+ years with over 1000+ students in 15 countries.

10+ Hours of Training Material

IoT Exploitation Learning Kit

Certification Examination

Including the proven, step-by-step formula that takes you from “having no experience of IoT security assessment” to “finding and exploiting vulnerabilities in real-world IoT devices”. Then the tested techniques and to effectively exploit the devices through hardware, software, and radio-based attacks.

Finally... the "all-in-one" course that just works:

  • Even if…you don’t have any prior experience working with the Internet of Things

  • Even if…you don’t have a background in Electronics or Digital Signal Processing

  • Even if… you have no idea where to start or have any IoT tools and devices

Let's face it - Learning IoT Security is not easy; there are many challenges that you would face; everything ranging from tools not working as intended to devices getting bricked. It takes months to even figure out the different moving parts and where to invest your valued time and effort. 

You see, IoT is not a single thing, instead, it’s a combination of embedded devices, web and mobile apps, backend application, firmware and radio communication protocols. Each of these components could take years to master. That does not mean that you spend months to get familiar with each component at a time. If that is the case, it would take you years to become an IoT pentester with an understanding of all the components in the IoT ecosystem. 

Finding out where to invest your time in to learn IoT pentesting is a task in itself. How much should you learn when it comes to ARM binary reversing vs how much time you should dedicate to analyzing PCBs? Things like these. 

What about figuring out which devices or platforms to use to learn IoT security? Do you believe reading blog posts and articles here and there or watching just conference videos to learn is the best option out there. Sure, they work, they have worked for me (and many others), but why would you want to reinvent the wheel and go down the rabbit hole of one topic after another without knowing what you are doing and without a structured approach?    

What if there’s a much better, easy-to-follow, structured learning option available with all the support and guidance you require to become an expert IoT pentester?

Course Overview

After tons of research and conducting 100+ IoT device pentests so far, we have put a training together which will teach you how to pentest IoT devices."Offensive IoT Exploitation" is an IoT hacking class where we take an offensive approach to break the security of so-called "smart devices". 

It's a 5-day action packed class which we have converted to an online self-paced version covering a number of topics including Embedded Device Hacking, Firmware Reverse Engineering, Binary Exploitation, Radio, BLE, ZigBee exploitation and more. 

The training puts special emphasis on learning-by-doing, which means that in the three days, you will get a chance to attack and pwn various real-world devices through the skillsets taught by the instructor. 

More importantly, you will have access to the virtual machine, the hardware tools and devices that we use during the class and a support channel for any post-training questions.

  • 10+ hours of HD training videos with cutting-edge content with practical IoT exploitation education (no fluff)

  • Access to the private Slack group to get answers to any questions you might face while (or after) going through the class

  • All class labs, virtual machine with pre-configured tools and a mammoth 1000+ pages slides in PDF format 

  • Lifetime access to the training class with all future updates - any future content updates will be accessible for you 

  • Prepares you for the Certified IoT Penetration Tester examination which will allow you to prove your IoT exploitation skills

What is covered in Offensive IoT Exploitation?


In this module, we start by understanding the Internet of Things, what they are, how they behave and the underlying components which make up the IoT Ecosystem. 

We also have a look at the Attack Surface Mapping, which is the process of identifying a device architecture and preparing a detailed spreadsheet including all the information about the device, the possible vulnerabilities and the test cases that we will perform to identify the vulnerabilities. 

We also look into some of the previous vulnerabilities and their case studies of why the devices were vulnerable and the techniques you could use to identify vulnerabilities like those, which you will learn in the upcoming modules. 

Even if you have no prior background of Internet of Things or IoT Security Assessment, this module is the perfect starting point for you in the world of IoT security exploration. 


The first component of IoT exploitation that we cover is Firmware based vulnerabilities. Here, we go through a number of different firmware to learn techniques like file system extraction, emulation, debugging, modifying firmware binaries, backdooring them, static analysis and so on. All of the files and binaries used for this section are available in the virtual machine, which will be provided to you when you register for the class. 

We also put special attention here to not only illustrate the vulnerabilities which are specific to these firmware, but also how to get an understanding of where things could go wrong in the firmware development process of IoT devices, and how you, as an IoT Security Researcher, can find and exploit those vulnerabilities.


Once you have played around with the device a bit and had a look at the firmware, the next step for a pentester or a security researcher is to find vulnerabilities in the individual binaries within the firmware file system. A vulnerability could be an easily identifiable one such as hardcoded values or it could be something like a buffer overflow or it could be something as tricky as a vulnerability that requires gadget-hunting and ROP exploitation techniques – we will cover all of them in this module. 

This module will also give you a background about ARM and MIPS architecture types, which are the two most common processor architecture you will see in IoT devices around you. You don’t need to think in assembly or be an assembly guru to write ROP exploits, but just a good understanding of the fundamentals and a clear goal of what you want to achieve will make you unstoppable at exploiting software flaws.


This module is where we unleash the demons. We take an IoT device, open it up, find specs, look at the chipsets, find what the chipsets do, interact with the chipsets, dump data from the flash chips, debug using JTAG, get root access using UART and tap into the busesYes, this module does holds a lot of content and is also one of the most fun and exciting sections of the course. 

Especially if you have never worked with hardware before, you are in for a joy ride. You will be able to get rid of your fear of working with embedded devices in this module and emerge as someone who can look at an IoT device’s PCB and know what to do next.

Even if you have played with hardware and electronics in the past, this module will give you an entirely new perspective to look at Embedded devices by putting the pentester glasses on. For instance, if you now notice a flash chip, the first thing that will come to your mind would be – oh, let’s dump the firmware. Or by looking at the PCB, you might say that this looks like a JTAG interface, let me get my setup, and we will go JTAG debugging.

All the devices, tools, and targets that we use in this module come along with the IoT Exploitation Learning Kit, which is a part of the full Offensive IoT Exploitation bundle.


The last, final, and most powerful of all modules, because radio-based communication and exploitation techniques allow you to take control of devices remotely. Here we will look at how do we capture raw radio signals, look at the frequency spectrum, find the bursts of data, use GNURadio to build radio processing blocks and then see the actual data hidden behind those raw radio bits

Even if you do not have a background in Digital Signal Processing, this module will make you venture into the world of radio signals and use different techniques to visualize and process the data, and even perform various attacks. We will cover three different types of radio communications in this module – the raw radio communication, Bluetooth Low Energy (BLE), and ZigBee. We will take over devices such as a Smart Lock, a BLE Light Bulb and some of our own custom build setups. This module provides you with everything you need to perform vulnerability discovery and exploitation of real-world IoT devices using radio techniques

This stuff works... 

The above is one of the very first times we ran the training class at BlackHat USA. 

What happened next year -

We had over 100+ people in 2 batches in the 2-day version of the class. 

With $0 invested in marketing, just word of mouth. 

We know what we are talking about

We are not just a training provider; we actually use the stuff that we teach. We use the learning and findings from our IoT Penetration testing engagements and incorporate it in the training class. The Offensive IoT Exploitation has been built by a team of penetration testers who have been involved in IoT pentests of devices from different industries and verticals. 

In other words, this training course is years of penetration testing experience of a varied range of IoT devices squeezed into over 10 hours of teachings. If you were to look inside our mind of what we learned by being involved with over 100 companies finding vulnerabilities in their products and suggesting recommendations, you will find what is covered in the training class. 

And that is why we created the Offensive IoT Exploitation training class and certification bundle.

We brainstormed and tried to identify the problems faced by the individuals who attend InfoSec training and figured out that:

Most of the training courses out there are there to just make money and not with the genuine intention of teaching in a way that benefits the attendee in the long-term. 

Many training courses are just instructors showing off their knowledge and showing that they are the experts or “gurus” and over-complicate even the basic concepts.

Some of the most expensive training classes ($5000 and above) make it difficult to adjust to your training budget. On top of that, it’s a hit and miss, if the training class was unsatisfactory, you have your entire training budget spent on a single class without actually getting anything out of it.

There are so many online training courses available but they fail to work when it comes to the Internet of Things - especially when you are the kind of person that wants to learn about the practical aspect of things rather than just a theoretical 10,000-foot view.Pretty much all of the courses out there focus on the wrong thing.

Live classes have a very short time duration to learn, analyze, process and perform with very little time left to clear doubts of the learner.

Once we built the first version of the course, we then tested with our new employees who had very little to no prior IoT security experience and used it to train them on the Internet of Things security. 

The results blew us away. The training course worked, and the employees were able to learn not only how to pentest IoT devices, but during real-world engagements, they were able to come up with their own new exploitation techniques and craft tactics. 

The “Offensive IoT Exploitation” training course is not just a class teaching you the technical aspects of IoT penetration testing, but rather a journey where you evolve as a penetration tester and get to learn new perspectives about how you can approach IoT Security and build your career around it.  

When you join the class, one of the first things you will receive is an exclusive Slack invitation. This allows you to ask any questions or doubts you have regarding anything related to IoT security. These discussions are an integral part of what the Offensive IoT Exploitation is. 

Offensive IoT Exploitation also includes lifetime access including any future updates to the content in the training class. This means, when let’s say after 6 months a major vulnerability in IoT devices gets discovered in the security community, it will be included in the training content in easy-to-follow step-by-step videos.

Offensive IoT Exploitation is FOR you if...

  • You are willing to become a real-world IoT Pentester or Security Researcher

  • You are willing to go through all the videos in the training class

  • You are willing to perform the labs and hands-on exercises

  • You are willing to try and willing to fail a few times to find vulnerabilities and 0-days in target IoT devices

  • You are willing to clarify your doubts and queries whenever you encounter one

What Can I Achieve with Offensive IoT Exploitation

A lot of our past students have gotten salary hikes up to $20,000 by just switching to IoT Pentesting after taking the training class. Are you planning to move to an IoT pentesting role or take on some IoT pentesting gigs? Or maybe write a research paper on one of the Internet of Things components after taking the class? Or maybe present a talk or training at a major security con? Even finding 0-days? How would achieving milestones like that be worth to you? 

But what if you did not take the training class? If you were to do nothing and continue doing what you are doing now, do you think there would be a significant difference in your life be after 6 months or a year? 

A lot of us are comfortable with where we are now, what we are doing and what we are working on. I don’t blame you if you are like this. In fact, to be honest, I was just like you and soon realized that I have stopped evolving. Most of my close friends in the infosec industry were getting better roles and were able to achieve their professional goals. But not me. 

Then I decided that instead of being comfortable, why not try something which challenged me- after all that is how we all grow – be it professionally or personally. I decided that I will start learning the basics of the Internet of Things as one the most up-coming and exciting (it even is now) areas in the security industry. 

The first challenge that I faced was not enough resources available from where I could learn about IoT security. There were hardly any courses on the security of the Internet of Things, just a couple of conference talks and presentations. Then there were quite a handful of articles and blog posts, however when I tried it out something or the other didn’t work and I struggled to find my way through. 

I wish there were a course or training which taught from the basics to get me ready for real-world IoT Security Research. 

So I did whatever I could… 

I went through all the books I could find about the Internet of Things or one of the components such as Bluetooth Low Energy. 

I flew to 3 different continents to attend private training classes (spent over $20K+) and even bought everything I could find online which had even one module about the security of IoT devices. 

At one point in time, I even hired a Korean to English translator and attended training in S. Korea on Embedded Device security. 

I invested all the time I had over the next 8 months in performing research using everything, and bought different routers, IP Cameras, any IoT device I could find within a $100, bricked many of those (unintentionally), encountered white smoke coming during hardware security research and in the process learnt many techniques on how these devices could be exploited and what different attacks are possible. 

I started offering free IoT device pentesting to some local companies to apply my skillsets to real-world devices which gave me further exposure especially how to do a security assessment in the most effective way possible within a limited duration of time. 

Things have come a long way from there and we (at Attify) have performed 100s of IoT device pentests in the last few years. 

But the point is.. I took a decision and a step towards a goal. 

What if you took a step today, the first step to getting yourself started? 

From there, it is just momentum. The momentum often takes us long ways. It’s just the 1st step which seems like a mountain, creates all the infinite thought processes in the head. 

The Offensive IoT Exploitation has so far helped 1000s of students in their professional career, and I can guarantee you, it will do that to you too. 

I know what it takes to succeed in IoT Security. 

I started just like you, but in the past 5 years, I have led 100s of pentests, worked with clients ranging from VC-funded startups to Fortune 500s, delivered talks and training in 10+ countries and at some of the biggest conferences in the world including many times at BlackHat USA, DefCon, OWASP AppSec and many more. I have also authored two books on IoT Security - IoT Hackers Handbook and IoT Pentesting Cookbook - both huge successes. It was a lot of hard work, countless hours in front of the laptop, a lot of head-scratching and most importantly, dedication. 

You don’t have to re-invent the wheel. 

You don’t need to figure out every little detail. I have already done all of that for you, and more. And I have put everything together with the help of my team to deliver you the finest and the most cutting-edge training on the Internet of Things Security available on the planet. This is the exact framework that I have used to teach my team. Which is now available to you. 

Items included in the Offensive IoT Exploitation Bundle

Here's everything that is included in the Offensive IoT Exploitation Training Bundle: 

10+ Hours of High-Definition video training on Offensive IoT Exploitation

The Offensive IoT Exploitation training available in video format is 5 days of training content of a live training class. We have conducted short 2-day versions of this class at conferences like BlackHat and OWASP AppSec where people have paid up to $3000 to attend the training class. You will receive not only the current training material but also free access to all future updates to the class.

$4500 value

IoT Exploitation Learning Kit (The Complete Edition)

The IoT Exploitation Learning Kit is our flagship learning kit that includes all target devices to perform the exploitation exercises, hardware gear to perform security assessments and a step-by-step lab manual. The IoT Exploitation Learning kit saves you countless hours purchasing and testing various target devices and assessment tools.

$1555 value

Pre-configured virtual machines with all the software labs

To quickly get you started with the training course without you having to set up all different tools and spend hours, you will instantly receive a training lab VM which includes all the lab exercises and pre-configured tools to go through the training class.

Certified IoT Penetration Tester certification

When you take the bundle, you will also receive a complimentary examination attempt for the Certified IoT Penetration Tester certification. This certification will allow you to prove your skill-set as an IoT pentester to the outside world including potential employers.

$449 value

If you add the above, the price of all the items combined, it comes to be $6504.

On top of all of the above listed items, you will also receive: 

3-year access to a private Slack group to mentors and peers 

If you get stuck in any of the labs or need a doubt cleared or just discuss something, you could ask it in the private group which includes the course creator, mentors and your peers who have taken the training class. A community like this is crucial to your success as an IoT pentester and security researcher because you’ll be looking at things from not just your perspective, but rather have ideas from 100s of members with different backgrounds. 

What do you think that would be worth? To not spend countless hours looking for answers when you’re stuck with an issue stopping you from moving forward? To not have to feel clueless when some of your commands or a certain tool or script is not working as it’s supposed to? What about the feeling of not being clueless about IoT pentesting anymore?

All of the above, for a single one-time fee of $2697.  

The single payment will grant you access to all of the above. Five years ago, I was getting started with IoT Security. Today, I run a successful IoT Penetration testing and training company, have delivered talks, workshops, and training at conferences like BlackHat and Defcon, authored two books on Internet of Things Security and pentested 100s of IoT products. The last run of this training class at BlackHat, around 150 people attended the training class by paying up to $3000 for the 2-day class.


The InfoSec MasterClass

Secrets of Running Your Own Pentesting Agency

A course on the non-technical aspects of running an InfoSec agency offering penetration testing services to your clients. This course teaches you what no other course in the industry does. 

You will learn how to: 

Spot opportunities for pentesting based on public research and private reach-outs 

How to draft your pentesting proposal email 

Crafting the perfect pentest engagement proposal and SoW 

Building your brand in a crowded space and capturing leads 

How to turn leads to clients, and retain them forever

Structuring your pentests and offering transparency – The Ninja Pentest Methodology 

How to play the pricing game – The Secret Ladder Technique

Building a business that thrives 

Hiring, Firing, and Culture 

All of this comes from our personal experience of running a 7-figure agency offering penetration testing services and training to our clients. Unlike what most people think, you do need a marketing machine to fuel your technical business – be it for an organization or for your side gigs.This course will open the floodgates of consistent pentesting clients for you. 

Launching in Jan 2020, The InfoSec MasterClass is priced at $699. But if you order the Offensive IoT Exploitation Master Bundle now, this course is absolutely free for you and you’ll be the first ones to get access to this training class. 

What do people have to say about the class?

"I spent 3 years in Mobile/IoT security research at HP. After reviewing Aditya's IoT class, I am supremely impressed!" - Jason Haddix, VP of Trust and Security @Bugcrowd

"Course has something for everyone!"  

- Kavya Racharla, Lead Security Researcher - Wearables, IoT and Cognitive computing at Intel

"Best training ever + tremendous insight-10/10" 

- Jesus Pena Garcia, CEO, BitBank


"I really enjoyed that we were provided a VM-image, so we could start immediately. The VM contains all the tools and exercises you need during the training. Personally, I remember and learn new study matter better when I do exercises. 

That’s why I value the hands-on course so much, several months after the course I still use some neat tricks and tools I learned during the training. 

The examples used during the training of an IoT webcam and a door-lock were a proof for me that the course is as real-life as possible. No cheesy school examples :) Do whatever you can to get a seat!  " 

Vincent Cox, Application Security Specialist at ZIONSECURITY

Frequently Asked Questions

What if I’m not a pentester or from a security background? Will I still be able to go through the course?

Yes. The Offensive IoT Exploitation training class bundle is designed in a way so that anyone without a security background can smoothly go through the course and perform all the labs. That’s also one of the goals of the class – to start from the very basics and gradually get you ready for real-world pentests.

What if I'm a university student?

If you are a current university student, we offer a 15% discount. The kit will help you kickstart your IoT Security journey and prepare you for a career in IoT penetration testing and security research.

What if I'm a university professor?

If you are a university professor, we also offer worksheets and guidance, allowing you to run classes for your students using the Offensive IoT Exploitation class content and the IoT Exploitation Learning Kit.Depending on the number of kits you would like to purchase, we offer group discounts for the same.

What if I’m from the government? Do you have special programs or offers?  

We offer a 15% discount for all federal and state government agencies after verifying a valid ID. We also provide customized on-site training (offensive and defensive) if you have a group of 5+ people who would like to join the training class.

What if I’m not sure if I’ll be able to finish the course?  

To complete the course and go through all the lab exercises, you would need to spend a few hours spread over a few days going through the lab exercises. The course is self-paced, and you get lifetime access to all the training content and physical kit. We also offer a Slack discussion group for you to ask your doubts and queries you may have when you go through the class.

Do you guarantee that I will get a $100k+ job by joining this course?  

Even though many of our past students have achieved high-paying jobs and bug bounties after going through the training class, we do not guarantee any earnings or payouts from the training class. The training class will yield amazing results only after you put in the hard work and dedication required.

How do I know if I need this course?  

If you plan to become an IoT Security Researcher, Penetration Tester, Bug Bounty Hunter or upgrade your skillsets for the same, this class is the best training class for you available anywhere. Even if you just want to learn more about IoT Security, this class will offer insights unparalleled to any other course in the industry.

Do you have any payment plans available?  

Unfortunately, we do not offer any payment plans as of now. However, if you would like to pay using alternate forms of payment - such as using a wire transfer or PO, please reach out to us. 

What about refunds?  

Our Offensive IoT Exploitation training class bundle is eligible for partial refunds. If, for any reason, you think the course is not right for you, you could return the IoT Exploitation Learning Kit using a trackable shipping provider without any damage and in the original packaging to the shipping address provided to you. Once we receive the kit and verify it to be undamaged, we will refund you the cost of the IoT Exploitation Learning Kit and Certification (if you have not taken the certification exam yet). Please note that we do not offer refunds for the online class – Offensive IoT Exploitation training, and only for the physical kit and certification.

Where do you ship from and when can I expect my orders to be delivered?  

We ship all orders from Silicon Valley, California (US) using USPS Priority and FedEx for domestic shipments, and DHL for international orders. All orders are shipped within two business days of you placing the order. International orders take around 3-5 business days to arrive at the destination.Please note that we do not handle custom clearance and duties if any.

How is Offensive IoT Exploitation different from IoT Exploitation Learning Kit?  

Offensive IoT Exploitation is the online 10+ hour of video training. IoT Exploitation Learning Kit is the physical kit that contains all the tools, targets, and devices. The videos in the IoT Exploitation Learning kit are lab demos/walkthroughs of the exercises. The Offensive IoT Exploitation Bundle contains both the Offensive IoT Exploitation training as well as the IoT Exploitation Learning Kit.

How long will this course take?  

You have access to the entire course as soon as you enroll, but you can go at your own pace. To go through the course material and complete all of the exercises, expect to spend around 1-2 weeks.