Early bird registration rate ends on the 13th of January
“The great power of Internet Of Things comes with the great responsibility of security”. Being the hottest technology, the developments and innovations are happening at a stellar speed, but the security of IoT is yet to catch up. Since the safety and security repercussions are serious and at times life threatening, there is no way you can afford to neglect the security of IoT products.
“Practical Internet Of Things Hacking” is a research backed and unique course which offers security professionals, a deep understanding of the core of IoT Technology and the underlying vulnerabilities. The extensive hands-on labs enable attendees to master the art, tools and techniques to find-n-exploit or find-n-fix the vulnerabilities in IoT, not just on emulators but on real smart devices as well.
The course specifically focuses on the security issues and attacks on evolving IoT technologies including widely used IoT protocols and platforms in various domains such as home, enterprise and Industrial Automation. It covers grounds-up on various IoT protocols including internals, specific attack scenarios for individual protocols and open source software/hardware tools one needs to have in their IoT penetration testing arsenal. We also discuss in detail how to attack the underlying hardware of the sensors and the connected mobile apps using various practical techniques.
Throughout the course, We will use DRONA, a VM created by us specifically for IoT penetration testing. DRONA is the result of our R&D and has most of the required tools for IoT security analysis. We will also distribute DIVA – IoT, a vulnerable IoT sensor made in-house for hands-on exercises.
The “Practical IoT Hacking” course is aimed at security professionals who want to enhance their skills and move to/specialise in IoT security. The course is structured for beginner to intermediate level attendees who do not have any experience in IoT, reversing, mobile security or hardware.
• Introduction to IOT
• IOT Architecture
• Identify attack surfaces
IoT Protocols Overview
• MQTT
• Introduction
• ProtocolInternals
• Reconnaisance
• Information leakage
• Hands-on with open source tools
• CoAP
• Introduction
• ProtocolInternals
• Reconnaissance
• Cross-protocol HTTP attacks
• Hands-on with open source tools
• M2MXML
• Introduction
• m2mxmlformat
• Security isssues
Industrial IoT Protocols Overview
• Modbus
• Introduction and protocol Overview
• Reconnaissance (Active and Passive)
• Sniffing and Eavesdropping
• Baseline Response Replay
• Modbus Flooding
• Modifying Coil and register values of PLC
• Rogue Interloper (PLC)
• Hands-on with open source tools
• S7comm
• Introduction and protocol Overview
• Reconnaissance (Active and Passive)
• Sniffing and Eavesdropping
• Uploading and downloading PLC programes
• Start and Stop plc CPU
• Dumping and analysis of Memory
• Hands-on with open source tools
• CanBus
• Introduction and protocol Overview
• Reconnaissance (Active and Passive)
• Sniffing and Eavesdropping
• Replay Attack
• Packet Forging attack
• Hands-on with open source tools
Understanding Radio
• SignalProcessing
• Software Defined Radio
Gnuradio
• Introduction to gnuradio concepts
• Creating a flow graph
• Analysing radio signals
• Recording specific radio signal
• Replay Attacks
• Reverse engineering OOK radio signals to extract communication data
• Generating a signal
• Hands-on with a wireless key fob and/or door bell
Radio IoT Protocols Overview
Zigbee
• Introduction and protocol Overview
• Reconnaissance (Active and Passive)
• Sniffing and Eavesdropping
• Replay attacks
• Encryption Attacks
• Packet Forging attack
• Zigbee hardware analysis
• Hands-on with RZUSBstick and open source tools
• Introduction to IoT Sensor hardware
• DeviceReconnaissance
• ConventionalAttacks
Firmware
• Types
• Firmware analysis and reversing
• Firmware modification
• Simulating device environments
External Storage Attacks
• Symlink files
• Compressed files
Hardware Tools
• BusPirate
• Jtagulator
• Logic Analyzer
Attacking Hardware Interfaces
Hardware Components Reconnaissance
UART
• WhatisUART
• Identifying UART interface
• Method 1
• Method 2
• Accessing sensor via UART
I2C
• Introduction
• I2C Protocol
• Interfacing with I2C
• Manipulating Data via I2C
• Sniffing run-time I2C communication
SPI
• Introduction
• SPI Protocol
• Interfacing with SPI
• Manipulating data via SPI
• Sniffing run-time SPI communication
JTAG
• Introduction
• Identifying JTAG interface • Method 1
• Method 2
• Run-time analysis and data extraction with openocd
Sidechannelattacks
• Clock Glitch Attack
• VCC Glitch Attack