Exploiting IoT

A Comprehensive Coverage Of IoT Exploitation

The Internet of Things (IoT) is already one of the hottest technology trends currently. And in the near future the IoT ecosystem will explode with billions of devices going online. All of these devices are being developed to have some level of connectivity or the other – in a lot of the cases to the Internet! The progression in IoT is expected to offer services that goes beyond M2M (Machine-to-Machine) communications and is anticipated to herald automation in nearly all fields. Industrial product vendors and consumers are imagining connecting almost every thing to the Internet.

With the brisk development in IoT, security is often given very low priority. To address these concerns, we have developed a specialized course that teaches the cybersecurity professional the art and skill of testing the security of IoT devices.

"Exploiting IoT" is a unique course designed to offer you the ability to evaluate the security of these smart devices. This course is ideal for those wanting to understand the security issues associated with IoT and enabling them to make better decisions when building, deploying and assessing IoT technologies

Pre-requisites

Candidates should be acquainted with:

  • Information Security Concepts
  • Networking Concepts and Protocols used
  • Linux Fundamentals
  • Web Application & Mobile Application Security Concepts

Course Contents

  • Introduction to IoT
  • Benefits & Applications of IoT
  • Issues with IoT
  • Basic Architecture of IoT
  • IoT Attack Surface
  • OWASP Top 10 for IoT
    • Introduction to IOT Hardware & it’s components
    • Tools & Techniques
    • Electronic Communication Protocols
      • Inter System Protocol
        • UART
        • USART
        • USB

     

    • Intra System Protocol
      • I2c
      • SPI
      • CAN
    • JTAG
      • Introduction to JTAG
      • Identifying JTAG pinouts using Arduino
      • Identifying JTAG pins using JTAGulator
      • JTAG Debugging & it’s tools.
    • Introduction to HydraBus
    • Side Channel Analysis
    • Firmware Analysis
      • Introduction to Firmware
      • Obtaining a Firmware
      • Firmware Extraction
      • Static Firmware Analysis
      • Dynamic Firmware Analysis using QEMU
      • Firmware Modification and Repacking
    • Conventional Attack Vectors
    • Introduction to RF Module
    • Types of RF Modules
    • Wireless Protocols used in RF Modules
    • Introduction to BLE
      • BLE Protocol Stack
      • GAP
      • GATT
      • Analysis of Smart Bulb
    • Introduction to ZigBee
      • Device Types and Operating Modes
      • ZigBee devices & IEEE 802.15.4-2003 Low-Rate Wireless Personal Area Network
      • Network & Application Layer
      • ZigBee Communication Model
      • ZigBee Profiles
      • ZigBee Encryption
    • Introduction to SDR
      • Introduction to Basic Radio Components & GNU Radio Companion
      • Decoding AM Signals
      • Capturing FM Signals using RTL-SDR
      • Analyzing wireless doorbells using RTL-SDR

    Extraction of sensitive data from Signals

    • OWASP TOP 10 – Web Application
        • A1 Injection.
        • A2 Broken Authentication and Session Management.
        • A3 Cross-Site Scripting (XSS)
        • A4 Insecure Direct Object References.
        • A5 Security Misconfiguration.
        • A6 Sensitive Data Exposure.
        • A7 Missing Function Level Access Control.
        • A8 Cross-Site Request Forgery (CSRF)
        • A9 Using Components with Known Vulnerabilities
        • A10 Unvalidated Redirects and Forwards
    • Session 1
      • Introduction to Android
      • Android Security Architecture
      • Android Applications Components
      • What is ADB
    • Session 2
      • Reversing android application
        • Apktool
        • Dex2jar
        • Jd-Gui
      • Understanding smali/baksmali
      • Modification and Rebuilding of Android Application
      • Signing Android Applications
      • Automated Analysis with Drozer
      • OWASP Top 10 – Mobile
    • Analysis of Kankun Smart Plug Application
    • Message Queue Telemetry Transport (MQTT)
      • Introduction to MQTT
      • Architecture
      • Topic Matching
      • QoS, Data Types
      • MQTT Packet Structure

     

    • Constrained Application Protocol (CoAP)
      • Introduction to COAP
      • Two Layered Model
        • Messaging Model
        • Request/Response Model
      • Message Usage Table & Message Formats
      • Recon & Attacks

    Understanding COAP with Wireshark

    • Introduction to Android Native Dev

     

    • Introduction to ARM Assembly
      • ARM Overview
      • Processor Modes
      • Registers
      • Instruction Set
      • Stack
      • System Call Convention
      • Procedure Call Convention
      • Buffer Overflow
      • ARM Binary Analysis

     

    • Introduction to MIPS Assembly
      • MIPS Overview
      • Processor Modes
      • Registers
      • Instruction Set
      • System Call Convention
      • Procedure Call Convention
      • MIPS Binary Analysis

     

 

Ethical Hacking Training

This course goes deep down into depths of networking, systems, web applications, actual exploitation & helps beginners to take their confident first step towards information security field.

  • 6 Weeks Comprehensive Training
  • Built by Experienced Professionals
  • Regularly update on tools, techniques in course content