WORKSHOP: Hacking IoT Devices 101 – Pentester Edition

10
13672

By Arun Magesh, IoT security researcher at Attify and Mounish P,  IoT security researcher at Attify

3 Seats Left.

Hacking IoT Devices 101 – Pentester edition training class is built for anyone who wants to get started with Internet of Things Exploitation and Security Assessment of the so-called “smart devices”. During this class, attendees will get familiar with the tools and techniques that are used by practitioners to identify vulnerabilities in IoT devices.

This is a beginner friendly course and attendees don’t need to have previous experience in either IoT or penetration testing.

What participants will be provided with 

  • IoT exploitation VM
  • Course material and slides
  • Commercial Smart Devices and other tools to use in class

During this 1-day workshop class, we will begin with the fundamentals and gradually move towards advanced topics such as analyzing firmware, mobile app exploitation for IoT, hacking a smart switch and additional demos and attacks on various surfaces.

Subtopics:

  • Getting Started with IoT Security  :Introduction to IoT Security Architecture, Getting familiar with IoT security and components, Case studies of IoT Vulnerabilities, Attack vectors for smart devices.
  • Firmware analysis: Firmware Extraction Techniques, Analyzing and Backdooring Firmware, Emulating Firmwares and Binaries, Identifying vulnerabilities in a Firmware.
  • Smart Device Hacking: Reverse Engineering a Mobile app, Firmware analysis, Conventional attack techniques, Analyzing ARM binaries, Getting around with encryption, Taking over a Smart device.
  • Advanced Exploitation: Taking over Smart bulb, Taking over smart Home Security system, Hacking a Car’s Key Fob.

Prerequisites:

  • Basic understanding of networking concepts
  • Familiarity with Linux
  • Experience of scripting languages will be a plus

Prerequisite material

  • Bring your own laptop installed with a Virtualisation software.
  • Ensure that you have admin access on the system.
  • Minimum 25 GB disk space and 4GB RAM is required in order to run the VM smoothly.

What participants will be provided with 

  • IoT exploitation VM
  • Course material and slides
  • Commercial Smart Devices and other tools to use in class

Speaker Profile:

Arun Magesh

Arun Magesh works as an IoT security expert with Attify and has worked on numerous smart devices pentest in the past couple of years. With an electrical engineering academic background, he serves as a core committee member for several IoT local chapters and hackerspaces in India, where he also regularly delivers talks and hands-on workshops. He has 5+ years hands-on experience in both building and breaking IoT devices and has been previously awarded for India’s Top 25 under 25 technologist and Intel Software Innovator. His main focus area in IoT is embedded device and SDR security. He has also built and contributed to a number of projects such as Brain-Computer interfacing and Augmented Reality solutions. He is also the lead content creator for Offensive IoT Exploitation and Practical SDR Exploitation for IoT device courses and has delivered training to numerous governmental and private organizations around the world.

Mounish P

Mounish is an IoT penetration tester and security researcher at Attify. During his work at Attify, he created and developed hardware devices such as Attify Badge and Damn Vulnerable IoT device. He has researched extensively on serial interfacing techniques, exploiting communication protocols such as Zigbee, Zwave and 6LoWPAN. In his previous roles, he was involved in developing embedded systems for automated water treatment plants and solar plant monitoring. He is an active speaker at local IoT chapters and Embedded device development meetups.

Use coupon code FLASH50 to get 50% off today. Cost: Rs. 9900 (includes conference videos, networking lunch, training certificate and digital subscription to EFY e-zine)

SHARE

10 COMMENTS

    • Hey Javier, thanks for writing in. While doing an Internet conference over Skype is possible, it won’t give you the full benefit of physically being here. We can set up a call through Skype (or a webinar tool) and place a computer in the workshop room facing the trainer — does that work for you?

    • It starts at 9AM. Please be at the venue by 8.30AM, because the first 100 delegates to enter the hall also get a free EFYCON Infinity pass worth ₹10,000.

    • The cost of that pass at the venue is going to be 15k and so the discount you have will be applied on that amount. Therefore it is going to cost you more. We recommend making the payment online to get it at a lower cost.

    • Tech requirements

      1. VirtualBox ( VM workstation works too)
      2. Atleast 2GB RAM for the VM(more the better)
      3. 64bit Linux or MAC or Windows with virtualization enabled.
      4. Complete admin access.

LEAVE A REPLY

Please enter your comment!
Please enter your name here