IoT Penetration Testing Training in Riyadh, Jeddah, Saudi Arabia, Dubai, UAE

Skills Gained:

You will be able to:

Assess IoT network-facing controls, web applications, and API endpoints with an IoT focus
Examine hardware to discover functionality and find interaction points and use them to obtain data from the hardware
Uncover firmware from hardware and other means, and explore it for secrets and implementation failures
Sniff, interact with, and manipulate WiFi, LoRA, and Zigbee wireless technologies and understand security failures in implementation
Interact with Bluetooth Low Energy (BLE) for device manipulation
Automate recovery of unknown radio protocols to perform replay attacks and additional analysis

Course Content:

Module1: Introduction to IoT Network Traffic and Web Services

overview

This course section introduces the overall problem with IoT security and examines how testing can address the problem in largely generic terms, given the multitude of IoT implementations. The first technical concepts include network recon and attacks as well as key web application issues often found with IoT devices, such as authentication bypass, RFI, and command injection. Additionally, we will examine API requests from mobile apps to back-end services and the devices themselves, then use the tools testers need to inspect and exploit network and web-based IoT.

Exercises

Lab 1.1: Wireshark filters and PCAP inspection
Lab 1.2: Nmap scan of an IoT device and exploitation with Metasploit
Lab 1.3, Part 1: Burp Suite interception on IoT web portal for exposed secrets
Lab 1.3, Part 2: Using Postman to send password data to an IoT API
Lab 1.4, Part 1: Exploiting an IoT portal for consumer-grade devices
Lab 1.4, Part 2: Injecting commands into vulnerable IoT web services

Topics

Course introduction
Course methodology for testing IoT: Modified IoTA
Tooling for IoTA: Introducing hardware tools
Network discovery and reconActive network discovery
Network exploitation for IoT
Web services in IoT
Web and API recon and discovery
Tools for web services
Web service attack types and exploitation

Module2: Exploiting IoT Hardware Interfaces and Analyzing Firmware

Overview

This section will introduce key concepts to perform recon against various hardware devices for destructive and semi-destructive testing for hardware, as well as hardware identification, communication, and exploitation using various hardware tools. We will also examine ways to recover device operating systems (firmware) and analyze them to recover stored secrets and various implementation flaws.

Exercises

Lab 2.1: Obtaining and analyzing Specification Sheets
Lab 2.2: Sniffing serial and SPI
Lab 2.3: Recovering firmware from PCAP
Lab 2.4: Recovering filesystems with binwalk
Lab 2.5: Pillaging the filesystem

Topics

Background and importance of IoT hardware
Opening the device
Examining and identifying components
Discovering and identifying ports
A soldering primer
Sniffing, interaction, and exploitation of hardware ports: Serial, SPI, JTAG
Recovering firmware
Firmware analysis
Pillaging the firmware

Module3: : Exploiting Wireless IoT: WiFi, BLE, Zigbee, LoRA, and SDR

Overview

This course section focuses on the more popular and developing, documented, and standardized wireless technologies often found in IoT technology. The concepts introduced include capturing traffic, gaining access to networks and encrypted data, and interacting with and compromising IoT devices and their functions. The section will introduce the concepts to analyze and exploit non-standard and proprietary RF communications often found in IoT devices

Exercises

Lab 3.1: WiFi PSK cracking
Lab 3.2: BLE device interaction
Lab 3.3: Zigbee traffic capture
Lab 3.4: Conducting a replay transmission attack on IoT

Topics

Wi-Fi
Bluetooth Low Energy
Zigbee
LoRA
SDR

Course Prerequisite

Attendees are expected to have a working knowledge of TCP/IP and web technologies and a basic knowledge of the Linux command lines before they come to class. While SEC556 is technically in-depth, it is important to note that programming knowledge is NOT required for the course.

International Student Fee: 500 US$

Job Interview Preparation (Soft Skills Questions & Answers)

Your FREE eLEARNING Courses (Click Here)

Internships, Freelance and Full-Time Work opportunities

Flexible Class Options