IoT Penetration Testing
IoT Penetration Testing acilitates examining the entire IoT ecosystem, helping you build the vital skills needed to identify, assess, and exploit basic and complex security mechanisms in IoT devices. This course gives you tools and hands-on techniques necessary to evaluate the ever-expanding IoT attack surface.
Skills Gained:
You will be able to:
- Assess IoT network-facing controls, web applications, and API endpoints with an IoT focus
- Examine hardware to discover functionality and find interaction points and use them to obtain data from the hardware
- Uncover firmware from hardware and other means, and explore it for secrets and implementation failures
- Sniff, interact with, and manipulate WiFi, LoRA, and Zigbee wireless technologies and understand security failures in implementation
- Interact with Bluetooth Low Energy (BLE) for device manipulation
- Automate recovery of unknown radio protocols to perform replay attacks and additional analysis
Course Content:
Module1: Introduction to IoT Network Traffic and Web Services
overview
This course section introduces the overall problem with IoT security and examines how testing can address the problem in largely generic terms, given the multitude of IoT implementations. The first technical concepts include network recon and attacks as well as key web application issues often found with IoT devices, such as authentication bypass, RFI, and command injection. Additionally, we will examine API requests from mobile apps to back-end services and the devices themselves, then use the tools testers need to inspect and exploit network and web-based IoT.
Exercises
- Lab 1.1: Wireshark filters and PCAP inspection
- Lab 1.2: Nmap scan of an IoT device and exploitation with Metasploit
- Lab 1.3, Part 1: Burp Suite interception on IoT web portal for exposed secrets
- Lab 1.3, Part 2: Using Postman to send password data to an IoT API
- Lab 1.4, Part 1: Exploiting an IoT portal for consumer-grade devices
- Lab 1.4, Part 2: Injecting commands into vulnerable IoT web services
Topics
- Course introduction
- Course methodology for testing IoT: Modified IoTA
- Tooling for IoTA: Introducing hardware tools
- Network discovery and reconActive network discovery
- Network exploitation for IoT
- Web services in IoT
- Web and API recon and discovery
- Tools for web services
- Web service attack types and exploitation
Module2: Exploiting IoT Hardware Interfaces and Analyzing Firmware
Overview
This section will introduce key concepts to perform recon against various hardware devices for destructive and semi-destructive testing for hardware, as well as hardware identification, communication, and exploitation using various hardware tools. We will also examine ways to recover device operating systems (firmware) and analyze them to recover stored secrets and various implementation flaws.
Exercises
- Lab 2.1: Obtaining and analyzing Specification Sheets
- Lab 2.2: Sniffing serial and SPI
- Lab 2.3: Recovering firmware from PCAP
- Lab 2.4: Recovering filesystems with binwalk
- Lab 2.5: Pillaging the filesystem
Topics
- Background and importance of IoT hardware
- Opening the device
- Examining and identifying components
- Discovering and identifying ports
- A soldering primer
- Sniffing, interaction, and exploitation of hardware ports: Serial, SPI, JTAG
- Recovering firmware
- Firmware analysis
- Pillaging the firmware
Module3: : Exploiting Wireless IoT: WiFi, BLE, Zigbee, LoRA, and SDR
Overview
This course section focuses on the more popular and developing, documented, and standardized wireless technologies often found in IoT technology. The concepts introduced include capturing traffic, gaining access to networks and encrypted data, and interacting with and compromising IoT devices and their functions. The section will introduce the concepts to analyze and exploit non-standard and proprietary RF communications often found in IoT devices
Exercises
- Lab 3.1: WiFi PSK cracking
- Lab 3.2: BLE device interaction
- Lab 3.3: Zigbee traffic capture
- Lab 3.4: Conducting a replay transmission attack on IoT
Topics
- Wi-Fi
- Bluetooth Low Energy
- Zigbee
- LoRA
- SDR
Course Prerequisite
Attendees are expected to have a working knowledge of TCP/IP and web technologies and a basic knowledge of the Linux command lines before they come to class. While SEC556 is technically in-depth, it is important to note that programming knowledge is NOT required for the course.
International Student Fee: 500 US$
Job Interview Preparation (Soft Skills Questions & Answers)
- Tough Open-Ended Job Interview Questions
- What to Wear for Best Job Interview Attire
- Job Interview Question- What are You Passionate About?
- How to Prepare for a Job Promotion Interview
Your FREE eLEARNING Courses (Click Here)
Internships, Freelance and Full-Time Work opportunities
- Join Internships and Referral Program (click for details)
- Work as Freelancer or Full-Time Employee (click for details)
Flexible Class Options
- Week End Classes For Professionals SAT | SUN
- Corporate Group Trainings Available
- Online Classes – Live Virtual Class (L.V.C), Online Training
Related Courses
IOS and Android Application Security Analysis and Penetration Testing
Metasploit for Enterprise Penetration Testing
Wireless Penetration Testing and Ethical Hacking
Hacker Tools, Techniques, and Incident Handling
Enterprise Penetration Testing