Offensive IoT Penetration Testing and Security

# In Person (5 Days)

# Online (14 Days)
This training program will cover both Offensive and Defensive Security of IoT devices. These training modules are carefully selected to provide the most thorough training available. It will start with the fundamentals of IoT using various industries as examples and learn about typical components and technology used. It will also cover popular security architecture applied to IoT systems as well as security rules & standards.
hackerSlash has introduced IoT Security and Hacking to keep up with changing trends and the need of the hour. Learning IoT is more difficult than you might think. Firmware, Embedded Devices, Serial Communication Protocols, Software Defined Radio, Bluetooth Low Energy (BLE), and ZigBee must all be learned. This course is designed with all of these considerations in mind to emphasize the importance of incorporating security into IoT devices and solutions.

This practical training program will cover threats to IoT systems, attack vectors, common security design loopholes, IoT hardware vulnerabilities, OWASP IoT top 10, APIs, security protocols and other backend services will be covered as well. Moving forward it will cover how to integrate current security services to protect an IoT service, how to put security system design into practice. Learn to deploy cryptographic solutions, identify and access management solutions, key management, and create policies and strategies for securing IoT devices. This IoT security course is hands-on practical training to provide learners with a comprehensive experiential and practical learning experience. As we believe that practical knowledge impacts more on the participants.

DEVICES TO BE USED:

RTL-SDR
Zigbit
WiFi Pineapple
Ubertooth
Raspberry Pi
Open Sniffer
Keylogger
Jtagulator
HackRf One
ESP8266
BB Black
Alfa Card

IoT HIGHLIGHTS

# Reversing Firmware & Firmware Analysis
# Exploiting Real World Devices
# OWASP IoT Top 10
# Hardware Hacking
# Software Defined Radio Hacking
# 30+ Devices during Training
# Design your Own IoT Gadgets
# Bluetooth Hacking & Sniffing
# Wireless Regulatory Testing
# Exploiting Zigbee Over-the-Air key provisioning
# Application Testing (Mobile + Desktop)
# IoT API Attacks
# RFID Cloning
# ARM Based Exploitation
# UART & JTAG
# Hardening Industrial IoT Network Devices


IoT COURSE STRUCTURE

This training program is structured into four sections to ensure that you grasp each one completely. It has been deliberately developed to provide you the most thorough training possible.


We'll start with offensive IoT internals, identifying attack surfaces, and creating a pen test mindset, then move on to Firmware RE, electronics internals, Embedded Device Hacking, and eventually exploiting BLE and ZigBee communication protocols, all through hands-on labs and exercises. The offensive training will assist you in determining how to choose a security solution that meets your needs rather than vice versa.


Then we'll move on to IoT security. There are a few things to remember when it comes to security. You must establish trust in the IoT by using eSIMs, IAM systems, and certificates to create trusted identities. You'll also need to decide what kind of encryption you'll employ for data while it travels and rests on devices and in the cloud.
Section- 1 (IoT Penetration Testing)
Deep dive into embedded/IoT firmware, starting with the fundamentals: understanding the multistage boot process, the kernel and root filesystems, how to build them with a custom toolchain, and how they can be compromised by the user and kernel-mode backdoors/rootkits.

Learn what's entailed in using DIY open-source technologies to improve your security. Will it, in the end, assist you in having a secure solution for your IoT product? How will you secure data transmission and storage, and how will you handle such a large number of encryption keys? We'll be utilizing the newest 4.15.x kernel on an ARM architecture board for this session.
raspberry-pi-gc815f8760_1280
Section- 2 (ZigBee)
smart-g2eb23ff2e_1280
  • Zigbee and IEEE 802.15.4 authentication and cryptographic controls.

  • Weaknesses in Zigbee key provisioning and management mechanisms.

  • Tools for eavesdropping on and manipulating Zigbee networks.

  • Exploiting Zigbee Over-the-Air key provisioning.

  • Implementing Security services such as cryptographic key establishment, key transport, frame protection, and device management.
  • Section- 3 (BLE)
  • Bluetooth pairing techniques and vulnerabilities.

  • Attacking Bluetooth pairing for PIN and key recovery.

  • Techniques for identifying non-discoverable Bluetooth devices.

  • Recognizing BLE Frequency-Hopping RF patterns.

  • Security analysis of BLE pairing options just works, OOP, passkey, and numeric comparison.

  • Analysis of expensive and inexpensive BLE packet capture tools for Windows, Linux, and Android devices.

  • Practical exploitation of BLE services & the overview of key risk management measures to secure BLE devices.
  • corona-g4090bd2bf_1280
    Section- 4 (Wireless Regulatory Testing)
    city-g2220497b0_1280
  • Introduction to Wireless communication Regulatory testing and standards like ETSI 300 328, FCC Part 15 Sub C.

  • Basics of 2.4GHz regulatory requirements for Bluetooth, Zigbee, Wi-Fi, and test procedures for global and India markets.

  • Basics of 5GHz regulatory requirements for WiFi and test procedure for global and Indian markets.

  • Basics of LTE-M and NB-IoT Regulatory requirements and testing for global and India markets.

  • Information Security – for details of what it means Major CS standards and Implementation guidelines – for understanding more practically.

  • Training on standards like IEC 62443 can help –.

  • Overview Energy Efficient Security solution for IoT Devices.

  • TLS and certificate managements.

  • Bluetooth, BLE, DECT, and ZigBee Security and Attacks.

  • Cellular and Mobile Network Security and Attacks: GSM, CDMA, UMTS/HSPA+, LTE, LTE-A Pro, and 5G.

  • Wireless Security Strategies and Implementation.

  • Wireless Risk Mitigation.

  • Wireless Intrusion Preventation System - WIPS
  • IoT SYLLABUS

    Module 1: Introduction to IoT
    Module 2: Understanding components, devices, protocol used
    Module 3: Security Policies & Standards
    Module 4: Factors impacting IoT
    Module 5: Understand the architecture, components, and applications of convergent enterprise and industrial IoT
    Module 6: Defining the Security Requirements for Industrial IoT Networks
    Module 7: Introduction to Offensive IoT Exploitation
    Module 8: Vulnerabilities in the Internet of Things
    Module 9: Vulnerabilities in Industrial IoT Networks are being exploited
    Module 10: Database SQL Injection
    Module 11: Defining the Security Process for Industrial IoT Networks
    Module 12: Hardening Industrial IoT Network Devices
    Module 13: Industrial IoT Networks: Implementing Network Infrastructure Security
    Module 14: Packets Injections & simulation of Packet loss (with Wireshark)
    Module 15: BDBA and BDH analysis
    Module 16: Identification of threats from Defenses tool or similar tools
    Module 17: Fuzzing and flooding - how to check memory leaks
    Module 18: Attack surface analysis
    Module 19: Integration or system level Cyber Security testing
    Module 20: Analyzing firmware
    Module 21: Infiltrating Firmware
    Module 22: Emulation of firmware using FAT
    Module 23: Web Application Security for IoT devices
    Module 24: Creating BurpSuite Lab for IoT devices
    Module 25: Conventional Attacks & vectors
    Module 26: Command line exploitation
    Module 27: Analyzing Smart Plugs
    Module 28: Controlling Smart devices bypassing encryption
    Module 29: ARM Overview
    Module 30: Buffer overflow on ARM
    Module 31: Exploit writing on ARM
    Module 32: Using radare2 for MIPS binary analysis
    Module 33: Exploitation using GDB remote debugging on MIPS
    Module 34: Embedded Product Penetration Testing
     Communication Port Interfaces
     - RS 485 Communication Port
     - RJ 45 Ethernet IP Port
     Communication Protocols Interfaces
     - UART
    
     - Modbus Communication
    
     - BACnet
    
     - SNTP
    
     - SMTP
    
     - DNP3
    
     - Ethernet IP
    
     - HTTP or HTTPs
    
     - FTP / FTPs
    
     - TLS
    
     - IPV6
    Module 35: Introduction to UART
    Module 36: Serial interfacing over UART
    Module 37: NAND glitching attack
    Module 38: Building secure IoT system
    Module 39: Port Scanning Result analysis
    Module 40: Identify Top priority risk and Solutions
    Module 41: OWASP IoT Top 10 ( Exploit and Secure)
     - Weak, guessable, or hardcoded passwords
    - Insecure network services
    - Insecure ecosystem interfaces
    - Lack of secure update mechanism
    - Use of insecure or outdated components
    - Insufficient privacy protection
    - Insecure data transfer and storage
    - Lack of device management
    - Insecure default settings
     - Lack of physical hardening
    Module 42: Building Trusted identities, data and connectivity
    Module 43: Ensuring Privacy and Confidentiality
    Module 44: Web Server/ Application Interface
    Module 45: Feature based Penetration Testing
     - MAC
    - RBAC
     - Profile based
    Module 46: OWASP TOP 10 for Web Application Security
     - Injection
    - Broken Authentication
    - Broken Authentication
    - XML External Entities
    - Broken Access Control
    - Security Misconfiguration
    - Cross-Site Scripting (XSS)
    - Insecure Deserialization
    - Using Components With Known Vulnerabilities
     - Insufficient Logging And Monitoring
    Module 47: Security Management of IoT
    Module 48: Threat Monitoring and Mitigations (Secure design changes verification)
    Module 49: Device Security
    Module 50: Protect Data traffic and Storage
    Module 51: Integrate cryptographic modules in IoT systems
    Module 52: SDLC (Software Development Life Cycle)
    Module 53: Embedded Product – Secure Development Practices and Source Code Review
    Module 54: Secure Coding Practices WRT
     - User Access Management,
     - Device IP management
    Module 55: Explore Cloud Security in your IoT system
    Module 56: Conclusion and Discussion

    WHO CAN ATTEND THIS TRAINING PROGRAM?

  • IoT Security Enthusiasts

  • Security Professionals and Penetration Testers

  • Embedded Developers
  • COURSE PRICING

    All prices in Bangladeshi TAKA and US dollars.

    IoT training + courseware + exam certification

    # For Bangladeshi Students - 35,000 TAKA

    # For International Students 500 USD

    Explore and Secure IoT Devices at Industry Level