No announcement yet.

EXPLIoT - IoT Security Testing and Exploitation Framework

  • Filter
  • Time
  • Show
Clear All
new posts

  • EXPLIoT - IoT Security Testing and Exploitation Framework

    Friday from 14:00 – 15:50 in Sunset 3 at Planet Hollywood
    Audience: Offense, Hardware, IoT, Pentesters Aseem Jakhar & Murtuja Bharmal

    EXPLIoT is a framework for security testing and exploiting IoT products and IoT infrastructure. Source code and documentation - It provides a set of plugins (test cases) which are used to perform the assessment and can be extended easily with new ones. The name EXPLIoT (pronounced expl-aa-yo-tee) is a pun on the word exploit and explains the purpose of the framework i.e. IoT exploitation. It can be used as a standalone tool for IoT security testing and more interestingly, it provides building blocks for writing new plugins/exploits and other IoT security assessment test cases with ease. EXPLIoT supports most IoT communication protocols, hardware interfacing functionality and test cases that can be used from within the framework to quickly map and exploit an IoT product or IoT Infrastructure. It will help the security community in writing quick IoT test cases and exploits. Currently, the framework has support for analyzing and exploiting various IoT, radio and hardware protocols including BLE, CAN, DICOM, MQTT, Modbus, I2C, SPI, UART We have released a comprehensive documentation including User and Developer guide to help the security community kick start quickly and easily with the framework.

    Aseem Jakhar
    Aseem Jakhar is the Director, research at Payatu Software Labs a security testing company specialized in IoT, Embedded, cloud, mobile security. He is the founder of null-The open security community, a registered not-for-profit organization and also organizes and security conferences. He has worked on various security software including UTM appliances, messaging/security appliances, anti-spam engine, anti-virus software, bayesian engine to name a few. He currently spends his time researching on IoT security and hacking things. He is an active speaker and trainer at security conferences like AusCERT, Black Hat, Brucon, Defcon,, Hack in Paris, Hack In The Box, PHDays and many more. He has authored various open source security software including:

    - EXPLIoT - IoT Exploitation Framework
    - DIVA (Damn Insecure and Vulnerable App) for Android
    - Jugaad/Indroid - Linux Thread injection kit for x86 and ARM
    - Dexfuzzer - Dex file format fuzzer

    Murtuja Bharmal
    Murtuja Bharmal is an application and network security enthusiast, having 15+ years of industry experience on the offensive as well as the defensive side of security. He is the Co-Founder and Director at Payatu Software Labs, a security testing company specialized in IoT, Embedded, cloud, mobile security. He is also the Founder of null (The Open Security Community) -, nullcon (International security conference) - and security conference - He has worked extensively on network and web application security assessment and served various financial organizations in India, Middle East, South East Asia, and Europe in a personal and professional capacity. He is X-IBMer and has worked on IBM-ISS (Internet Security System) product as Senior System Engineer. He started his career as a security product developer and developed a UTM (Unified Threat Management) product with features such as Firewall, IPS, VPN, and Application Proxies.