Announcement

Collapse
No announcement yet.

Offensive IoT Exploitation

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Offensive IoT Exploitation

    Offensive IoT Exploitation
    Latest details, requirements, description, cost: https://defcontrainings.myshopify.co...t-exploitation


    Training description:

    As IoT becomes more integrated and integral into personal and work lives, there is a growing need to understand the inner workings of IoT devices. The base skills required are the same as many other security disciplines, whether the task is to perform defensive-based penetration testing or gain covert access for evidence or intelligence collection. Testing IoT devices for security bridges several skill sets from application security, operating systems penetration testing, wireless signals analysis, and embedded hardware security. Unfortunately, many courses in this industry deal with each topic individually, either taking a deep dive into hardware hacking, teaching advanced web application security, or teaching exploit development of different microarchitectures. This training is curated to take a step back and look at the bigger picture of IoT security testing, teaching the basics of each skill set to bridge the gaps and enable students to apply modern penetration testing techniques to IoT devices.



    Course Outline: The course is broken down into the following sections:

    Introduction to IoT
    Trends in IoT and IoT Security
    Penetration testing Methodology Overview for IoT
    o How it differs from other methodologies
    Linux Command Refresher (Command line fu)
    Hardware Recon and Analysis
    o Physical Embedded Hardware Inspection
    ▪ Includes Analyzing and Identifying Chips, Ports and Circuits Connections
    o Hardware analysis
    ▪ JTAG
    ▪ UART
    ▪ SPI
    ▪ eMMC
    o Hardware attacks
    ▪ Glitching (Boot Loader Attacks)
    ▪ Side Channel Attacks

    Software Recon and Analysis
    o Firmware Analysis
    ▪ Introduction to Binwalk
    ▪ Introduction to Manual Firmware Analysis
    o Emulating firmware
    ▪ Introduction to QEMU
    o IoT Software Protocols
    ▪ Configuration & Discovery Protocols (UPnP)
    ▪ API’s (REST, SOAP, MQTT)

    Communication Protocols in IoT
    o Wireless Communications Protocols and how to attack them
    ▪ BLE
    ▪ WIFI
    ▪ ZigBee
    ▪ Thread
    ▪ LoRa

    Student skill level:

    Beginner to Intermediate. This is a compressed course and will move quickly. Students should have:
    - Understanding of common networking protocols
    - Basic familiarity of virtualization technologies
    - Basic familiarity of Windows and Linux
    - Basic understanding of penetration testing



    What should students bring to the Training?:

    Laptop with 16GB RAM and at least 40GB free disk space
    - External ethernet adapter
    - VMware Player/Workstation/Fusion or VirtualBox installed
    - Administrator/Root access to their host Operating System


    Bios:


    Trevor Stevado
    • 12+ years in offensive application and network security
    • Led and contributed to over 100 security assessments (Red Team, VA, Pen Test)
    • DEF CON 26 Black Badge holder (part of 3-person team)
    • Leads Pros versus Joes (PvJ) Red Cell
    • Founding Partner & Hacker @ Loudmouth Security

    Trevor Hough
    • 10+ years in offensive application and network security
    • Led and contributed to dozens of security assessments (Red Team, VA, Pen Test)
    • DEF CON 26 Black Badge holder (part of 3-person team)
    • Member of Pros versus Joes (PvJ) Red Cell
    • Managing Partner & Hacker @ Loudmouth Security

    Nicholas Coad
    • 5+ years in offensive application and network security
    • 10+ years in network administration and security operations
    • Contributed to dozens of security assessments (Red Team, VA, Pen Test)
    • Managed security operations for Fortune 500 company
    • Winner of the IoT CTF, DEF CON 27
    • Member of Pros versus Joes (PvJ) Red Cell
    • Hacker @ Loudmouth Security

    Patrick Ross
    • 7+ years in offensive security roles
    • 10+ years in security architecture
    • DEF CON 26 Black Badge holder (part of 3-person team)
    • Member of Pros versus Joes (PvJ) Red Cell
    • Hacker @ Village Idiot Labs


    Trainer(s) social media links:

    https://twitter.com/_t1v0_

    https://twitter.com/2fluffyhuffy


    Previous Trainings:

    Private corporate trainings only.

    DATE:Aug 15th to 16th 2022
    TIME:9am to 5pm PDT
    VENUE:Caesars Forum Ballroom
    TRAINERS:Trevor Stevado, Trevor Hough, Nicholas Coad & Patrick Ross

    CERTIFICATE TEST AVAILABLE (45 minutes after class) Please purchase Certificate test

    - 16 hours of training with a certificate of completion for some classes
    - COVID safety: Masks required for indoor training
    - Note: Classes that do not meet their minimum class size by July 15 will be canceled, please register early
    - Note: Food is NOT included
Working...
X