Tweet
Offensive IoT Exploitation
Latest details, requirements, description, cost: https://defcontrainings.myshopify.co...t-exploitation
Training description:
As IoT becomes more integrated and integral into personal and work lives, there is a growing need to understand the inner workings of IoT devices. The base skills required are the same as many other security disciplines, whether the task is to perform defensive-based penetration testing or gain covert access for evidence or intelligence collection. Testing IoT devices for security bridges several skill sets from application security, operating systems penetration testing, wireless signals analysis, and embedded hardware security. Unfortunately, many courses in this industry deal with each topic individually, either taking a deep dive into hardware hacking, teaching advanced web application security, or teaching exploit development of different microarchitectures. This training is curated to take a step back and look at the bigger picture of IoT security testing, teaching the basics of each skill set to bridge the gaps and enable students to apply modern penetration testing techniques to IoT devices.
Course Outline: The course is broken down into the following sections:
Introduction to IoT
Trends in IoT and IoT Security
Penetration testing Methodology Overview for IoT
o How it differs from other methodologies
Linux Command Refresher (Command line fu)
Hardware Recon and Analysis
o Physical Embedded Hardware Inspection
▪ Includes Analyzing and Identifying Chips, Ports and Circuits Connections
o Hardware analysis
▪ JTAG
▪ UART
▪ SPI
▪ eMMC
o Hardware attacks
▪ Glitching (Boot Loader Attacks)
▪ Side Channel Attacks
Software Recon and Analysis
o Firmware Analysis
▪ Introduction to Binwalk
▪ Introduction to Manual Firmware Analysis
o Emulating firmware
▪ Introduction to QEMU
o IoT Software Protocols
▪ Configuration & Discovery Protocols (UPnP)
▪ API’s (REST, SOAP, MQTT)
Communication Protocols in IoT
o Wireless Communications Protocols and how to attack them
▪ BLE
▪ WIFI
▪ ZigBee
▪ Thread
▪ LoRa
Student skill level:
Beginner to Intermediate. This is a compressed course and will move quickly. Students should have:
- Understanding of common networking protocols
- Basic familiarity of virtualization technologies
- Basic familiarity of Windows and Linux
- Basic understanding of penetration testing
What should students bring to the Training?:
Laptop with 16GB RAM and at least 40GB free disk space
- External ethernet adapter
- VMware Player/Workstation/Fusion or VirtualBox installed
- Administrator/Root access to their host Operating System
Bios:
Trevor Stevado
• 12+ years in offensive application and network security
• Led and contributed to over 100 security assessments (Red Team, VA, Pen Test)
• DEF CON 26 Black Badge holder (part of 3-person team)
• Leads Pros versus Joes (PvJ) Red Cell
• Founding Partner & Hacker @ Loudmouth Security
Trevor Hough
• 10+ years in offensive application and network security
• Led and contributed to dozens of security assessments (Red Team, VA, Pen Test)
• DEF CON 26 Black Badge holder (part of 3-person team)
• Member of Pros versus Joes (PvJ) Red Cell
• Managing Partner & Hacker @ Loudmouth Security
Nicholas Coad
• 5+ years in offensive application and network security
• 10+ years in network administration and security operations
• Contributed to dozens of security assessments (Red Team, VA, Pen Test)
• Managed security operations for Fortune 500 company
• Winner of the IoT CTF, DEF CON 27
• Member of Pros versus Joes (PvJ) Red Cell
• Hacker @ Loudmouth Security
Patrick Ross
• 7+ years in offensive security roles
• 10+ years in security architecture
• DEF CON 26 Black Badge holder (part of 3-person team)
• Member of Pros versus Joes (PvJ) Red Cell
• Hacker @ Village Idiot Labs
Trainer(s) social media links:
https://twitter.com/_t1v0_
https://twitter.com/2fluffyhuffy
Previous Trainings:
Private corporate trainings only.
DATE:Aug 15th to 16th 2022
TIME:8am to 5pm PDT
VENUE:Caesars Forum Ballroom
TRAINERS:Trevor Stevado, Trevor Hough, Nicholas Coad & Patrick Ross
CERTIFICATE TEST AVAILABLE (45 minutes after class) Please purchase Certificate test
- 16 hours of training with a certificate of completion for some classes
- COVID safety: Masks required for indoor training
- Note: Classes that do not meet their minimum class size by July 15 will be canceled, please register early
- Note: Food is NOT included
Latest details, requirements, description, cost: https://defcontrainings.myshopify.co...t-exploitation
Training description:
As IoT becomes more integrated and integral into personal and work lives, there is a growing need to understand the inner workings of IoT devices. The base skills required are the same as many other security disciplines, whether the task is to perform defensive-based penetration testing or gain covert access for evidence or intelligence collection. Testing IoT devices for security bridges several skill sets from application security, operating systems penetration testing, wireless signals analysis, and embedded hardware security. Unfortunately, many courses in this industry deal with each topic individually, either taking a deep dive into hardware hacking, teaching advanced web application security, or teaching exploit development of different microarchitectures. This training is curated to take a step back and look at the bigger picture of IoT security testing, teaching the basics of each skill set to bridge the gaps and enable students to apply modern penetration testing techniques to IoT devices.
Course Outline: The course is broken down into the following sections:
Introduction to IoT
Trends in IoT and IoT Security
Penetration testing Methodology Overview for IoT
o How it differs from other methodologies
Linux Command Refresher (Command line fu)
Hardware Recon and Analysis
o Physical Embedded Hardware Inspection
▪ Includes Analyzing and Identifying Chips, Ports and Circuits Connections
o Hardware analysis
▪ JTAG
▪ UART
▪ SPI
▪ eMMC
o Hardware attacks
▪ Glitching (Boot Loader Attacks)
▪ Side Channel Attacks
Software Recon and Analysis
o Firmware Analysis
▪ Introduction to Binwalk
▪ Introduction to Manual Firmware Analysis
o Emulating firmware
▪ Introduction to QEMU
o IoT Software Protocols
▪ Configuration & Discovery Protocols (UPnP)
▪ API’s (REST, SOAP, MQTT)
Communication Protocols in IoT
o Wireless Communications Protocols and how to attack them
▪ BLE
▪ WIFI
▪ ZigBee
▪ Thread
▪ LoRa
Student skill level:
Beginner to Intermediate. This is a compressed course and will move quickly. Students should have:
- Understanding of common networking protocols
- Basic familiarity of virtualization technologies
- Basic familiarity of Windows and Linux
- Basic understanding of penetration testing
What should students bring to the Training?:
Laptop with 16GB RAM and at least 40GB free disk space
- External ethernet adapter
- VMware Player/Workstation/Fusion or VirtualBox installed
- Administrator/Root access to their host Operating System
Bios:
Trevor Stevado
• 12+ years in offensive application and network security
• Led and contributed to over 100 security assessments (Red Team, VA, Pen Test)
• DEF CON 26 Black Badge holder (part of 3-person team)
• Leads Pros versus Joes (PvJ) Red Cell
• Founding Partner & Hacker @ Loudmouth Security
Trevor Hough
• 10+ years in offensive application and network security
• Led and contributed to dozens of security assessments (Red Team, VA, Pen Test)
• DEF CON 26 Black Badge holder (part of 3-person team)
• Member of Pros versus Joes (PvJ) Red Cell
• Managing Partner & Hacker @ Loudmouth Security
Nicholas Coad
• 5+ years in offensive application and network security
• 10+ years in network administration and security operations
• Contributed to dozens of security assessments (Red Team, VA, Pen Test)
• Managed security operations for Fortune 500 company
• Winner of the IoT CTF, DEF CON 27
• Member of Pros versus Joes (PvJ) Red Cell
• Hacker @ Loudmouth Security
Patrick Ross
• 7+ years in offensive security roles
• 10+ years in security architecture
• DEF CON 26 Black Badge holder (part of 3-person team)
• Member of Pros versus Joes (PvJ) Red Cell
• Hacker @ Village Idiot Labs
Trainer(s) social media links:
https://twitter.com/_t1v0_
https://twitter.com/2fluffyhuffy
Previous Trainings:
Private corporate trainings only.
DATE:Aug 15th to 16th 2022
TIME:8am to 5pm PDT
VENUE:Caesars Forum Ballroom
TRAINERS:Trevor Stevado, Trevor Hough, Nicholas Coad & Patrick Ross
CERTIFICATE TEST AVAILABLE (45 minutes after class) Please purchase Certificate test
- 16 hours of training with a certificate of completion for some classes
- COVID safety: Masks required for indoor training
- Note: Classes that do not meet their minimum class size by July 15 will be canceled, please register early
- Note: Food is NOT included
Comment