Offensive IoT Exploitation (OIE)
Who Should Take This Course?
A basic knowledge of web and mobile security will be required. It will help if you understand assembly basics for ARM and overflow based exploitation basics.
What you should bring:
- Laptop with at least 25 GB free space
- 2 GB minimum RAM
- External USB access
- Administrative privileges on the system
- Virtualisation software
A 2-day practical course, exploring the Internet of Things (IoT), playing with firmware, finding exploits in common devices and findings zero days. If you want to try exploitation on new hardware and find security vulnerabilities and 0-days in IoT devices, then offensive IoT Exploitation is the course for you. At the end of the class, there will be a final CTF challenge where the attendees will be asked to identify security vulnerabilities and exploit them in a completely unknown device.
Offensive IoT Exploitation IoT or the “Internet of Things” is an upcoming trend in technology. Many new devices are coming up every single month, however very little attention has been paid to the device’s security until now. “Offensive IoT Exploitation” is a brand new and unique course that offers pen testers and security researchers the ability to assess and exploit the security of these smart devices. The training will cover a variety of IoT devices, assessing their attack surfaces and writing exploits. The 2-day hands-on class will provide attendees the ability to try things for themselves rather than just watching the slides. We will start from the very beginning discussing the architecture of IoT devices, and slowly moving to firmware analysis, identifying attack surfaces, finding vulnerabilities and finally, exploiting these vulnerabilities.
Hacking is not just confined to Applications, Infrastructure testing or Mobile pen testing, but also hardware, software, firmware and devices themselves. In developing our client’s knowledge, we seek to create a rounded mind-set that can tackle any situation or environment so that they can apply these skills commercially. An IoT mind-set can be taken and applied to SCADA systems, manufacturing and plant or just raises awareness about “other systems” that may be attached to the corporate network, which can be used to gain a foothold to other infrastructures, applications or mobile platforms.
We wrote the course to include both labs and emulated environments, as well as real devices which will be provided to the attendees during the training. Custom VMs are provided by the trainer and are used for the entire class. You will be provided with the following:
- IoT devices
- Custom IoT pen testing VM
- Printed lab reference material and handouts
- 600+ slides (PDF Copy)
Currently there are no training dates scheduled for this course. Enquire a date