Scribd
Upload
64 views

Offensive Security - CR114 IoT Exploitation

Uploaded by

sl au
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
64 views

Offensive Security - CR114 IoT Exploitation

Uploaded by

sl au
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

IoT

Exploitation
CR114
IoT Exploitation
Outline
The Internet of Things maps all physical devices, vehicles, weapons, home appliances and other items,
embedded with electronics, software and sensors that have an IP address and network connectivity. This
highly immersive and advanced training plan will cover the fundamentals of how IoT devices operate and
communicate, and disclose what lies in the background of their physical set-up. Students will explore different
methodologies of detecting vulnerabilities on these devices and learn how to exploit them on the hardware,
software and application layers. Participants will exercise those techniques and will practice further using
physical tools designed to help with the penetration process. The course also prepares attendees to master
radio and Bluetooth exploitation methods, that are critical assets for IoT researchers. By completing the
training, participants will have prominent skills and practical experience in the domain of IoT exploitation, and
will be familiar with some of the most advanced tools and techniques on the market.

Target Audience
The course targets participants with a solid foundation knowledge in computer
networking and information security, who wish to understand the world of IoT security.
Primarily:
‫ו‬ SoC Analysts & Incident Responders
‫ו‬ Junior penetration testers
‫ו‬ System security personnel who are interested in malware analysis

Prerequisites
‫ו‬ Solid knowledge and experience in infrastructure security and network penetration
testing
‫ו‬ Familiarity with Linux
‫ו‬ Basic assembly
‫ו‬ Familiarity with web-app penetration testing – an advantage
Objectives
On completing this course, delegates will be able to:
‫ו‬ Understanding IoT architecture and its different components in depth.
‫ו‬ Learning how to locate vulnerabilities and exploit IoT devices on 3 different layers:
hardware, software and application.
‫ו‬ Extracting vendor information from examined IoT devices and injecting data into
others.
‫ו‬ Working with advanced tools to accomplish advanced tasks of IoT vulnerability
discovery and exploitation.
‫ו‬ Learning to deal with radio and Bluetooth technologies, that are highly popular in
the IoT world, to extract transmitted information, intercept and control the traffic.

Hardware Requirements
The course requires the following hardware kit for each user or pair of users:
‫ו‬ USB-TTL/FT232/BusPirate/Attify Badge
‫ו‬ RTL-SDR
‫ו‬ Arduino
‫ו‬ A vulnerable device for hardware hacking
‫ו‬ HackRF/Ubertooth
Content

Day Module 01 Day Module 02


1 Introduction to IoT 2 Firmware Analysis & Exploitation
The first module will introduce participants This module takes participants further into
to Shodan, the most comprehensive search conducting full-scale analysis on IoT devices,
engine for different types of computers and by laying out the components of the system
devices connected to the internet. Shodan and locating vulnerabilities. At this stage,
allows multiple filtering techniques for locating students will learn how to expose and extract
IPs of various IoT devices, such as: servers, vendor information embedded in the device,
routers, webcams, etc. A decisive use of Shodan and alternatively, inject their own credentials
allows accessing a huge amount of valuable or other types of information into it. By the
information on the target. During this module, end of this stage, students will have acquired a
students will become familiar with GUI and substantial amount of information and skills to
CLI uses of Shodan, learn how to use correct prepare them for more advanced stages in the
filtering to reach the desired database, and following modules.
extract useful information for later exploitation.
‫ו‬ Mounting file systems
‫ו‬ Exploring Shodan
‫ו‬ Firmware analysis
□ Graphic user interface
□ Using Binwalk: Identifying hardcoded
□ Command line interface: Using vendor “secrets”
automation, Collecting data with ‫ו‬ Emulating firmware binary
advance filtering, Extracting data
‫ו‬ Firmware analysis toolkit - using firmware
‫ו‬ Mapping operating-systems, applications emulation
and IoT devices to specific vulnerabilities

Learning how to locate vulnerabilities and


exploit IoT devices on 3 different layes:
hardware, software and application.
Day Module 03 Day Module 05
3 Exploiting Web Application 5 SDR (Software-Defined Radio)
Vulnerabilities on IoT Devices Based IoT Exploitation
After covering the IoT vulnerability landscape By using some tools that can analyze radio
on the hardware and software layers, in the signals, students will identify and spot signals
following module, students will examine the coming out of different devices and find
web-application side of IoT devices and explore out their purpose. Participants will analyze
for more vulnerabilities lying on this platform, different protocols used by the device and
that can also be a potential door to access the decode the signals it broadcasts. This module
device and take over it. will give participants an incredible amount of
value by familiarizing them with the world of
‫ו‬ OWASP IoT Top 10 radio hacking.
‫ו‬ Exploitation with Burp Suite
‫ו‬ Introduction to SDR
‫ו‬ Exploitation using command injection
‫ו‬ Radio communication analysis
‫ו‬ Exploitation using brute force
‫ו‬ Attacking protocols
‫ו‬ Exploitation with CSRF
‫ו‬ RTL-SDR
‫ו‬ Extracting vendor credentials
□ Capturing FM signals
□ Analyzing wireless signals
‫ו‬ Extracting text from signals
Day Module 04
4 Using Physical Tools for IoT Exploitation ‫ו‬ Attacking RF (radio frequency)
□ Introduction to RF
During this module, students will practice with
various physical tools designed for identifying □ RF traffic analysis
vulnerabilities and exploiting IoT devices in a
□ RF replay attack
variety of manners. Participants will experience
the work with these tools hands-on and try to ‫ו‬ HackRF
penetrate a vulnerable IoT device.

‫ו‬ Reconnaissance basics


‫ו‬ Identifying serial interfaces
‫ו‬ Identifying pinouts with multimeter
‫ו‬ UART
‫ו‬ NAND attack
‫ו‬ JTAG
□ Identifying JTAG pinouts
□ Using JTAGulator
□ Debugging with JTAG
‫ו‬ USB-TTL
The HackerU
Advantage
We have unparalleled experience in building advanced
training programs for companies and organizations around
the world – Talk to one of our experts and find out why.

Handcrafted State-Of-The-Art Israel’s Premier


Training Programs Learning Materials Training Center

Fueled by Industry Over 20 Years


Leading Cyber of Proven IT-
Experts Education Success

[email protected] hackerupro.com

You might also like