SlideShare a Scribd company logo

Hacking IoT with EXPLIoT Framework

Priyanka Aash
Priyanka Aash

"This workshop is for pentesters, security researchers or someone looking to get into IoT security but is reluctant due to the wide range of technologies involved and plethora of different tools. While it does require a considerable amount of knowledge in the domain, it is not as difficult as you may think. In this workshop we will introduce you to some of the important concepts and EXPLIoT framework in a very simple way that can be used for the various IoT attack vectors. The primary focus of this workshop is to introduce the attendees to the open source IoT Security Testing and Exploitation Framework - EXPLIoT (https://gitlab.com/expliot_framework/expliot) and enable them to use as well as extend it by writing plugins for new IoT based exploits and analysis test cases. It’s a flexible and extendable framework that would help the security community in writing quick IoT test cases and exploits. The objectives of the framework are: 1. Easy to use 2. Extendable 3. Support for hardware, radio and IoT protocol analysis EXPLIoT currently supports the following protocols which can be utilized for writing new plugins/exploits: 1. Radio – BLE , Zigbee 2. Network – MQTT, CoAP, DICOM, MODBUS, MDNS, NMAP, TCP, UDP 3. Hardware – CAN, SPI, I2C, UART, JTAG This talk would give attendees a first-hand view of the functionality, how to use it and how to write plugins to extend the framework."

1 of 57
Downloaded 21 times
Best Of The World In Security Conference Best Of The World In Security 12-13 November 2020 Hacking IoT with EXPLIoT Framework Asmita Payatu, India IoT Security Consultant @aj_0x00
Best Of The World In Security Conference • IoT Security Consultant at Payatu, India - Embedded Hardware Security - Firmware Reverse Engineering • Trainer/Speaker - Checkpoint CPX360, Nullcon, IDCSS, Hackaday Remoticon Infosec meetups • Email - asmita@payatu.com • Twitter - aj_0x00 About Me
Best Of The World In Security Conference • IoT Attack Surface • EXPLIoT Framework - Architecture, - Executing plugins, - Extending the framework by writing your own plugins • MQTT - Protocol, - Security issues, - Hands-on with plugins, - Write a custom Plugin • Plugin Demos - BLE plugins Demo, - Zigbee Demo - I2C Plugins Demo Agenda
Best Of The World In Security Conference IoT Attack Surface
Best Of The World In Security Conference • Hardware debug ports • Storage • Bus Communication • Encryption • Authentication • Sensor interfaces • Hardware interfaces IoT Attack Surface Device Hardware
Best Of The World In Security Conference • Hardware debug ports • Storage • Bus Communication • Encryption • Authentication • Sensor interfaces • Hardware interfaces IoT Attack Surface Device Hardware
Best Of The World In Security Conference • Authentication • Encryption • Protocol vulnerabilities • Custom IoT protocols • Radio communication and protocols IoT Attack Surface Communication
Best Of The World In Security Conference • Storage • Communication • Authentication • APIs • Encryption • Generic web/cloud vulnerabilities IoT Attack Surface Cloud
Best Of The World In Security Conference • Storage • Communication • Authentication • Hardcoding • Encryption • Generic application vulnerabilities IoT Attack Surface User application
Best Of The World In Security Conference • Open source IoT Security Testing and Exploitation Framework - EXPLIoT • Framework for security testing IoT and IoT infrastructure • Provides a set of plugins (test cases) and extendable • It is developed in python3 • Support for hardware, radio and IoT protocol analysis • Easy to use • Source : https://gitlab.com/expliot_framework/expliot • Documentation - https://expliot.readthedocs.io/en/latest/ EXPLIoT Framework
Best Of The World In Security Conference EXPLIoT Framework - Architecture Source : https://expliot.readthedocs.io/en/latest/development/architecture.html
Best Of The World In Security Conference • Bluetooth LE • CAN • CoAP • Crypto • DICOM • I2C • mDNS • Modbus Currently Supported Plugins • MQTT • nmap • SPI • TCP • UART • UDP • UPNP • Zigbee
Best Of The World In Security Conference • Install EXPLIoT framework • Choose the execution mode - command line mode - Interactive mode Executing Plugins Source : https://expliot.readthedocs.io/en/latest/installation/intro.html https://expliot.readthedocs.io/en/latest/usage/intro.html
Best Of The World In Security Conference Executing Plugins - Command line mode Source : https://expliot.readthedocs.io/en/latest/usage/command-line-mode.html#command-line- mode
Best Of The World In Security Conference Executing Plugins - Command line mode Source : https://expliot.readthedocs.io/en/latest/usage/command-line-mode.html#command-line- mode
Best Of The World In Security Conference Executing Plugins - Command line mode Source : https://expliot.readthedocs.io/en/latest/usage/command-line-mode.html#command-line- mode Plugin name arguments
Best Of The World In Security Conference Executing Plugins - Interactive mode Source : https://expliot.readthedocs.io/en/latest/usage/interactive-mode.html
Best Of The World In Security Conference Executing Plugins - Interactive mode Source : https://expliot.readthedocs.io/en/latest/usage/interactive-mode.html
Best Of The World In Security Conference Executing Plugins - Interactive mode Source : https://expliot.readthedocs.io/en/latest/usage/interactive-mode.html
Best Of The World In Security Conference Executing Plugins - Interactive mode Source : https://expliot.readthedocs.io/en/latest/usage/interactive-mode.html Plugin name arguments
Best Of The World In Security Conference Executing Plugins Detailed Videos : https://www.youtube.com/playlist?list=PLpCYsToyPxH-tGseJ3C4Gk0pCNZ-0pl6w
Best Of The World In Security Conference • Setup the development environment * Don’t miss pre-requirements setup Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/setup.html
Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework Setup.py
Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework Setup.py
Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework Setup.py docs
Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework Setup.py docs expliot
Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework expliot
Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework expliot -> core
Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework expliot /core
Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework expliot -> plugins
Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework expliot /plugins
Best Of The World In Security Conference • Message Queuing Telemetry Transport • Lightweight Messaging protocol • Publish / Subscribe mechanism • Message Broker • TCP Port - 1883 (Plain text) & 8883 (TLS) • Mqtt.org • An ISO Standard - ISO/IEC 20922 http://www.iso.org/iso/catalogue_detail.htm?csnumber=69466 • MQTT 5.0 Spec - https://docs.oasis-open.org/mqtt/mqtt/v5.0/mqtt- v5.0.html MQTT Introduction
Best Of The World In Security Conference • Topics Label for grouping of Application messages, matched against subscriptions to forward the messages. Ex: foo/bar • Topic filters An expression indicating one or more topic names in a Subscription. Use of wild cards. Ex: foo, foo/# • Publish messages under specific topics Publish(topic, message) • Subscribe/Unsubscribe to/from Topic filters MQTT Introduction Source: https://payatu.com/blog/aseem/iot-security---part-10-introduction-to-mqtt-protocol-and-security
Best Of The World In Security Conference MQTT Introduction • Multilevel wildcard - ‘#’ • Singlelevel wildcard – ‘+’ • Topic names beginning with ‘$’ character are used for implementation internal purposes
Best Of The World In Security Conference Node 1, 2, 3 subscribed to different topic filters MQTT Introduction Source: https://payatu.com/blog/aseem/iot-security---part-10-introduction-to-mqtt-protocol-and-security
Best Of The World In Security Conference Node 4 publishes “Hello” on topic ‘a’ MQTT Introduction Source: https://payatu.com/blog/aseem/iot-security---part-10-introduction-to-mqtt-protocol-and-security
Best Of The World In Security Conference Node 2 & 3 receives the published msg but not node one, why? MQTT Introduction Source: https://payatu.com/blog/aseem/iot-security---part-10-introduction-to-mqtt-protocol-and-security
Best Of The World In Security Conference MQTT Introduction Quality of service (QoS) • QoS Levels • QoS 0 – At most once delivery • QoS 1 – At least once delivery • QoS 2 – Exactly once delivery • Messages are delivered based on the defined QoS Level
Best Of The World In Security Conference MQTT Protocol Packet Structure
Best Of The World In Security Conference MQTT Protocol Source: https://payatu.com/blog/aseem/iot-security---part-10-introduction-to-mqtt-protocol-and-security 16 control packets in v5.0
Best Of The World In Security Conference MQTT Security Issues - Attack Possibilities Source: https://payatu.com/blog/aseem/iot-security---part-10-introduction-to-mqtt-protocol-and-security • Fetching unencrypted sensitive data from sniffed packets • DoS attack via duplicating client ID • Insecure/weak authentication : use of client ID or default/guessable credentials • Grab system level messages $SYS/# • Cloning the client • Attacking and manipulating the devices via malicious input
Best Of The World In Security Conference MQTT Plugin • mqtt.generic.crackauth • mqtt.generic.pub • mqtt.generic.sub • mqtt.aws.pub • mqtt.aws.sub
Best Of The World In Security Conference mqttpub Plugin Implementation Source: https://gitlab.com/expliot_framework/expliot https://expliot.readthedocs.io/en/latest/tests/mqtt.html
Best Of The World In Security Conference mqttpub Plugin Implementation Source: https://gitlab.com/expliot_framework/expliot https://expliot.readthedocs.io/en/latest/tests/mqtt.html
Best Of The World In Security Conference mqttpub Plugin Implementation Source: https://gitlab.com/expliot_framework/expliot https://expliot.readthedocs.io/en/latest/tests/mqtt.html Class name MqttPub same as plugin file name mqttpub.py Output format place Initialization Argument parser
Best Of The World In Security Conference mqttpub Plugin Implementation Source: https://gitlab.com/expliot_framework/expliot https://expliot.readthedocs.io/en/latest/tests/mqtt.html Main logic of plugin Exception Handeling
Best Of The World In Security Conference MQTT hands-on labs using plugins Lab 1 : Subscribe and Publish using expliot • Objective – Subscribe to a Topic filter and Publish messages to the same • Steps : - Open Terminal and Run expliot - $ expliot - Inside expliot framework run “ run mqtt,generic.sub -h” for help menu - Again open expliot framework in another terminal - Terminal 1: Subscribe to any topic using “run mqtt.generic.sub -r localhost -t test” - Terminal 2: Publish a message to the topic using “ run mqtt.generic.pub -r localhost -t test -m hello “ - Subscription terminal now received your message which has been published - You will see messages from everyone publishing on the topic test if they are in the same network
Best Of The World In Security Conference MQTT hands-on labs using plugins Lab 2 : Read system level messages • Objective – Read system level messages instead of Application messages and be able to gather any interesting information about the broker. • Hint – Subscribe to the right Topic ;) • Steps : - Use EXPLIoT framework and subscribe to interesting SYS topics - Command: run mqt.generic.sub -r localhost -t “$SYS/#”
Best Of The World In Security Conference MQTT hands-on labs using plugins Lab 3 : MQTT Client DoS • Objective – To kill a legitimate MQTT connection using the same client ID • Steps : - Run expliot framework in two terminal: - Terminal 1: Subscribe to any topic with a unique client id using “run mqtt.generic.sub -r localhost -t foobar -i testfoobar “ - Terminal 2: Send a message with same client id to any topic using “run mqtt.generic.pub -r localhost -t test -i testfoobar -m hello” - Now you can notice that the client which was subscribing to the broker gets disconnected because of the publish message with the same client id - You can use this to DoS a MQTT server and a client and connect to it and send malicious data.
Best Of The World In Security Conference Write a custom plugin – Hands-on • Hands-on writing with any custom plugin for the framework • Before get started, do the set up as : https://expliot.readthedocs.io/en/latest/development/setup.html • For reference of new-plugin setup – https://expliot.readthedocs.io/en/latest/development/new-plugin.html • Coding style & Documentation Link – https://expliot.readthedocs.io/en/latest/development/intro.html https://expliot.readthedocs.io/en/latest/development/documentation.html So, it’s time to write your own plugin 
Best Of The World In Security Conference Plugins Demos Demo 1 : I2C Plugin • Objective – Dump the data from memory using protocol adapter Plugin : run i2c.generic.readeeprom Source : https://expliot.readthedocs.io/en/latest/tests/i2c.html
Best Of The World In Security Conference Plugins Demos Demo 1 : I2C Plugin • Objective – Dump the data from memory using protocol adapter Time for Demo 
Best Of The World In Security Conference Plugins Demos Demo 2 : Zigbee Plugin • ZigBee Network Scan - zbauditor.generic.nwkscan • ZigBee Packet Sniffer - zbauditor.generic.sniffer • ZigBee Packet Replay - zbauditor.generic.replay Source : https://expliot.readthedocs.io/en/latest/tests/zbauditor.html
Best Of The World In Security Conference Plugins Demos Demo 2 : Zigbee Plugin • ZigBee Network Scan - zbauditor.generic.nwkscan • ZigBee Packet Sniffer - zbauditor.generic.sniffer • ZigBee Packet Replay - zbauditor.generic.replay Source : https://expliot.readthedocs.io/en/latest/tests/zbauditor.html Time for Demo 
Best Of The World In Security Conference Plugins Demos Demo 3 : BLE Plugin • Scan - ble.generic.scan • Enumerate - ble.generic.enum • Write - ble.generic.writechar • Fuzz - ble.generic.fuzzchar Source : https://expliot.readthedocs.io/en/latest/tests/bluetooth.html
Best Of The World In Security Conference Plugins Demos Demo 3 : BLE Plugin • Scan - ble.generic.scan • Enumerate - ble.generic.enum • Write - ble.generic.writechar • Fuzz - ble.generic.fuzzchar Source : https://expliot.readthedocs.io/en/latest/tests/bluetooth.html Time for Demo 
Best Of The World In Security Conference Thank You - Questions? Asmita Payatu, India IoT Security Consultant @aj_0x00 asmita@payatu.com

Recommended

Building Internet Server using CentOS 7 and CentOS Web Panel (CWP)
Building Internet Server using CentOS 7 and CentOS Web Panel (CWP)Building Internet Server using CentOS 7 and CentOS Web Panel (CWP)
Building Internet Server using CentOS 7 and CentOS Web Panel (CWP)
I Putu Hariyadi
 
Video games history
Video games history Video games history
Video games history
Abdelhak
 
Cyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application ExploitationCyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application Exploitation
Prathan Phongthiproek
 
Smarter Home Invasion With ZigDiggity
Smarter Home Invasion With ZigDiggitySmarter Home Invasion With ZigDiggity
Smarter Home Invasion With ZigDiggity
Bishop Fox
 
Yocto - Embedded Linux Distribution Maker
Yocto - Embedded Linux Distribution MakerYocto - Embedded Linux Distribution Maker
Yocto - Embedded Linux Distribution Maker
Sherif Mousa
 
Ebook Konfigurasi Dasar Linux Debian 7.8
Ebook Konfigurasi Dasar Linux Debian 7.8Ebook Konfigurasi Dasar Linux Debian 7.8
Ebook Konfigurasi Dasar Linux Debian 7.8
Walid Umar
 
IP Address dan Subnetting
IP Address dan SubnettingIP Address dan Subnetting
IP Address dan Subnetting
Riksan Taslim
 
Game genres
Game genresGame genres
Game genres
aealey
 
Embedded Linux Kernel - Build your custom kernel
Embedded Linux Kernel - Build your custom kernelEmbedded Linux Kernel - Build your custom kernel
Embedded Linux Kernel - Build your custom kernel
Emertxe Information Technologies Pvt Ltd
 
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallDetect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Huda Seyam
 
The History Of Mobile Gaming
The History Of Mobile Gaming The History Of Mobile Gaming
The History Of Mobile Gaming
aihendo
 
Budgeting
BudgetingBudgeting
Budgeting
Ramziya Begam
 
Backtrack 5 - network pentest
Backtrack 5 - network pentestBacktrack 5 - network pentest
Backtrack 5 - network pentest
Dan H
 
Ferramentas de Segurança
Ferramentas de SegurançaFerramentas de Segurança
Ferramentas de Segurança
Alefe Variani
 
Materi Pelatihan analisa malware
Materi Pelatihan analisa malwareMateri Pelatihan analisa malware
Materi Pelatihan analisa malware
Setia Juli Irzal Ismail
 
Game Interface Design
Game Interface DesignGame Interface Design
Game Interface Design
Chris Castaldi
 
Introduction to Game Development
Introduction to Game DevelopmentIntroduction to Game Development
Introduction to Game Development
Shaan Alam
 
Game Design as Career
Game Design as CareerGame Design as Career
Game Design as Career
ArtfulArtsyAmy
 
Disruptive innovation at Nintendo - The Wii
Disruptive innovation at Nintendo - The WiiDisruptive innovation at Nintendo - The Wii
Disruptive innovation at Nintendo - The Wii
Réussir Mes Etudes
 
[AVTOKYO 2017] What is red team?
[AVTOKYO 2017] What is red team?[AVTOKYO 2017] What is red team?
[AVTOKYO 2017] What is red team?
Tomohisa Ishikawa, CISSP, CSSLP, CISA, CISM, CFE
 
Konfigurasi dasar wlan
Konfigurasi dasar wlanKonfigurasi dasar wlan
Konfigurasi dasar wlan
Saiful Badri
 
Advanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAdvanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source Security
AlienVault
 
Linux Kernel and Driver Development Training
Linux Kernel and Driver Development TrainingLinux Kernel and Driver Development Training
Linux Kernel and Driver Development Training
Stephan Cadene
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
Ankita Ganguly
 
Qt5 (minimal) on beaglebone, with Yocto
Qt5 (minimal) on beaglebone, with YoctoQt5 (minimal) on beaglebone, with Yocto
Qt5 (minimal) on beaglebone, with Yocto
Prabindh Sundareson
 
Harder Faster Stronger
Harder Faster StrongerHarder Faster Stronger
Harder Faster Stronger
snyff
 
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
idsecconf
 
Solusi Tugas Studi Kasus IPTables Three-Legged Network Firewall
Solusi Tugas Studi Kasus IPTables Three-Legged Network FirewallSolusi Tugas Studi Kasus IPTables Three-Legged Network Firewall
Solusi Tugas Studi Kasus IPTables Three-Legged Network Firewall
I Putu Hariyadi
 
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE
 
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
ITCamp
 

More Related Content

What's hot (20)

Embedded Linux Kernel - Build your custom kernel
Embedded Linux Kernel - Build your custom kernelEmbedded Linux Kernel - Build your custom kernel
Embedded Linux Kernel - Build your custom kernel
Emertxe Information Technologies Pvt Ltd
 
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallDetect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Huda Seyam
 
The History Of Mobile Gaming
The History Of Mobile Gaming The History Of Mobile Gaming
The History Of Mobile Gaming
aihendo
 
Budgeting
BudgetingBudgeting
Budgeting
Ramziya Begam
 
Backtrack 5 - network pentest
Backtrack 5 - network pentestBacktrack 5 - network pentest
Backtrack 5 - network pentest
Dan H
 
Ferramentas de Segurança
Ferramentas de SegurançaFerramentas de Segurança
Ferramentas de Segurança
Alefe Variani
 
Materi Pelatihan analisa malware
Materi Pelatihan analisa malwareMateri Pelatihan analisa malware
Materi Pelatihan analisa malware
Setia Juli Irzal Ismail
 
Game Interface Design
Game Interface DesignGame Interface Design
Game Interface Design
Chris Castaldi
 
Introduction to Game Development
Introduction to Game DevelopmentIntroduction to Game Development
Introduction to Game Development
Shaan Alam
 
Game Design as Career
Game Design as CareerGame Design as Career
Game Design as Career
ArtfulArtsyAmy
 
Disruptive innovation at Nintendo - The Wii
Disruptive innovation at Nintendo - The WiiDisruptive innovation at Nintendo - The Wii
Disruptive innovation at Nintendo - The Wii
Réussir Mes Etudes
 
[AVTOKYO 2017] What is red team?
[AVTOKYO 2017] What is red team?[AVTOKYO 2017] What is red team?
[AVTOKYO 2017] What is red team?
Tomohisa Ishikawa, CISSP, CSSLP, CISA, CISM, CFE
 
Konfigurasi dasar wlan
Konfigurasi dasar wlanKonfigurasi dasar wlan
Konfigurasi dasar wlan
Saiful Badri
 
Advanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAdvanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source Security
AlienVault
 
Linux Kernel and Driver Development Training
Linux Kernel and Driver Development TrainingLinux Kernel and Driver Development Training
Linux Kernel and Driver Development Training
Stephan Cadene
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
Ankita Ganguly
 
Qt5 (minimal) on beaglebone, with Yocto
Qt5 (minimal) on beaglebone, with YoctoQt5 (minimal) on beaglebone, with Yocto
Qt5 (minimal) on beaglebone, with Yocto
Prabindh Sundareson
 
Harder Faster Stronger
Harder Faster StrongerHarder Faster Stronger
Harder Faster Stronger
snyff
 
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
idsecconf
 
Solusi Tugas Studi Kasus IPTables Three-Legged Network Firewall
Solusi Tugas Studi Kasus IPTables Three-Legged Network FirewallSolusi Tugas Studi Kasus IPTables Three-Legged Network Firewall
Solusi Tugas Studi Kasus IPTables Three-Legged Network Firewall
I Putu Hariyadi
 
Embedded Linux Kernel - Build your custom kernel
Embedded Linux Kernel - Build your custom kernelEmbedded Linux Kernel - Build your custom kernel
Embedded Linux Kernel - Build your custom kernel
Emertxe Information Technologies Pvt Ltd
 
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallDetect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Huda Seyam
 
The History Of Mobile Gaming
The History Of Mobile Gaming The History Of Mobile Gaming
The History Of Mobile Gaming
aihendo
 
Budgeting
BudgetingBudgeting
Budgeting
Ramziya Begam
 
Backtrack 5 - network pentest
Backtrack 5 - network pentestBacktrack 5 - network pentest
Backtrack 5 - network pentest
Dan H
 
Ferramentas de Segurança
Ferramentas de SegurançaFerramentas de Segurança
Ferramentas de Segurança
Alefe Variani
 
Materi Pelatihan analisa malware
Materi Pelatihan analisa malwareMateri Pelatihan analisa malware
Materi Pelatihan analisa malware
Setia Juli Irzal Ismail
 
Game Interface Design
Game Interface DesignGame Interface Design
Game Interface Design
Chris Castaldi
 
Introduction to Game Development
Introduction to Game DevelopmentIntroduction to Game Development
Introduction to Game Development
Shaan Alam
 
Game Design as Career
Game Design as CareerGame Design as Career
Game Design as Career
ArtfulArtsyAmy
 
Disruptive innovation at Nintendo - The Wii
Disruptive innovation at Nintendo - The WiiDisruptive innovation at Nintendo - The Wii
Disruptive innovation at Nintendo - The Wii
Réussir Mes Etudes
 
[AVTOKYO 2017] What is red team?
[AVTOKYO 2017] What is red team?[AVTOKYO 2017] What is red team?
[AVTOKYO 2017] What is red team?
Tomohisa Ishikawa, CISSP, CSSLP, CISA, CISM, CFE
 
Konfigurasi dasar wlan
Konfigurasi dasar wlanKonfigurasi dasar wlan
Konfigurasi dasar wlan
Saiful Badri
 
Advanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAdvanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source Security
AlienVault
 
Linux Kernel and Driver Development Training
Linux Kernel and Driver Development TrainingLinux Kernel and Driver Development Training
Linux Kernel and Driver Development Training
Stephan Cadene
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
Ankita Ganguly
 
Qt5 (minimal) on beaglebone, with Yocto
Qt5 (minimal) on beaglebone, with YoctoQt5 (minimal) on beaglebone, with Yocto
Qt5 (minimal) on beaglebone, with Yocto
Prabindh Sundareson
 
Harder Faster Stronger
Harder Faster StrongerHarder Faster Stronger
Harder Faster Stronger
snyff
 
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
idsecconf
 
Solusi Tugas Studi Kasus IPTables Three-Legged Network Firewall
Solusi Tugas Studi Kasus IPTables Three-Legged Network FirewallSolusi Tugas Studi Kasus IPTables Three-Legged Network Firewall
Solusi Tugas Studi Kasus IPTables Three-Legged Network Firewall
I Putu Hariyadi
 

Similar to Hacking IoT with EXPLIoT Framework (20)

FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE
 
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
ITCamp
 
Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent ...
Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent ... Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent ...
Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent ...
Furkan Turkal
 
Practical Security with MQTT and Mosquitto
Practical Security with MQTT and MosquittoPractical Security with MQTT and Mosquitto
Practical Security with MQTT and Mosquitto
nbarendt
 
SUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptxSUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptx
Vasiliy Fomichev
 
Jump into Squeak - Integrate Squeak projects with Docker & Github
Jump into Squeak - Integrate Squeak projects with Docker & GithubJump into Squeak - Integrate Squeak projects with Docker & Github
Jump into Squeak - Integrate Squeak projects with Docker & Github
hubx
 
Zephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfZephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdf
ibramax
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
James Wickett
 
ITCamp 2013 - Alessandro Pilotti - Git crash course for Visual Studio devs
ITCamp 2013 - Alessandro Pilotti - Git crash course for Visual Studio devsITCamp 2013 - Alessandro Pilotti - Git crash course for Visual Studio devs
ITCamp 2013 - Alessandro Pilotti - Git crash course for Visual Studio devs
ITCamp
 
Tools for FPGA Development
Tools for FPGA DevelopmentTools for FPGA Development
Tools for FPGA Development
Brahim HAMADICHAREF
 
Azure IoT Edge: a breakthrough platform and service running cloud intelligenc...
Azure IoT Edge: a breakthrough platform and service running cloud intelligenc...Azure IoT Edge: a breakthrough platform and service running cloud intelligenc...
Azure IoT Edge: a breakthrough platform and service running cloud intelligenc...
Microsoft Tech Community
 
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk MunnSupply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
NUS-ISS
 
Docker Runtime Security
Docker Runtime SecurityDocker Runtime Security
Docker Runtime Security
Sysdig
 
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guideNUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS
 
2013 09-02 senzations-bimschas-part4-setting-up-your-own-testbed
2013 09-02 senzations-bimschas-part4-setting-up-your-own-testbed2013 09-02 senzations-bimschas-part4-setting-up-your-own-testbed
2013 09-02 senzations-bimschas-part4-setting-up-your-own-testbed
Daniel Bimschas
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container security
Volodymyr Shynkar
 
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
Secview
 
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...
Agile Testing Alliance
 
Cisco Project 2 Description
Cisco Project 2 DescriptionCisco Project 2 Description
Cisco Project 2 Description
EvaKeeling
 
Introduction to Windows IoT Nov 2017
Introduction to Windows IoT Nov 2017Introduction to Windows IoT Nov 2017
Introduction to Windows IoT Nov 2017
Lee Richardson
 
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE
 
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
ITCamp
 
Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent ...
Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent ... Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent ...
Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent ...
Furkan Turkal
 
Practical Security with MQTT and Mosquitto
Practical Security with MQTT and MosquittoPractical Security with MQTT and Mosquitto
Practical Security with MQTT and Mosquitto
nbarendt
 
SUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptxSUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptx
Vasiliy Fomichev
 
Jump into Squeak - Integrate Squeak projects with Docker & Github
Jump into Squeak - Integrate Squeak projects with Docker & GithubJump into Squeak - Integrate Squeak projects with Docker & Github
Jump into Squeak - Integrate Squeak projects with Docker & Github
hubx
 
Zephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfZephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdf
ibramax
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
James Wickett
 
ITCamp 2013 - Alessandro Pilotti - Git crash course for Visual Studio devs
ITCamp 2013 - Alessandro Pilotti - Git crash course for Visual Studio devsITCamp 2013 - Alessandro Pilotti - Git crash course for Visual Studio devs
ITCamp 2013 - Alessandro Pilotti - Git crash course for Visual Studio devs
ITCamp
 
Tools for FPGA Development
Tools for FPGA DevelopmentTools for FPGA Development
Tools for FPGA Development
Brahim HAMADICHAREF
 
Azure IoT Edge: a breakthrough platform and service running cloud intelligenc...
Azure IoT Edge: a breakthrough platform and service running cloud intelligenc...Azure IoT Edge: a breakthrough platform and service running cloud intelligenc...
Azure IoT Edge: a breakthrough platform and service running cloud intelligenc...
Microsoft Tech Community
 
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk MunnSupply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
NUS-ISS
 
Docker Runtime Security
Docker Runtime SecurityDocker Runtime Security
Docker Runtime Security
Sysdig
 
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guideNUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS
 
2013 09-02 senzations-bimschas-part4-setting-up-your-own-testbed
2013 09-02 senzations-bimschas-part4-setting-up-your-own-testbed2013 09-02 senzations-bimschas-part4-setting-up-your-own-testbed
2013 09-02 senzations-bimschas-part4-setting-up-your-own-testbed
Daniel Bimschas
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container security
Volodymyr Shynkar
 
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
Secview
 
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...
Agile Testing Alliance
 
Cisco Project 2 Description
Cisco Project 2 DescriptionCisco Project 2 Description
Cisco Project 2 Description
EvaKeeling
 
Introduction to Windows IoT Nov 2017
Introduction to Windows IoT Nov 2017Introduction to Windows IoT Nov 2017
Introduction to Windows IoT Nov 2017
Lee Richardson
 

More from Priyanka Aash (20)

Keynote : Presentation on SASE Technology
Keynote : Presentation on SASE TechnologyKeynote : Presentation on SASE Technology
Keynote : Presentation on SASE Technology
Priyanka Aash
 
Keynote : AI & Future Of Offensive Security
Keynote : AI & Future Of Offensive SecurityKeynote : AI & Future Of Offensive Security
Keynote : AI & Future Of Offensive Security
Priyanka Aash
 
Redefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI CapabilitiesRedefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI Capabilities
Priyanka Aash
 
Demystifying Neural Networks And Building Cybersecurity Applications
Demystifying Neural Networks And Building Cybersecurity ApplicationsDemystifying Neural Networks And Building Cybersecurity Applications
Demystifying Neural Networks And Building Cybersecurity Applications
Priyanka Aash
 
Finetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and DefendingFinetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and Defending
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Incident Response .pdf
(CISOPlatform Summit & SACON 2024) Incident Response .pdf(CISOPlatform Summit & SACON 2024) Incident Response .pdf
(CISOPlatform Summit & SACON 2024) Incident Response .pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) GRC.pdf
(CISOPlatform Summit & SACON 2024) GRC.pdf(CISOPlatform Summit & SACON 2024) GRC.pdf
(CISOPlatform Summit & SACON 2024) GRC.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
Priyanka Aash
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Priyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
Priyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
Priyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
Priyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
Priyanka Aash
 
Keynote : Presentation on SASE Technology
Keynote : Presentation on SASE TechnologyKeynote : Presentation on SASE Technology
Keynote : Presentation on SASE Technology
Priyanka Aash
 
Keynote : AI & Future Of Offensive Security
Keynote : AI & Future Of Offensive SecurityKeynote : AI & Future Of Offensive Security
Keynote : AI & Future Of Offensive Security
Priyanka Aash
 
Redefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI CapabilitiesRedefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI Capabilities
Priyanka Aash
 
Demystifying Neural Networks And Building Cybersecurity Applications
Demystifying Neural Networks And Building Cybersecurity ApplicationsDemystifying Neural Networks And Building Cybersecurity Applications
Demystifying Neural Networks And Building Cybersecurity Applications
Priyanka Aash
 
Finetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and DefendingFinetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and Defending
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Incident Response .pdf
(CISOPlatform Summit & SACON 2024) Incident Response .pdf(CISOPlatform Summit & SACON 2024) Incident Response .pdf
(CISOPlatform Summit & SACON 2024) Incident Response .pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) GRC.pdf
(CISOPlatform Summit & SACON 2024) GRC.pdf(CISOPlatform Summit & SACON 2024) GRC.pdf
(CISOPlatform Summit & SACON 2024) GRC.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
Priyanka Aash
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Priyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
Priyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
Priyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
Priyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
Priyanka Aash
 

Recently uploaded (20)

Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
Web and Graphics Designing Training in Rajpura
Web and Graphics Designing Training in RajpuraWeb and Graphics Designing Training in Rajpura
Web and Graphics Designing Training in Rajpura
Erginous Technology
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Unlocking the Power of IVR: A Comprehensive Guide
Unlocking the Power of IVR: A Comprehensive GuideUnlocking the Power of IVR: A Comprehensive Guide
Unlocking the Power of IVR: A Comprehensive Guide
vikasascentbpo
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
HCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser EnvironmentsHCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser Environments
panagenda
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
Web and Graphics Designing Training in Rajpura
Web and Graphics Designing Training in RajpuraWeb and Graphics Designing Training in Rajpura
Web and Graphics Designing Training in Rajpura
Erginous Technology
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Unlocking the Power of IVR: A Comprehensive Guide
Unlocking the Power of IVR: A Comprehensive GuideUnlocking the Power of IVR: A Comprehensive Guide
Unlocking the Power of IVR: A Comprehensive Guide
vikasascentbpo
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
HCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser EnvironmentsHCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser Environments
panagenda
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 

Hacking IoT with EXPLIoT Framework

  • 1. Best Of The World In Security Conference Best Of The World In Security 12-13 November 2020 Hacking IoT with EXPLIoT Framework Asmita Payatu, India IoT Security Consultant @aj_0x00
  • 2. Best Of The World In Security Conference • IoT Security Consultant at Payatu, India - Embedded Hardware Security - Firmware Reverse Engineering • Trainer/Speaker - Checkpoint CPX360, Nullcon, IDCSS, Hackaday Remoticon Infosec meetups • Email - [email protected] • Twitter - aj_0x00 About Me
  • 3. Best Of The World In Security Conference • IoT Attack Surface • EXPLIoT Framework - Architecture, - Executing plugins, - Extending the framework by writing your own plugins • MQTT - Protocol, - Security issues, - Hands-on with plugins, - Write a custom Plugin • Plugin Demos - BLE plugins Demo, - Zigbee Demo - I2C Plugins Demo Agenda
  • 4. Best Of The World In Security Conference IoT Attack Surface
  • 5. Best Of The World In Security Conference • Hardware debug ports • Storage • Bus Communication • Encryption • Authentication • Sensor interfaces • Hardware interfaces IoT Attack Surface Device Hardware
  • 6. Best Of The World In Security Conference • Hardware debug ports • Storage • Bus Communication • Encryption • Authentication • Sensor interfaces • Hardware interfaces IoT Attack Surface Device Hardware
  • 7. Best Of The World In Security Conference • Authentication • Encryption • Protocol vulnerabilities • Custom IoT protocols • Radio communication and protocols IoT Attack Surface Communication
  • 8. Best Of The World In Security Conference • Storage • Communication • Authentication • APIs • Encryption • Generic web/cloud vulnerabilities IoT Attack Surface Cloud
  • 9. Best Of The World In Security Conference • Storage • Communication • Authentication • Hardcoding • Encryption • Generic application vulnerabilities IoT Attack Surface User application
  • 10. Best Of The World In Security Conference • Open source IoT Security Testing and Exploitation Framework - EXPLIoT • Framework for security testing IoT and IoT infrastructure • Provides a set of plugins (test cases) and extendable • It is developed in python3 • Support for hardware, radio and IoT protocol analysis • Easy to use • Source : https://gitlab.com/expliot_framework/expliot • Documentation - https://expliot.readthedocs.io/en/latest/ EXPLIoT Framework
  • 11. Best Of The World In Security Conference EXPLIoT Framework - Architecture Source : https://expliot.readthedocs.io/en/latest/development/architecture.html
  • 12. Best Of The World In Security Conference • Bluetooth LE • CAN • CoAP • Crypto • DICOM • I2C • mDNS • Modbus Currently Supported Plugins • MQTT • nmap • SPI • TCP • UART • UDP • UPNP • Zigbee
  • 13. Best Of The World In Security Conference • Install EXPLIoT framework • Choose the execution mode - command line mode - Interactive mode Executing Plugins Source : https://expliot.readthedocs.io/en/latest/installation/intro.html https://expliot.readthedocs.io/en/latest/usage/intro.html
  • 14. Best Of The World In Security Conference Executing Plugins - Command line mode Source : https://expliot.readthedocs.io/en/latest/usage/command-line-mode.html#command-line- mode
  • 15. Best Of The World In Security Conference Executing Plugins - Command line mode Source : https://expliot.readthedocs.io/en/latest/usage/command-line-mode.html#command-line- mode
  • 16. Best Of The World In Security Conference Executing Plugins - Command line mode Source : https://expliot.readthedocs.io/en/latest/usage/command-line-mode.html#command-line- mode Plugin name arguments
  • 17. Best Of The World In Security Conference Executing Plugins - Interactive mode Source : https://expliot.readthedocs.io/en/latest/usage/interactive-mode.html
  • 18. Best Of The World In Security Conference Executing Plugins - Interactive mode Source : https://expliot.readthedocs.io/en/latest/usage/interactive-mode.html
  • 19. Best Of The World In Security Conference Executing Plugins - Interactive mode Source : https://expliot.readthedocs.io/en/latest/usage/interactive-mode.html
  • 20. Best Of The World In Security Conference Executing Plugins - Interactive mode Source : https://expliot.readthedocs.io/en/latest/usage/interactive-mode.html Plugin name arguments
  • 21. Best Of The World In Security Conference Executing Plugins Detailed Videos : https://www.youtube.com/playlist?list=PLpCYsToyPxH-tGseJ3C4Gk0pCNZ-0pl6w
  • 22. Best Of The World In Security Conference • Setup the development environment * Don’t miss pre-requirements setup Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/setup.html
  • 23. Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework Setup.py
  • 24. Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework Setup.py
  • 25. Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework Setup.py docs
  • 26. Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework Setup.py docs expliot
  • 27. Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework expliot
  • 28. Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework expliot -> core
  • 29. Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework expliot /core
  • 30. Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework expliot -> plugins
  • 31. Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework expliot /plugins
  • 32. Best Of The World In Security Conference • Message Queuing Telemetry Transport • Lightweight Messaging protocol • Publish / Subscribe mechanism • Message Broker • TCP Port - 1883 (Plain text) & 8883 (TLS) • Mqtt.org • An ISO Standard - ISO/IEC 20922 http://www.iso.org/iso/catalogue_detail.htm?csnumber=69466 • MQTT 5.0 Spec - https://docs.oasis-open.org/mqtt/mqtt/v5.0/mqtt- v5.0.html MQTT Introduction
  • 33. Best Of The World In Security Conference • Topics Label for grouping of Application messages, matched against subscriptions to forward the messages. Ex: foo/bar • Topic filters An expression indicating one or more topic names in a Subscription. Use of wild cards. Ex: foo, foo/# • Publish messages under specific topics Publish(topic, message) • Subscribe/Unsubscribe to/from Topic filters MQTT Introduction Source: https://payatu.com/blog/aseem/iot-security---part-10-introduction-to-mqtt-protocol-and-security
  • 34. Best Of The World In Security Conference MQTT Introduction • Multilevel wildcard - ‘#’ • Singlelevel wildcard – ‘+’ • Topic names beginning with ‘$’ character are used for implementation internal purposes
  • 35. Best Of The World In Security Conference Node 1, 2, 3 subscribed to different topic filters MQTT Introduction Source: https://payatu.com/blog/aseem/iot-security---part-10-introduction-to-mqtt-protocol-and-security
  • 36. Best Of The World In Security Conference Node 4 publishes “Hello” on topic ‘a’ MQTT Introduction Source: https://payatu.com/blog/aseem/iot-security---part-10-introduction-to-mqtt-protocol-and-security
  • 37. Best Of The World In Security Conference Node 2 & 3 receives the published msg but not node one, why? MQTT Introduction Source: https://payatu.com/blog/aseem/iot-security---part-10-introduction-to-mqtt-protocol-and-security
  • 38. Best Of The World In Security Conference MQTT Introduction Quality of service (QoS) • QoS Levels • QoS 0 – At most once delivery • QoS 1 – At least once delivery • QoS 2 – Exactly once delivery • Messages are delivered based on the defined QoS Level
  • 39. Best Of The World In Security Conference MQTT Protocol Packet Structure
  • 40. Best Of The World In Security Conference MQTT Protocol Source: https://payatu.com/blog/aseem/iot-security---part-10-introduction-to-mqtt-protocol-and-security 16 control packets in v5.0
  • 41. Best Of The World In Security Conference MQTT Security Issues - Attack Possibilities Source: https://payatu.com/blog/aseem/iot-security---part-10-introduction-to-mqtt-protocol-and-security • Fetching unencrypted sensitive data from sniffed packets • DoS attack via duplicating client ID • Insecure/weak authentication : use of client ID or default/guessable credentials • Grab system level messages $SYS/# • Cloning the client • Attacking and manipulating the devices via malicious input
  • 42. Best Of The World In Security Conference MQTT Plugin • mqtt.generic.crackauth • mqtt.generic.pub • mqtt.generic.sub • mqtt.aws.pub • mqtt.aws.sub
  • 43. Best Of The World In Security Conference mqttpub Plugin Implementation Source: https://gitlab.com/expliot_framework/expliot https://expliot.readthedocs.io/en/latest/tests/mqtt.html
  • 44. Best Of The World In Security Conference mqttpub Plugin Implementation Source: https://gitlab.com/expliot_framework/expliot https://expliot.readthedocs.io/en/latest/tests/mqtt.html
  • 45. Best Of The World In Security Conference mqttpub Plugin Implementation Source: https://gitlab.com/expliot_framework/expliot https://expliot.readthedocs.io/en/latest/tests/mqtt.html Class name MqttPub same as plugin file name mqttpub.py Output format place Initialization Argument parser
  • 46. Best Of The World In Security Conference mqttpub Plugin Implementation Source: https://gitlab.com/expliot_framework/expliot https://expliot.readthedocs.io/en/latest/tests/mqtt.html Main logic of plugin Exception Handeling
  • 47. Best Of The World In Security Conference MQTT hands-on labs using plugins Lab 1 : Subscribe and Publish using expliot • Objective – Subscribe to a Topic filter and Publish messages to the same • Steps : - Open Terminal and Run expliot - $ expliot - Inside expliot framework run “ run mqtt,generic.sub -h” for help menu - Again open expliot framework in another terminal - Terminal 1: Subscribe to any topic using “run mqtt.generic.sub -r localhost -t test” - Terminal 2: Publish a message to the topic using “ run mqtt.generic.pub -r localhost -t test -m hello “ - Subscription terminal now received your message which has been published - You will see messages from everyone publishing on the topic test if they are in the same network
  • 48. Best Of The World In Security Conference MQTT hands-on labs using plugins Lab 2 : Read system level messages • Objective – Read system level messages instead of Application messages and be able to gather any interesting information about the broker. • Hint – Subscribe to the right Topic ;) • Steps : - Use EXPLIoT framework and subscribe to interesting SYS topics - Command: run mqt.generic.sub -r localhost -t “$SYS/#”
  • 49. Best Of The World In Security Conference MQTT hands-on labs using plugins Lab 3 : MQTT Client DoS • Objective – To kill a legitimate MQTT connection using the same client ID • Steps : - Run expliot framework in two terminal: - Terminal 1: Subscribe to any topic with a unique client id using “run mqtt.generic.sub -r localhost -t foobar -i testfoobar “ - Terminal 2: Send a message with same client id to any topic using “run mqtt.generic.pub -r localhost -t test -i testfoobar -m hello” - Now you can notice that the client which was subscribing to the broker gets disconnected because of the publish message with the same client id - You can use this to DoS a MQTT server and a client and connect to it and send malicious data.
  • 50. Best Of The World In Security Conference Write a custom plugin – Hands-on • Hands-on writing with any custom plugin for the framework • Before get started, do the set up as : https://expliot.readthedocs.io/en/latest/development/setup.html • For reference of new-plugin setup – https://expliot.readthedocs.io/en/latest/development/new-plugin.html • Coding style & Documentation Link – https://expliot.readthedocs.io/en/latest/development/intro.html https://expliot.readthedocs.io/en/latest/development/documentation.html So, it’s time to write your own plugin 
  • 51. Best Of The World In Security Conference Plugins Demos Demo 1 : I2C Plugin • Objective – Dump the data from memory using protocol adapter Plugin : run i2c.generic.readeeprom Source : https://expliot.readthedocs.io/en/latest/tests/i2c.html
  • 52. Best Of The World In Security Conference Plugins Demos Demo 1 : I2C Plugin • Objective – Dump the data from memory using protocol adapter Time for Demo 
  • 53. Best Of The World In Security Conference Plugins Demos Demo 2 : Zigbee Plugin • ZigBee Network Scan - zbauditor.generic.nwkscan • ZigBee Packet Sniffer - zbauditor.generic.sniffer • ZigBee Packet Replay - zbauditor.generic.replay Source : https://expliot.readthedocs.io/en/latest/tests/zbauditor.html
  • 54. Best Of The World In Security Conference Plugins Demos Demo 2 : Zigbee Plugin • ZigBee Network Scan - zbauditor.generic.nwkscan • ZigBee Packet Sniffer - zbauditor.generic.sniffer • ZigBee Packet Replay - zbauditor.generic.replay Source : https://expliot.readthedocs.io/en/latest/tests/zbauditor.html Time for Demo 
  • 55. Best Of The World In Security Conference Plugins Demos Demo 3 : BLE Plugin • Scan - ble.generic.scan • Enumerate - ble.generic.enum • Write - ble.generic.writechar • Fuzz - ble.generic.fuzzchar Source : https://expliot.readthedocs.io/en/latest/tests/bluetooth.html
  • 56. Best Of The World In Security Conference Plugins Demos Demo 3 : BLE Plugin • Scan - ble.generic.scan • Enumerate - ble.generic.enum • Write - ble.generic.writechar • Fuzz - ble.generic.fuzzchar Source : https://expliot.readthedocs.io/en/latest/tests/bluetooth.html Time for Demo 
  • 57. Best Of The World In Security Conference Thank You - Questions? Asmita Payatu, India IoT Security Consultant @aj_0x00 [email protected]