Book Online Tickets for IoT Penetration Testing Training, Bengaluru. IoTPentest Takeaway Kit Vulnerable firmware device - STM32 in-circuit debugger and programmer BLE CTF module device Vulnerable Smart Band UART connector Bluetooth Dongle Attiny85 - custom rubber ducky codes  IoT Introduction IoT Security Intr

IoT Penetration Testing Training

Saturday, 25th Apr 2020 - Sunday, 26th Apr 2020 | 09:00 AM to 05:00 PM IST
IoTHive,IoTHive,South End B Cross Road, Roopa Avenue, 2nd Floor, No. 4,Jayanagar, 9th Block, Near Ragiguda Temple, Bengaluru, Karnataka, India

 

Event ID : 228575

Invite friends

Contact Us

Page Views : 231

About The Event

IoTPentest Takeaway Kit

  • Vulnerable firmware device - STM32
  • in-circuit debugger and programmer
  • BLE CTF module device
  • Vulnerable Smart Band
  • UART connector
  • Bluetooth Dongle
  • Attiny85 - custom rubber ducky codes 

IoT Introduction

  • IoT Security Introduction
  • IoT’s in the current trend
  • What is IoT
  • IoT Attack surface
    • Networking
    • Communication protocols
    • Embedded Application Testing
    • Firmware Analysis
    • Hardware Architecture

Recon on IoT device

  • Understanding about the device
    • IoT devices understanding
    • Use of the smart devices
    • Smart technology updates
    • Hands-on
  • Information gathering with help of dorks
    • GHDB dorks
    • IoT Search engines dorks
      • shodan
      • zoomeye
      • Onphye
    • Datasheets of device
    • Hands-On
  • Identifying the attack vectors
    • Writing custom checklist
    • Steps to pentest device
    • Hands-On
  • Scanning the device network level
    • Network concepts
    • Scanning network of device
    • Pentesting it
    • Hands-On
  • Perform the vulnerable assessment on the device
    • Performing scanning
    • Identifying threats
    • Hands-On

Communication Protocols

  • Understanding light weight protocols of IoT Devices
    • Wireless communications in IoT
    • Intro to zigbee , zwave , BLE, Lora etc
  • Vulnerability of protocols
    • Discussing security loopholes in protocols
  • Understanding and Exploiting BLE 
    • About BLE
      • Bluetooth History
      • LMP Version
      • Classic vs Smart Ready vs Smart
  • Understanding BLE stack
    • GATT & GAP
    • GAP
    • GATT - Services, Characteristics
  • Analysing BLE Devices
    • Introduction to HCI tools and discover devices
    • Interacting with BLE device - Bluetoothctl
    • Exploring gattool
    • Read / write device using gatttool
    • Analysing the HCI log from host machine
  • Exploiting BLE Devices
    • GATTACKER - Introduction
    • Gattacker - Capture / Modify / Replay Packets
    • Hands-On
  • Understanding about the ZigBee and its vulnerabilities

Embedded Application Testing

  • OWASP Embedded Top 10
    • Emulating firmware
    • Pentesting the application
    • Required area of test cases
    • Hands On
  • Automating the application for the bugs
    • By using open source tools to automate the embedded applications
    • Hands On

Firmware analysis

  • Understanding firmware
  • Obtaining firmware
    • Hands-On
  • Analysing firmware
    • Hands-On
  • Reversing engineering firmware
    • Hands-On
  • Automating tools to analyse the firmware
    • Hands-On

Hardware architecture and vulnerabilities

  • What and why hardware security matters
  • Requirements of knowledge and tools
  • Explaining Hardware Related Vulnerabilities
  • Identifying the open pins and console access of the device
    • Hands-On
  • Dumping and Reversing the firmware from the hardware
    • Hands-On
  • Playing with STM32
    • Hands-On

About the Trainer:

Mr. Veerababu Penugonda also known as Mr-IoT , . He is Expert in IoT/OT penetrating testing . And he is Trainer/Speaker at p0Scon, OwaspSeasides, gravitas19 , cysinfo and null Bangalore. currently working on Firmware Reverse engineering , protocol fuzzing , hardware hacking. You can reach out to him on Twitter @v33riot

 

 

More Events From Same Organizer

Similar Category Events