Training: From Chip to Web: A Bottom-Up Approach to IoT Penetration Testing

Goal

The training program provides a comprehensive understanding of IoT penetration testing, from theory to hands-on practice, with a focus on both hardware and software aspects, ultimately aiming to equip participants with the skills needed to secure IoT devices.

Throughout the program, participants will delve into the theoretical world of IoT, exploring its ecosystem, technologies, and key components. This foundational knowledge provides the framework for a practical journey through IoT penetration testing.

The hands-on portion of the training immerses participants in real-world scenarios, where they learn to identify vulnerabilities in IoT devices, extract and analyze firmware, and exploit weaknesses in embedded web applications. This practical experience equips them with the tools and skills needed to proactively secure IoT environments.

By the program’s end, participants will be well-versed in comprehensive IoT security assessments, enabling them to safeguard IoT devices against potential threats and vulnerabilities.

Acquired Skills

  1. Understanding IoT fundamentals, ecosystem, and technologies.
  2. Identifying and documenting components in embedded systems.
  3. Hands-on experience in extracting, analyzing, and exploiting IoT device firmware.
  4. Reverse engineering skills for Linux-based and bare-metal firmware.
  5. Identify and exploit common hardware and software vulnerabilities.
  6. Use of penetration testing tools like Burp Suite, OWASP ZAP, and Metasploit Framework.
  7. Practical experience in reconnaissance, scanning, enumeration, and vulnerability searching.
  8. Documentation of findings.
  9. Exploiting OWASP IoT Top 10 vulnerabilities.
  10. Understanding security controls to enhance IoT device security.

These skills provide a comprehensive foundation for conducting IoT penetration testing, from hardware assessment to web application exploitation, and ensuring the security of IoT devices.

Duration

2 days – 4x3h

Training Format

Our training approach is flexible, offering a hybrid format that accommodates both in-person and remote learning preferences. While in-person attendance is favored for the opportunity to engage in hands-on labs, the quality of learning remains uncompromised when opting for remote participation. Your choice of format depends on your convenience, ensuring that you receive an enriching educational experience, whether you’re in the classroom or attending remotely.

Registration

Two options:

  • If you are currently pursuing a PhD in France, the next session is scheduled for February 8th and 9th, 2024. For more detailed information about the session, please don’t hesitate to reach out to me directly. It’s important to note that registration for this session will remain open until two weeks prior to the event, but please be aware that the number of places is limited. Secure your spot as soon as possible to ensure your participation !
  • Whether you’re an independent professional or represent a company seeking to enhance your workforce’s skills feel free to reach out to me directly, and together, we can coordinate a training session that aligns with your schedule.
  • Click here to contact me!

Program

Introduction to IoT – 0h45

  • Goal
    • Throughout this session, we will explore the essential concepts, ecosystem, and the underpinning technologies that drive the IoT landscape.
  • Introduction
  • IoT ecosystem
  • Device Basics
  • Firmware
  • Web applications
  • Mobile applications
  • Wireless communication

IoT Penetration Testing

  • Goal:
    • Present a holistic approach to IoT penetration testing. We will cover software and hardware hacking techniques that can compromise IoT device components. This section is designed to be highly practical, featuring hands-on labs that will enhance your skills and understanding.
  • Pentesting Methodology – 0h15
    • Goal:
      • Introduce a structured pentesting methodology. We’ll start from the bottom up, utilizing a diagram to guide us through the process. This methodology involves exploring hardware communication protocols, extracting and reverse engineering firmware and looking for web vulnerabilities. We will illustrate this methodology with real-world examples, including IP cameras, routers and other devices.
  • Exploring IoT Devices’ Hardware – 2h
    • Goal:
      • Learn to identify components in an embedded system, make informed assumptions about functional blocks, and create comprehensive documentation for better understanding interconnections during testing.Introduction
    • Information gathering (FCC etc.)
    • Reconnaissance (chips etc.)
    • Common communication interfaces
    • Hands-on (Study case: commercial IoT devices)
      • Recon: power domain, chips, memory block, comm interfaces etc.
      • Sniffing communication interfaces
      • Documenting your findings
    • Fixing Vulnerabilities
  • Analyzing and Exploiting Firmware – 3h
    • Goal:
      • In this section, we’ll dive into two distinct scenarios: Linux-based firmware and bare-metal firmware with an ARM architecture. For Linux-based firmware, we’ll cover the critical aspects of extracting, analyzing, tampering with, and ultimately fixing vulnerabilities within the firmware. On the other hand, for bare-metal systems, we’ll focus on the essentials of extracting firmware, conducting a thorough analysis, and addressing vulnerabilities to enhance security.
    • Analysis methodology
    • Hands-on
      • Pentesting the firmware (Study case: commercial IoT device)
        • Linux-based
          • Extracting
          • Analysing
          • Tampering
          • Fixing Vulnerabilities
        • Bare-metal (ARM architecture)
          • Extracting
          • Analysin
          • Fixing Vulnerabilities
  • Exploitation of Embedded Web Applications – 6h
    • Goal:
      • Explains the different types of embedded web applications and how to discover exploitable vulnerabilities to gain remote control of an IoT device.
    • Introduction
    • Methodology
    • Tools
    • Hands-on (practical labs)
      • Reconnaissance
      • Scan
      • Enumeration
      • Searching for vulnerabilities
      • Using Burp Suite
      • Using OWASP ZAP
      • Exploiting OWASP IoT top 10 vulnerabilities
      • Study case: Commercial IoT Device
      • Documenting your findings