IoT Security Bootcamp

This hands-on IoT hacking class covers all aspects of IoT Security - from the technologies and testing methodologies to the vulnerabilities. The main focus is offensive security: attacking and testing the devices and platforms. We first cover the basics and lay out the ground with concepts before diving into the actual hacking. This provides the understanding of what and why the things can be hacked, with a good mix of knowledge and learning-by-doing or in this case learning-by-hacking.

Students will receive a free IoT hacking kit (hardware with a value of +300 Euros), which contains the tools and some vulnerable devices used in class, so that they can continue sharpening their skills or hack devices after the event.

Benefits

After the class, the attendees will be able to:

  • evaluate the security of different IoT architectures, 
  • identify the attack surface, 
  • have knowledge of security testing methodologies and how to use them, 
  • dump, extract and analyze device firmware, 
  • hack UART, SPI, I2C and JTAGs, 
  • debug and attack hardware and software, 
  • analyze protocols, 
  • attack radio and wireless communications like BLE, Zigbee, and custom protocols and much more.

Content

Day 1

  • IoT Security Concepts
- Evaluate the security of different IoT architectures
- Identify the attack surface
  • IT and IoT Pentest methodologies and frameworks
  • Bluetooth: classic and BLE
- Concepts
- Sniffing
- MiTM attacks and proxy attacks


Day 2

  • Firmware
- Definitions
- Dump, extract and analyze device firmware
- Emulate parts of an entire firmware
- Adding a backdoor and re-building firmware
  • Hardware and debugging interfaces
- Electronics 101
- Serial interfaces: UART, SPI, I2C and JTAG
- Extracting firmware and data from EEPROM chips
- JTAG debugging, exploitation


Day 3

  • Software defined radio
- Concepts
- Sniffing and reversing radio frequencies
- Working with 433 MHz: rx, tx, decoding
  • Zigbee
- Concepts
- Working with Zigbee: rx, tx, decoding
- Hacking Zigbee
  • Capture the Flag
- Hack a read IoT device

Target group

  • Security professionals
  • IT professionals
  • Embedded security enthusiasts
  • All kinds of professionals with understanding of IT or hacking
  • Anyone interested in learning IoT device hacking

Pre-requisites

  • Laptop with at least 50 GB free space and at least 8 GB RAM, external USB access (3 ports), Virtualization software (Virtualbox or VmWare)
  • Basic knowledge of Linux or UNIX (especially bash) is always an advantage.

At a glance

  • Form of learning: Classroom training
  • Location: München-Flughafen
  • Language: English

Date

On request

Duration. 3 days

Costs

2.490,- € plus 19% VAT

Price includes event attendance, food and drinks during the event.

Location

  • ISH - Information Security Hub

  • Street Südallee 1 
  • Zip code / City 85356   München-Flughafen

Contact

Team International Training

AirportAcademy - Munich Airport