Practical Hands-on Internet of Things Hacking - 2017 Edition (2 of 2 days)

Presented at AppSec USA 2017, Sept. 20, 2017, 9 a.m. (480 minutes)

Practical Hands-on Internet of Things Hacking is an updated version of our previous year class ran at OWASP AppSec US. We received some great feedback with our class, and decided to take it a step further and redesign the course from the ground up and include tons of new material including medical utilities, smart locks, smart home systems, newer radio protocols, advanced exploitation techniques, new exercises on BLE and lots more   Practical Hands-on Internet of Things Exploitation is the course for you in case you would like to perform real-world pentest on IoT and smart devices. This "new version" of the course takes a practitioner approach, focusing on how to deal with the IoT devices in a real-world scenario, and not just from a research perspective.   Some of the things that we will perform (in an extremely hands-on nature) in this training are:   [+] Attacking IoT devices through hardware and embedded exploitation techniques [+] Firmware reversing, emulation and binary exploitation [+] Hands-on labs on serial interfaces - UART, SPI and I2C [+] JTAG debugging, exploitation and advanced techniques for extracting data [+] Sniffing BLE, Zigbee and other radio communications [+] Writing own GNURadio processing blocks to decode radio information [+] Taking over smart home systems [+] Remote and Local Exploitation for IoT devices [+] Attacking a smart home and smart enterprise network And much more.   Want to learn how to attack an IoT infrastructure or individual devices? You will walk out of the 2-day class having learnt new skills which you could immediately apply in your job/research roles. Come join the course and experience the fast-paced, action-packed IoT Exploitation class.   Note: There is an additional $200 fee for the IoT hacking kit - which includes Attify Badges and custom vulnerable IoT device prepared by us, and an author signed copy of the IoT Hackers Handbook, and additional utilities for other IoT exploitation techniques.

Presenters:

• Aditya Gupta - Founder and CEO - Attify
  Aditya Gupta (@adi1391) is the founder and principal consultant of Attify, an IoT and mobile penetration testing and training firm, and a leading IoT security expert and evangelist. He has done a lot of in-depth research on mobile application security and IoT device exploitation. He is also the author of the popular books such as "Learning Pentesting for Android Devices" and upcoming books on IoT Exploitation. He has also discovered serious web application security flaws in websites such as Google, Facebook, PayPal, Apple, Microsoft, Adobe and many more. He has also published a research paper on ARM Exploitation titled "A Short Guide on ARM Exploitation." In his previous roles, he has worked on mobile security, application security, network penetration testing, developing automated internal tools to prevent fraud, finding and exploiting vulnerabilities and so on. He is also a frequent speaker and trainer at numerous international security conferences including Black Hat, Defcon, Syscan, OWASP AppSec, PhDays, Brucon, Toorcon, Clubhack amongst others, and also provides private and customized training programmes for organizations.

Links:

• https://appsecusa2017.sched.com/event/BN81/practical-hands-on-internet-of-things-hacking-2017-edition-2-of-2-days

Similar Presentations:

• TROOPERS17 (2017) / What happened to your home? IoT Hacking and Forensic with 0-day
• THOTCON 0xA (2019) / When Refrigerators Attack - Defending (and weaponizing) IoT
• AppSec USA 2017 / Practical Hands-on Internet of Things Hacking - 2017 Edition (1 of 2 days)