2-DAY TRAINING 2: Practical IoT Hacking


CAPACITY: 20 pax


EUR1599 (early bird)

EUR1999 (normal)

Early bird registration rate ends on the 13th of January


“The great power of Internet Of Things comes with the great responsibility of security”. Being the hottest technology, the developments and innovations are happening at a stellar speed, but the security of IoT is yet to catch up. Since the safety and security repercussions are serious and at times life threatening, there is no way you can afford to neglect the security of IoT products.

“Practical Internet Of Things Hacking” is a research backed and unique course which offers security professionals, a deep understanding of the core of IoT Technology and the underlying vulnerabilities. The extensive hands-on labs enable attendees to master the art, tools and techniques to find-n-exploit or find-n-fix the vulnerabilities in IoT, not just on emulators but on real smart devices as well.

The course specifically focuses on the security issues and attacks on evolving IoT technologies including widely used IoT protocols and platforms in various domains such as home, enterprise and Industrial Automation. It covers grounds-up on various IoT protocols including internals, specific attack scenarios for individual protocols and open source software/hardware tools one needs to have in their IoT penetration testing arsenal. We also discuss in detail how to attack the underlying hardware of the sensors and the connected mobile apps using various practical techniques.

Throughout the course, We will use DRONA, a VM created by us specifically for IoT penetration testing. DRONA is the result of our R&D and has most of the required tools for IoT security analysis. We will also distribute DIVA – IoT, a vulnerable IoT sensor made in-house for hands-on exercises.

The “Practical IoT Hacking” course is aimed at security professionals who want to enhance their skills and move to/specialise in IoT security. The course is structured for beginner to intermediate level attendees who do not have any experience in IoT, reversing, mobile security or hardware.

Who Should Attend

  • Penetration testers tasked with auditing IoT
  • Bug hunters who want to find new bugs in IoT products
  • Governmentofficialsfromdefensiveoroffensiveunits
  • Red team members tasked with compromising the IoT infrastructure
  • Security professionals who want to build IoT security skills
  • Embedded security enthusiasts
  • IoT Developers and testers
  • Anyone interested in IoT security

Prerequisite Knowledge

  • Basic knowledge of web and mobile security
  • Basic knowledge of Linux OS
  • Basic knowledge of programming (C, python) would be a plus

Hardware / Software Requirements

  • Laptop with at least 40 GB free space
  • 4+ GB minimum RAM (2+GB for the VM)
  • External USB access
  • Administrative privileges on the system
  • Virtualization software – VirtualBox 5.X
  • Linux machines should have exfat-utils and exfat-fuse installed (ex: sudo apt-get install exfat-utils exfat-fuse)
  • Virtualization (Vx-t) option enabled in the BIOS settings for virtualbox to work

Agenda – Day 1

• Introduction to IOT
• IOT Architecture
• Identify attack surfaces

IoT Protocols Overview


• Introduction
• ProtocolInternals
• Reconnaisance
• Information leakage
• Hands-on with open source tools

• CoAP

• Introduction
• ProtocolInternals
• Reconnaissance
• Cross-protocol HTTP attacks
• Hands-on with open source tools


• Introduction
• m2mxmlformat
• Security isssues

Industrial IoT Protocols Overview

• Modbus

• Introduction and protocol Overview
• Reconnaissance (Active and Passive)
• Sniffing and Eavesdropping
• Baseline Response Replay
• Modbus Flooding
• Modifying Coil and register values of PLC
• Rogue Interloper (PLC)
• Hands-on with open source tools

• S7comm

• Introduction and protocol Overview
• Reconnaissance (Active and Passive)
• Sniffing and Eavesdropping
• Uploading and downloading PLC programes
• Start and Stop plc CPU
• Dumping and analysis of Memory
• Hands-on with open source tools

• CanBus

• Introduction and protocol Overview
• Reconnaissance (Active and Passive)
• Sniffing and Eavesdropping
• Replay Attack
• Packet Forging attack
• Hands-on with open source tools

Understanding Radio

• SignalProcessing
• Software Defined Radio


• Introduction to gnuradio concepts
• Creating a flow graph
• Analysing radio signals
• Recording specific radio signal
• Replay Attacks

• Reverse engineering OOK radio signals to extract communication data
• Generating a signal
• Hands-on with a wireless key fob and/or door bell

Radio IoT Protocols Overview


• Introduction and protocol Overview
• Reconnaissance (Active and Passive)
• Sniffing and Eavesdropping
• Replay attacks
• Encryption Attacks
• Packet Forging attack
• Zigbee hardware analysis
• Hands-on with RZUSBstick and open source tools

Agenda – Day 2

• Introduction to IoT Sensor hardware
• DeviceReconnaissance
• ConventionalAttacks


• Types
• Firmware analysis and reversing
• Firmware modification
• Simulating device environments

External Storage Attacks

• Symlink files
• Compressed files

Hardware Tools

• BusPirate
• Jtagulator
• Logic Analyzer

Attacking Hardware Interfaces

Hardware Components Reconnaissance

• WhatisUART
• Identifying UART interface
• Method 1
• Method 2
• Accessing sensor via UART


• Introduction
• I2C Protocol
• Interfacing with I2C
• Manipulating Data via I2C
• Sniffing run-time I2C communication


• Introduction
• SPI Protocol
• Interfacing with SPI
• Manipulating data via SPI
• Sniffing run-time SPI communication


• Introduction
• Identifying JTAG interface • Method 1
• Method 2
• Run-time analysis and data extraction with openocd


• Clock Glitch Attack
• VCC Glitch Attack


Location: Training Rooms Date: April 11, 2017 Time: 9:00 am - 6:00 pm Aseem Jakhar