Black Hat USA 2015 – Offensive IoT Exploitation

1 August 2015 08:00 - 6 August 2015 17:00

IoT or the Internet of Things is one of the most upcoming trends in technology as of now. A lot many new devices are coming up every single month. However, not much attention has been paid to the device’s security till now. “Offensive IoT Exploitation” is a brand new and unique course which offers pentesters the ability to assess and exploit the security of these smart devices.

The training will cover different varieties of IoT devices, assessing their attack surfaces and writing exploits for them. The 2-day class will be hands-on giving attendees the ability to try things themselves rather than just watching the slides. We will start from the very beginning discussing about the architecture of IoT devices, and then slowly moving to firmware analysis, identifying attack surface, finding vulnerabilities and then finally exploiting the vulnerabilities.

The course labs include both emulated environments as well as real live devices which will be provided to the attendees during the training. Custom VMs provided by the trainer will be used for the entire class. After the 2-days class, the attendees will be able to:

  •     Extract and ananlyze device firmwares
  •     Analysis using IDA pro
  •     Get familiar with UART, SPI and JTAGs
  •     Hardware and Software Debugging
  •     Identify attack surfaces and write fuzzers
  •     Specific Web and Mobile based vulnerabilities
  •     Familiarity with NFC, Bluetooth, RFID
  •     Write exploits for the platforms
  •     Bypass security mitigations

Offensive IoT Exploitation is the course for you if you want to try exploitation on new hardwares and find security vulnerabilities and 0-days in IoT devices. At the end of the class, there will be a final CTF challenge where the attendees will have to identify security vulnerabilities and exploit them, in a completely unknown device.

Who Should Take this Course

  •     Pentesters/security professional
  •     Embedded security enthusiast
  •     Anyone interested to learn IoT device pentesting

Student Requirements

  •     Basic knowledge of web and mobile security
  •     Assembly basics for ARM
  •     Overflow based exploitation basics

What Students Should Bring

  •     Laptop with at least 25 GB free space
  •     2 GB minimum RAM
  •     External USB access
  •     Administrative privileges on the system
  •     Virtualization software

What Students Will Be Provided With

  •     IoT devices
  •     Custom IoT pentesting VM
  •     Printed lab reference material and handouts
  •     600+ slides (PDF Copy)

More details about the event can be found at: