Login
Attify/IoT Exploitation Learning Kit by Attify
Buy now

IoT Exploitation Learning Kit by Attify

IoT Exploitation Kit - Demo Videos
Buy now

Overview

Video walkthroughs of the labs in the IoT Exploitation Learning Kit.

Contents

Getting Started

Introduction
Exploring the kit
Labs
Download Links to VM and Exercises
Internet of Things
Attack Surface Mapping
Recon

Exploiting an IP Camera (UART)

Introduction to UART
UART Exploitation: Getting Shell access over Serial
v1:Cracking UART authentication
v1: Exploiting IP Camera via UART

SPI Exploitation

Reading the content of an IoT Device by accessing the flash chip over SPI communication protocol.
Hardware Required
Introduction to Serial Peripheral Interface (SPI)
Dumping firmware from the IPCamera

JTAG Exploitation

Installing required packages
Identifying JTAG pins with Arduino
Identifying pins with JTAGulator
Connections for JTAG
Using Attify Badge Tool to perform JTAG debugging
Connecting and Flashing vulnerable binary
Reading Data from Target device
Dumping entire data from the target device
Connections for the Final Exercise
Manipulating target runtime over JTAG

Logic Sniffing

Logic Sniffing

Software Defined Radio

Sending Data with 433 MHz and Arduino
Identifying target frequency
Decoding 433 MHz data

BLE Exploitation for IoT Devices

Getting started with ESP32 for BLE research
Exploring BLE using ESP32
Taking over Smart Bulb

Exploiting Smart Doorlock

Analyzing BLE Smart Lock (OKLOK)
Reverse Engineering and Frida analysis on OkLok
Smart Lock BLE Traffic Capture and Analysis
Understanding the Smart Lock Logic
Smartlock Unlock Script and Mechanism

Zigbee Analysis

Sniffing Zigbee traffic with Xbee

Hacking a Smart plug

Hacking a Smart Plug - Introduction
Orvibo Smart Plug Hacking

Videos from earlier versions of IoT Exploitation Learning Kit

Many labs have been updated in the recent versions of IoT Kit. If you have a kit that is before 2022, or before 2019, some of the videos from those sections have been added here.

If you have a kit delivered after Jan 2022, still feel free to have a look at these videos to get an idea about the ways to assess and compromise some more IoT devices.

Reading and Writing to SPI Flash chips (For kits till mid-2020)
Dumping Firmware using SPIFlash.py on WRTNode (2018 Edition)
Analyzing Beacon using BLE dongle
Taking over Smart Lock
(v1) Mobile app and Firmware analysis
(v1) Cracking password of the smart plug
(v1) Controlling Smart Plug

Offensive IoT Exploitation

At Attify, our mission is to build a future where IoT devices are secure. 

The Offensive IoT Exploitation training class is the go-to class for pentesters, security researchers, reverse engineers, bug bounty hunters and red teamers to build expertise in IoT security and exploitation. 

The training class has been taught by Attify at BlackHat, OWASP AppSec, many private training settings, and now in an e-learning self-paced format.

Some other courses we offer:  
Android+iOS App Exploitation
Offensive ARM Exploitation 
SDR for Pentesters

Reach out to discuss our private training offerings and benefits. 
WebsiteMail

Get the inside scoop

Get product updates, launch info, and special deals by signing up for my product newsletter.

You're signing up to receive emails from Attify