Login
Attify/Offensive IoT Exploitation
Buy now

  • $999

Offensive IoT Exploitation

A Step-By-Step Guide to Learning Practical and Hands-on Internet of Things (IoT) Pentesting and Exploitation
Buy now

Table of contents

Introduction to IoT Security

Introduction
IoT 101
IoT Security Case Studies
Ninja Recon Technique

Firmware Analysis and Exploitation

Getting started with Firmware
Extracting file system from Firmware
Automated File System Extraction using Binwalk
Hidden Certificates inside Firmware
Preview
Hardcoded Telnet Credentials inside Firmware
Additional Firmware analysis - password protected firmware
Reversing Binaries using Hopper
Working with Encrypted Firmware Binaries
Emulating IoT Firmware Binaries
Debugging Emulated Binaries
Full Firmware Emulation with FAT
Backdooring Firmware Binaries
Firmware Patching
Firmware Patching - Hands On

Conventional Attack Techniques

Attacking Web Apps
Performing Command Injection
Diffing based vulnerabilities
Getting started with SmartPlug
Additional mobile application analysis
Reversing Encryption
Using Frida for App Analysis
Smart Plug Hacking
Orvibo Smart Plug Hacking
Native library analysis using Ghidra

Binary Exploitation for IoT Devices

Intro to Binary Exploitation & ARM
ARM Instruction Sets and Addressing Modes
Using GDB to analyze ARM Binaries
ARM Mode and Thumb Mode
Manipulating Program Execution
Reversing Binary and Understanding Disassembly
ROP Based Exploitation for ARM
ARM Exploitation on Real World Firmware
Writing Shellcodes for ARM
Binary Exploitation on MIPS - A Short Overview

Hardware/Embedded Hacking for IoT Devices

Introduction to Hardware Hacking
Analyzing Circuit Boards (PCB Recon)
PCB Reconnaissance Continued
Performing Pin Tracing (Analyzing Tracks)
Serial Communication Interfaces and Introduction to UART
Exploiting an IP Camera
NAND Glitching
Introduction to JTAG
Identifying JTAG pinouts with Arduino Nano and JTAGEnum
Using JTAGulator to identify JTAG pinouts
Connections for JTAG
JTAG Debugging with Attify Badge
Flashing new firmware using JTAG
Reading Memory Contents using JTAG
Dumping data using JTAG
Connections for the Final Exercise
JTAG Authentication Bypass Walkthrough
Serial Peripheral Interface (SPI) Communication
SPI Flash Firmware Dumping
Logic and Bus Sniffing

Software Defined Radio and Radio Communications for IoT

Introduction to Software Defined Radio (SDR)
Common Radio Terminologies
Getting Started With RTL-SDR
Working with GNURadio
Sending Data with a 433 MHz transmitter
Identifying Exact frequency using GQRX
Decoding a 433 MHz signal

Bluetooth Low Energy (BLE)

Introduction to Bluetooth Low Energy
BLE Device Recon
Analyzing a BLE device
Getting started with ESP32 for BLE Security Research
Exploring BLE using ESP32
Sniffing BLE using Adafruit Sniffer
Sniffing BLE using Ubertooth sniffer
Exploiting a BLE Smart Lock
Getting started with BLE Smart Lock (OKLOK)
Reverse Engineering OKLOK with JADx and Frida
Smartlock BLE Traffic Capture and Analysis
Understanding the Smart Lock Logic
Smartlock Unlock Script and Mechanism

Zigbee

Introduction to ZigBee and Lab Setup
Sniffing and Dumping ZigBee packets
[DEMO] Attify Zigbee Framework - Sniff, Replay and Exploit ZigBee traffic in IoT devices

Offensive IoT Exploitation

At Attify, our mission is to build a future where IoT devices are secure. 

The Offensive IoT Exploitation training class is the go-to class for pentesters, security researchers, reverse engineers, bug bounty hunters and red teamers to build expertise in IoT security and exploitation. 

The training class has been taught by Attify at BlackHat, OWASP AppSec, many private training settings, and now in an e-learning self-paced format.

Some other courses we offer:  
Android+iOS App Exploitation
Offensive ARM Exploitation 
SDR for Pentesters

Reach out to discuss our private training offerings and benefits. 
Website