" rel="stylesheet">
Skip Main Navigation
Page Content
This event has ended

Offensive Internet of Things Exploitation

Mossé Cyber Security Institute

Thursday, 22 October 2015 at 9:00 AM - Friday, 23 October 2015 at 6:00 PM (AEDT)

Ticket Information

Ticket Type Sales End Price * Fee Quantity
Early Bird: Single Ended $2,000.00 $0.00
Late Bird: Single Ended $2,300.00 $0.00
Early Bird: Package Deal Ended $8,000.00 $0.00
Late Bird: Package Deal Ended $9,200.00 $0.00
* Prices include GST

Share Offensive Internet of Things Exploitation

Event Details

Abstract

IoT or the Internet of Things is one of the most upcoming trends in technology as of now. A lot many new devices are coming up every single month. However, not much attention has been paid to the device's security till now. "Offensive IoT Exploitation" is a brand new and unique course which offers penetration testers the ability to assess and exploit the security of these smart devices.

The training will cover different varieties of IoT devices, assessing their attack surfaces and writing exploits for them. The 2-day class will be hands-on giving attendees the ability to try things themselves rather than just reading the slides. We will start from the very beginning discussing about the architecture of IoT devices, and then slowly moving to firmware analysis, identifying attack surface, finding vulnerabilities and then finally exploiting the vulnerabilities.

The course labs include both emulated environments as well as real live devices which will be provided to the attendees during the training. Custom VMs with pre- configured labs provided by the trainer will be used for the entire class.

Offensive IoT Exploitation is the course for you if you want to try exploitation on new hardware and find security vulnerabilities and 0-days in IoT devices.

At the end of the class, there will be a final CTF challenge where the attendees will have to identify security vulnerabilities and exploit them, in a completely unknown device.

Course Outline

Getting Started With IoT Security

  • Introduction to IoT
  • Security Architecture
  • Getting familiar with IoT Security and components
  • Case Studies of IoT vulnerabilities

Hardware Analysis

  • Hardware Hacking 101
  • Analyzing boards and components
  • Identifying Serial Interfaces
  • UART, SPI and JTAG Primer
  • Extracting firmware from a real device
  • Common Techniques to prevent hardware attacks
  • Bypassing hardware protections
  • Side Channel Attack Techniques

Firmware Analysis

  • Understanding File Systems
  • Firmware Extraction Techniques
  • Analyzing and Backdooring Firmwares
  • Simulating and Running firmwares and binaries
  • Debugging firmware binaries
  • Identifying vulnerabilities in firmwares

Exploitation

  • ARM Architecture Introduction
  • Registers and Flags
  • Disassembling and Debugging Binaries
  • Common Exploitation Techniques
  • Ret2Libc Techniques for ARM based architectures
  • Gadget hunting and chaining
  • ROP Exploitation

Mobile Application Hacking

  • Introduction to Android and iOS App Security
  • Reversing and Analyzing Android Applications
  • Real time Debugging Android applications
  • Analyzing Native code and libraries for security issues
  • Automating Application Analysis
  • iOS App Reversing and Decryption
  • Runtime Manipulation of iOS applications
  • Obfuscation techniques and bypassing protections

Radio Hacking

  • Getting started with SDR
  • Radio Interfaces and Architecture
  • Setting up the pentesting lab for Radio Hacking
  • Getting familiar with GNURadio and other tools
  • Capturing and Streaming Radio signals
  • Overview of Bluetooth and Wifi connections
  • Attacking BLE and Wifi

Prerequisite

No prior vulnerability discovery or exploitation experience is necessary.

Hardware Requirements

  • Minimum 2GB RAM and 20 GB free Hard Disk space
  • Android (preferably Rooted) >= 2.3
  • iPhone/iPad/iPod (optional, as we will be providing individual iOS based devices for each participant during the training)

Software Requirements

  • Windows XP SP2/3, Windows 7/8 or *Nix
  • Mac OSX 10.5+ (compulsory for iOS Exploitation or a OSX VM)
  • Administrative privileges on your laptop
  • Virtualization Software
  • Custom VM labs will be provided for exploitation
  • SSH Client

About Your Trainer

Aditya Gupta is a leading mobile and Internet of Things security expert. Apart from being the lead developer and co-creator of Android Framework for Exploitation, he has done a lot of in-depth research on the security of mobile devices and IoT - including Android, iOS and Blackberry, as well as BYOD Enterprise Security.

As well as mobile security and IoT research, Aditya has also discovered serious web application security flaws in websites such as Google, Facebook, PayPal, Apple, Microsoft, Adobe, Skype and many more.

Previous training and talks on Mobile and IoT Security have also been given at various national and international conferences such as Syscan, Toorcon, OWASP AppSec, BlackHat, ClubHack, Nullcon, and ISACA.

Who Should Attend?

  • Mobile and Internet of Things Application Developers
  • Penetration Testers
  • Penetration Testing Managers
  • Anyone who wants to take their skills to the next level
Have questions about Offensive Internet of Things Exploitation? Contact Mossé Cyber Security Institute

When & Where


Mossé Security
454 Collins St
Melbourne, VIC 3000
Australia

Thursday, 22 October 2015 at 9:00 AM - Friday, 23 October 2015 at 6:00 PM (AEDT)


  Add to my calendar
Offensive Internet of Things Exploitation
Melbourne Events Class Science & Tech

Please log in or sign up

In order to purchase these tickets in installments, you'll need an Eventbrite account. Log in or sign up for a free account to continue.