IOT Professional

Who can Join this training?

IOT Security is a unique course designed  the ability to evaluate the security of these smart devices. This course is ideal for those who wants to understand the security issues associated with IOT , Exploitation techniques and enabling them to make better decisions when building, deploying and assessing IOT technologies

Introduction to Internet of things
  • Introduction of internet of things
  • IOT Architecture layers
  • IOT devices and technology
  • IOT  Protocols suite
  • IOT network architechure
  • IOT Applications & Insecuritites 
IOT Fundamentals
  • OWASP IOT top 10 & Standerds
  • IOT attack surface areas
  • IOT Hardware &  components
  • Tools & Techniques
  • Hardware Communication Protocols
  • Embedded devices enumeration
  • Analyzing the interfaces and pinouts
  • Conventional Attack Vectors
Radio Communication Analysis
  • Introduction to Radio Communication Analysis
  • Types of radio frequency modules
  • Wireless Protocols in radio frequency Modules
    • BLE,
    • ZigBee
    • 6LoWPAN
    • zWave
    • LoRa and Others
  • Sniffing the radio packets
  • Jamming based attacks
  • BLE in IoT devices
    • Sniffing BLE packets
    • Modifying and sending own packets
    • Taking over an IoT device using BLE
  • ZigBee – Versions and Security Issues
    • Zigbee packet sniffing
    • Replaying Zigbee packets
    • Additional exploitation possibilities in Radio
  • PII security analysis
IOT hardware exploitation

• Analyzing Boards and chipsets
• Identifying Serial Interfaces and Pinouts
• UART Introduction and Interaction
• Serial to Root
• Introduction to SPI Flash
• Dumping Firmware from a Real Device
• JTAG – Introduction and finding pinouts
• JTAG Enabling and Exploitation
• Bypassing authentication using JTAG debugging
• Firmware Dumping – via UART and JTAG Debug
• USB Based Attack Vectors
• Fuzzing IoT Devices
• Side Channel and Timing Based Attacks overview
• Industrial Grade IoT Ecosystem and Security Issues
• Hardware Protections

IOT Web , Cloud & Mobile insecurities
  • Message Queue Telemetry Transport (MQTT)
  • Constrained Application Protocol (COAP)
  • Understanding COAP with Wireshark
  • Web dashboard vulnerbilites
    • Injection attacks,
    • XSS
    • IDOR
    • Authorization issues
    • Authentication issues
    • Input validation attacks
  • Mobile application security issues identification
  • Introduction to Android Native Devices
  • Exploitation for Android and iOS
    • Platform related security issues
    • App reversing
    • Binary instrumentation
    • local storage issues
    • Beyond attacks
  • API based security issues
  • Cloud-based and vulnerabilities in the backend systems
Countermeasures
  • How to Defend Against IoT Hacking
  • General Guidelines for IoT Device Manufacturing Companies
  • OWASP Top 10 IoT Vulnerabilities Solutions