Offensive Internet of Things (IoT) Exploitation is an in-depth course in IoT security and teaches you how to pentest and exploit the so-called “smart” devices. This online class is taught using practical, real world examples on how to to analyze and pentest hardware, firmware, software components, network communication, mobile apps used to control devices and their radio communication protocols.
– Aditya Gupta
Instructor, Offensive IoT Exploitation & Android for Pentesters
1. What is Offensive Internet of Things (IoT) Exploitation?
IoT is one of the hottest trends in technology right now! There seems to be an arms race between both consumer and industrial vendors to connect almost everything to the Internet – your fridge, thermostat, coffee machine, watch, shoes, dog’s collar and toaster are all included! This new frenzy to connect “everything” to the Internet is here to stay and we are already seeing millions of these “smart” devices in homes, offices and public areas.
During the previous “Mobile Application” age, security took a backseat and almost every other app was insecure to the most basic and embarrassing of vulnerabilities. Unfortunately, to our horror, this golden age of “IoT – smart devices” is no different!
The key challenge in learning how to pentest and secure IoT devices is understanding the complex interaction between hardware and firmware. This includes being able to find debug ports to connect to or even having the ability to read/write directly to a chip! This course will take you through this complex yet extremely interesting and exciting journey.
This course is beginner friendly and starts from the very basics of IoT devices and their security – how to get started? Hardware? Software? Tools? Techniques? Will all be answered. This training is ideal for penetration testers, security engineers, managers, bug bounty hunters and anyone interested in uncovering how “smart” these devices really are 🙂
2. Course Syllabus
A non-exhaustive list of topics to be covered include:
- Introduction to Offensive IoT Exploitation
- Mapping attack surface of an IoT device
- Firmware analysis – identifying hardcoded secrets
- Emulating firmware binary
- Backdooring a firmware
- Firmware emulation using FAT
- Web application security for IoT devices
- Burp 101
- Exploiting command injection
- CSRF and firmware diffing
- Conventional attack vectors – Password cracking
- Conventional attack vectors intro
- Analyzing smart plugs
- Controlling smart plug by defeating encryption
- ARM 101
- Buffer overflow on ARM
- Exploit writing on ARM
- Using radare2 for MIPS binary analysis
- Exploitation using GDB remote debugging on MIPS
- Introduction to UART
- Serial interfacing over UART
- NAND Glitching attack
- SPI and I2c – Getting started
- Dumping EEPROM data
- Identifying JTAG pinouts using Arduino
- Identifying pins using JTAGulator
- JTAG – Introduction and Getting started
- JTAG debugging
- Introduction to SDR and basic radio components
- Getting started with GNU Radio companion
- Decoding an AM signal
- Capturing FM signals using RTL-SDR
- Analyzing wireless doorbells using RTL-SDR
- Sensitive information extraction from Signal
- Introduction to Zigbee
- Sniffing and replaying data using Zigbee
This online course is based on the real world training class conducted at BlackHat 2016 & 2015 (SOLD OUT both years) by the author Aditya Gupta. It has been taught to over 600+ students so far at both public and private trainings.
3. Can I see some sample videos for the course?
The total duration of the course videos is 5+ HOURS of HD content with Full English Captions. The course is fully hands-on and you will be spending most of the time doing exercises with the instructor.
The course starts from the very basics and slowly takes you to more complicated topics, making it ideal for self-paced learning. Below are a couple of sample videos from the course:
4. What do I get as a registered student?
A registered student will get the following:
- HD Download of Course Theory Videos
- Full English Captions of the Videos
- PDF Slides of the full course
- All exercise files used in the course
- Certification Exam
- PDF copy of certificate if you pass the exam
Please note that there is no student forum associated with this low-priced course.
5. How many hours is the content and will it come with captions/subtitles?
5+ hours of video content. Yes, it will have subtitles.
6. Is this Course for Novices or only for Experts?
This course is for both, novices and experts.
7. Student Testimonials
Aditya Gupta, the author, has already conducted this course at conferences and private in-person trainings around the world! Here is what his students have to say about the course:
“I came to the training with very less practical knowledge about IoT pentesting or security. But the great structure of the class, and the technical and hands-on exercises made sure that the entire spectrum of IoT security is covered with practical labs. Aditya comes as a great instructor with obviously tremendous insight and first-hand experience of IoT security vulnerabilities present in real-world devices. I would rate the course as 10/10 and definitely one of the best training I have attended this year.”
– Jesús Peña García, Founder, BitBank
“Aditya’s training was excellent and well exceeded my already high expectations. The course was quite well-paced including a good mix of hands-on exercises and theoretical sessions. With all the hardware, firmware, software and radio topics involved, it was a ton of amazing content for the training. The great organization of the VM and lab manuals made everything work flawlessly! Will recommend this training to anyone and everyone who is interested in IoT pentesting.”
– Kavya Racharla, Intel US Security team
8. Why Choose SecurityTube Certifications?
Our Certifications are taken by students from over 90+ countries and are Globally recognized. The Flags in the image to the left are countries from where our students belong. In addition, SecurityTube Certifications provide:
- High Quality Content at an Affordable Cost
- The most Comprehensive Course Coverage in the Industry
- Uses Open Content for Course Evaluation
- Concept Oriented, Practical Content rather than only Theory
9. Course Instructor
Aditya Gupta (@adi1391) is the founder and principal consultant of Attify, an IoT and mobile security firm, and a leading IoT and mobile security expert and evangelist. He has an Electronics engineering and Embedded background by education. He has done a lot of in-depth research on mobile application security and IoT device exploitation, and is the creator of the Offensive IoT Exploitation course. He is also the author of the popular Android security book “Learning Pentesting for Android Devices” that sold over 15,000 copies, since it was published in March 2014.
He has also discovered serious web application security flaws in websites such as Google, Facebook, PayPal, Apple, Microsoft, Adobe and many more. He has also published a research paper on ARM Exploitation titled “A Short Guide on ARM Exploitation.”
In his previous roles, he has worked on mobile security, application security, network penetration testing, developing automated internal tools to prevent fraud, finding and exploiting vulnerabilities and so on.
He is also a frequent speaker and trainer at numerous international security conferences including Black Hat, Defcon, Syscan, OWASP AppSec, PhDays, Brucon, Toorcon, Clubhack amongst others, and also provides private and customized training programmes for organizations.
10. Course Enrollment and Payment
Buy now with Paypal!
If you cannot use Paypal, please drop us an email at feedback @ binarysecuritysolutions.com for alternate options for payment.
11. Contact Us
We have compiled a FAQ below:
1. What is the course duration? when does it start / stop ?
The Offensive IoT Exploitation course is completely self paced. There is no duration of the course or expiry period. You can download all the course material from the students portal and watch at your own convenience.
2. What is your Refund Policy?
A: Once a course is purchased, no refund is possible. Our goods are digital (course videos, PDF copy of course slides) and once a student has downloaded them, he has full access to our copyrighted material. We would recommend you have a look at the FREE videos we have given out to access the quality of our course material and instructors before making a decision.
Please use the form below if you have any additional questions not answered by this page and we will get back to your ASAP: