“The great power of Internet Of Things comes with the great responsibility of security”. Being the hottest technology, the developments and innovations are happening at a stellar speed, but the security of IoT is yet to catch up. Since the safety and security repercussions are serious and at times life threatening, there is no way you can afford to neglect the security of IoT products.
“Practical Internet of Things (IoT) Hacking” is a research backed and unique course which offers security professionals, a comprehensive understanding of the complete IoT Technology suite including, IoT protocols, sensors, client side, mobile, cloud and their underlying weaknesses. The extensive hands-on labs enable attendees to master the art, tools and techniques to find-n-exploit or find-n-fix the vulnerabilities in IoT, not just on emulators but on real smart devices as well.
The course focuses on the entire attack surface on current and evolving IoT technologies in various domains such as home, enterprise and Industrial Automation. It covers grounds-up on various IoT protocols including internals, specific attack scenarios for individual protocols and open source software/hardware tools one needs to have in their IoT penetration testing arsenal. We also discuss in detail how to attack the underlying hardware of the sensors using various practical techniques. In addition to the protocols and hardware we will extensively focus on reverse engineering mobile apps and native ARM/MIPS code to find weaknesses.
Throughout the course, We will use DRONA, a VM created by us specifically for IoT penetration testing. DRONA is the result of our R&D and has most of the required tools for IoT security analysis. We will also distribute DIVA – IoT, a vulnerable IoT sensor made in-house for hands-on exercises.
The “Practical Internet of Things (IoT) Hacking” course is aimed at security professionals who want to enhance their skills and move to/specialise in IoT security. The course is structured for beginner to intermediate level attendees who do not have any experience in IoT, reversing or hardware.
Aseem Jakhar is the Director, research at Payatu Software Labs payatu.com a boutique security testing company. He is well known in the hacking and security community as the founder of null -The open security community, registered not-for-profit organization http://null.co.in and also the founder of nullcon security conference nullcon.net and hardwear.io security conference http://hardwear.io He has worked on various security software including UTM appliances, messaging/security appliances, anti-spam engine, anti-virus software, Transparent HTTPS proxy with captive portal, bayesian spam filter to name a few. He currently spends his time researching on IoT security and hacking things. He is an active speaker and trainer at security conferences like AusCERT, Black Hat, Brucon, Defcon, Hack.lu, Hack in Paris, PHDays and many more. He is the author of open source Linux thread injection kit – Jugaad and Indroid which demonstrate a stealthy in-memory malware infection technique. He has also authored an open source App DIVA (Damn Insecure and Vulnerable App) for Android which gamifies Android App vulnerabilities and is used for learning Android Security issues.
Penetration testers tasked with auditing IoT
Bug hunters who want to find new bugs in IoT products
Government officials from defensive or offensive units
Red team members tasked with compromising the IoT infrastructure
Security professionals who want to build IoT security skills
Embedded security enthusiasts
IoT Developers and testers
Anyone interested in IoT security
Basic knowledge of web and mobile security
Basic knowledge of Linux OS
Basic knowledge of programming (C, python) would be a plus
Lab-Based Training - Written by BlackHat Trainers – Available Globally
NotSoSecure classes are ideal for those preparing for CREST CCT (ICE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform Penetration Testing on infrastructure as a day job and wish to add to their existing skill set.
Working exclusively with 3 training delivery partners, NotSoSecure Hacking Training is available around the world.