Practical IoT Hacking Training

5 Day Bootcamp
  • Hands-on Labs
  • Reversing fun
  • Getting familiar with the IoT security
  • This course will give you a direction to start performing pentests on IoT products

Class Overview

“The great power of Internet Of Things comes with the great responsibility of security”. Being the hottest technology, the developments and innovations are happening at a stellar speed, but the security of IoT is yet to catch up. Since the safety and security repercussions are serious and at times life threatening, there is no way you can afford to neglect the security of IoT products.

“Practical Internet of Things (IoT) Hacking” is a research backed and unique course which offers security professionals, a comprehensive understanding of the complete IoT Technology suite including, IoT protocols, sensors, client side, mobile, cloud and their underlying weaknesses. The extensive hands-on labs enable attendees to master the art, tools and techniques to find-n-exploit or find-n-fix the vulnerabilities in IoT, not just on emulators but on real smart devices as well.

The course focuses on the entire attack surface on current and evolving IoT technologies in various domains such as home, enterprise and Industrial Automation. It covers grounds-up on various IoT protocols including internals, specific attack scenarios for individual protocols and open source software/hardware tools one needs to have in their IoT penetration testing arsenal. We also discuss in detail how to attack the underlying hardware of the sensors using various practical techniques. In addition to the protocols and hardware we will extensively focus on reverse engineering mobile apps and native ARM/MIPS code to find weaknesses.

Throughout the course, We will use DRONA, a VM created by us specifically for IoT penetration testing. DRONA is the result of our R&D and has most of the required tools for IoT security analysis. We will also distribute DIVA – IoT, a vulnerable IoT sensor made in-house for hands-on exercises.

The “Practical Internet of Things (IoT) Hacking” course is aimed at security professionals who want to enhance their skills and move to/specialise in IoT security. The course is  structured for beginner to intermediate level attendees who do not have any experience in IoT, reversing or hardware.

Class Details

About The Trainer

Aseem Jakhar is the Director, research at Payatu Software Labs a boutique security testing company. He is well known in the hacking and security community as the founder of null -The open security community, registered not-for-profit organization and also the founder of nullcon security conference and security conference He has worked on various security software including UTM appliances, messaging/security appliances, anti-spam engine, anti-virus software, Transparent HTTPS proxy with captive portal, bayesian spam filter to name a few. He currently spends his time researching on IoT security and hacking things. He is an active speaker and trainer at security conferences like AusCERT, Black Hat, Brucon, Defcon,, Hack in Paris, PHDays and many more. He is the author of open source Linux thread injection kit – Jugaad and Indroid which demonstrate a stealthy in-memory malware infection technique. He has also authored an open source App  DIVA (Damn Insecure and Vulnerable App) for Android which gamifies Android App vulnerabilities and is used for learning Android Security issues.

What to expect

  • Hands-on Labs
  • Reversing fun
  • Getting familiar with the IoT security
  • This course will give you a direction to start performing pentests on IoT products

What not to expect

  • Becoming a hardware/IoT hacker overnight. Use the knowledge gained in the training to start pentesting IoT devices and sharpen your skills.

Class Content

  • Introduction to IOT
  • IOT Architecture
  • Identify attack surfaces

  • IoT hardware Overview
  • Introduction to hardware
    • Components
      • PCB
      • Resistors, Capacitors, Inductors, crystal etc
      • Memory chips
      • Vcc & Gnd
      • DC/AC Voltage
    • Memory
      • CMOS
      • SRAM
      • EEPROM
      • FLASH
    • Packages
      • Through hole
      • Surface mount
      • Ball Grid Array
  • Hardware Tools
    • Bus Pirate
    • Jtagulator/Jtagenum
    • Logic Analyzer
  • Attacking Hardware Interfaces
    • Hardware Reconnaissance
      • Analyzing the board
      • Datasheets
    • I2C
      • Introduction
      • I2C Protocol
      • Interfacing with I2C
      • Manipulating Data via I2C
      • Sniffing run-time I2C communication
    • SPI
      • Introduction
      • PI Protocol
      • Interfacing with SPI
      • Manipulating data via SPI
      • Sniffing run-time SPI communication
    • UART
      • What is UART
      • Identifying UART interface
        • Method 1
        • Method 2
      • Accessing sensor via UART
    • JTAG
      • Introduction
      • Identifying JTAG interface
        • Method 1
        • Method 2
      • Run-time analysis and data extraction with openocd
  • Side channel attacks
    • Clock Glitch Attack
    • VCC Glitch Attack
    • Timing Analysis with Power
    • Breaking AES with SCA
  • Firmware
    • Types
    • Firmware updates
    • Firmware analysis and reversing
    • Firmware modification
    • Firmware encryption
    • Simulating device environments
  • External Storage Attacks
    • Symlink files
    • Compressed files
  • Device Reconnaissance
  • Conventional Attacks
  • IoT Protocols Overview
  • MQTT
    • Introduction
    • Protocol Internals
    • Reconnaisance
    • Information leakage
    • Hands-on with open source tools
  • CoAP
    • Introduction
    • Protocol Internals
    • Reconnaissance
    • Cross-protocol attacks
    • Hands-on with open source tools
  • M2MXML
    • Introduction
    • m2mxml format
    • Security issues
  • Industrial IoT Protocols Overview
  • Modbus
    • Introduction and protocol Overview
    • Reconnaissance (Active and Passive)
    • Sniffing and Eavesdropping
    • Baseline Response Replay
    • Modbus Flooding
    • Modifying Coil and register
  • values of PLC
    • Rogue Interloper (PLC)
    • Hands-on with open source tools
  • CanBus
    • Introduction and protocol Overview
    • Reconnaissance (Active and Passive)
    • Sniffing and Eavesdropping
    • Replay Attack
  • Understanding Radio
    • Signal Processing
    • Software Defined Radio
    • Gnuradio
      • Introduction to gnuradio concepts
      • Creating a flow graph
      • Analysing radio signals
      • Recording specific radio signal
      • Replay Attacks
  • Radio IoT Protocols Overview
  • Zigbee
    • Introduction and protocol Overview
    • Reconnaissance (Active and Passive)
    • Sniffing and Eavesdropping
    • Replay attacks
    • Encryption Attacks
    • Packet Forging attack
    • Zigbee hardware analysis
    • Hands-on with RZUSBstick and open source tools
  • Bluetooth Classic and BLE
    • Introduction and protocol Overview
    • Reconnaissance (Active and Passive) with HCI tools
    • GATT service Enumeration
    • Sniffing GATT protocol communication
    • Reversing GATT protocol communication
    • Read and writing on GATT protocol
    • L2cap smashing
    • Cracking encryption
    • MITM attacks
    • Hands-on with open source tools
  • Mobile security (Android)
    • Introduction to Android
    • App architecture
    • Security architecture
    • App reversing and Analysis
    • Input validation attacks
    • Insecure Storage
    • Access control attacks
    • Hardcoding issues
  • ARM
    • Architecture
    • Instruction Set
    • Procedure call convention
    • System call convention
    • Reversing
    • Hands-on Labs
  • MIPS
    • Architecture
    • Instruction Set
    • Procedure call convention
    • System call convention
    • Reversing
    • Hands-on Labs


Who Should Take This Class?

Penetration testers tasked with auditing IoT
Bug hunters who want to find new bugs in IoT products
Government officials from defensive or offensive units
Red team members tasked with compromising the IoT infrastructure
Security professionals who want to build IoT security skills
Embedded security enthusiasts
IoT Developers and testers
Anyone interested in IoT security

Student Requirements

Basic knowledge of web and mobile security

Basic knowledge of Linux OS

Basic knowledge of programming (C, python) would be a plus

Hacking Training Classes

Lab-Based Training - Written by BlackHat Trainers – Available Globally

NotSoSecure classes are ideal for those preparing for CREST CCT (ICE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform Penetration Testing on infrastructure as a day job and wish to add to their existing skill set.

Download the NotSoSecure Hacking Classes Brochure

The Art of Hacking

The Art of Hacking


Infrastructure Hacking


Web Hacking

Other Specialist Classes

Advanced Infrastructure Hacking

AppSec for Developers

Practical IoT Hacking Training

Book Your Training

Working exclusively with 3 training delivery partners, NotSoSecure Hacking Training is available around the world.