Intro to IoT Hacking with Rick Wisser and Dave Fletcher
Overview
- Course Length: 16 hours
- Support from expert instructors
- Includes a certificate of completion
- 12 months access to Cyber Range
As we move further and further into the age of the Internet of Things (IoT) we are increasingly surrounded by devices that collect, analyze, and share information about the world around us.
IoT devices are currently being developed and deployed to optimize processes, analyze natural phenomenon, diagnose and treat medical conditions, automate mundane tasks, and create additional conveniences for the human race. Some of these devices simply over share information that we may consider private. Others may be subverted to pose a threat to society or personal safety.
The crowd-funding and maker movements have also spawned a new class of non-traditional hardware development revenue streams. This rapid prototyping and rush to market environment is excellent for innovation. However, initial offerings may be completely void of security features. In the hardware world, lack of security features can be very difficult, if not impossible, to overcome. Once a device makes it into the hands of consumers, it may remain in service with latent vulnerabilities for a very long period of time. Typical consumers also lack the ability to distinguish between secure and insecure alternatives existing in the market. In many cases, the deciding factor driving purchase is device cost.
As a result, the security community must begin to understand and develop test methodologies for these types of devices so vulnerabilities can be discovered and communicated in the same responsible nature that occurs in the general computing world.
This course will serve as an introduction to IoT hacking, where we look at familiar devices and lay the groundwork for hardware security analysis.
In this two-day training class, the following course outline will be covered along with the opportunity to hack on several different IoT devices.
Hardware Identification
- Types of Hardware
- Electricity
- Safety
- Components
Tools
- Types of tooling
- Applications of different tool
Attack Surface Analysis
- Identifying the Attack Surfaces for specific devices
- Types of Attack Surfaces
Testing Methodology
- Reconnaissance
- Scanning
- Exploitation
- Post-Exploitation
Firmware Acquisition
- How to dump firmware from a device
- Use of tools to acquire and analyze firmware
Static Analysis
- Analysis of information collected from the device (code, firmware, etc.)
Dynamic Analysis
- Analysis while interacting with the device (webpage, SSH, Bluetooth, etc.)
Other Pentesting Disciplines
- How do they relate to IoT hacking
Labs
- Several labs that demonstrate other attack vectors which were not demonstrated during class
- Lots of hands-on learning
Wild West Hackin’ Fest (Oct 8th – Oct 9th, 2024) – Deadwood, SD
- October 9th – 8:30 AM to 5:00 PM MDT
- October 8th – 8:30 AM to 5:00 PM MDT
Wild West Hackin’ Fest at Mile High (Feb 4th – Feb 5th, 2025) – Denver, CO
- February 4th – 8:30 AM to 5:00 PM MDT
- February 5th – 8:30 AM to 5:00 PM MDT
- At least 60GB of free hard drive space
- Minimum of 8GB of RAM
- X86 processor-based PC
- VMWare installed
- PDF reader for Slides
- NOTE: VMs will not run on ARM based PCs.
This class is available for training at both WWHF Deadwood 2024 and
WWHF Mile High 2025. For more information about our conferences, visit
Wild West Hackin’ Fest!