Intro to IoT Hacking w/ Rick Wisser and Dave Fletcher
October 8 @ 10:30 am – October 9 @ 7:00 pm EDT
Instructor: Rick Wisser and Dave Fletcher
Course Length: 16 Hours
Includes: Twelve months of complimentary access to the Antisyphon Cyber Range and certificate of participation.
Please note – this class is in-person only, therefore it will not be streamed and no recording will be available.
Class Dates | Class Times |
---|---|
Tuesday, October 8th, 2024: | 8:30 AM – 5:00 PM MT |
Wednesday, October 9th, 2024: | 8:30 AM – 5:00 PM MT |
These classes are a part of Wild West Hackin’ Fest 2024 . Conference occurs both virtually and in person. For more information about the conference visit our website!
Clicking on the button above will take you
to our registration page on the website.
Pricing:
Course Description
As we move further and further into the age of the Internet of Things (IoT) we are increasingly surrounded by devices that collect, analyze, and share information about the world around us. IoT devices are currently being developed and deployed to optimize processes, analyze natural phenomenon, diagnose and treat medical conditions, automate mundane tasks, and create additional conveniences for the human race. Some of these devices simply over share information that we may consider private. Others may be subverted to pose a threat to society or personal safety.
The crowd-funding and maker movements have also spawned a new class of non-traditional hardware development revenue streams. This rapid prototyping and rush to market environment is excellent for innovation. However, initial offerings may be completely void of security features. In the hardware world, lack of security features can be very difficult, if not impossible, to overcome. Once a device makes it into the hands of consumers, it may remain in service with latent vulnerabilities for a very long period of time. Typical consumers also lack the ability to distinguish between secure and insecure alternatives existing in the market. In many cases, the deciding factor driving purchase is device cost.
As a result, the security community must begin to understand and develop test methodologies for these types of devices so vulnerabilities can be discovered and communicated in the same responsible nature that occurs in the general computing world.
This course will serve as an introduction to IoT hacking, where we look at familiar devices and lay the groundwork for hardware security analysis.
Syllabus
In this two-day training class, the following course outline will be covered along with the opportunity to hack on several different IoT devices.
Hardware Identification
- Types of Hardware
- Electricity
- Safety
- Components
Tools
- Types of tooling.
- Applications of different tools.
Attack Surface Analysis
- Identifying the Attack Surfaces for specific devices.
- Types of Attack Surfaces.
Testing Methodology
- Reconnaissance
- Scanning
- Exploitation
- Post-Exploitation
Firmware Acquisition
- How to dump firmware from a device.
- Use of tools to acquire and analyze firmware.
Static Analysis
- Analysis of information collected from the device (code, firmware, etc.).
Dynamic Analysis
- Analysis while interacting with the device (webpage, SSH, Bluetooth, etc.).
Other Pentesting Disciplines
- How do they relate to IoT hacking.
Labs
- Lots of hands-on learning.
- Several labs that demonstrate other attack vectors which were not demonstrated during class.
Trainer & Author
Rick Wisser has been with the Black Hills Information Security (BHIS) team since 2015. He is a Security Analyst, GIAC Certified Incident Handler (GCIH), and a SANS NetWars Level 5 certificate holder. Rick has an associate degree in Electronic Technology and Computer Networking as well as a BS in Electrical Engineering.
David Fletcher has been working for Black Hills Information Security (BHIS) as a Security Analyst since 2015. He has spent most of his career working for the US Air Force and engaged in a variety of disciplines within the IT industry including boundary defense, web and application development, system administration, and offensive cyber research. David approaches penetration testing with a creative mind, treating each test as a puzzle and always exploring new methods of exploitation. He holds a BS in Electrical Engineering and an MS in Information Security Engineering from the SANS Technology Institute. Outside of work, David enjoys playing the guitar, hunting, and fishing.