Description

This is a 3 day hands-on IoT hacking class. It covers all aspects of IoT Security, from the technologies and testing methodologies to the vulnerabilities. The main focus is offensive security: attacking and testing the devices and platforms.

We first cover the basics and lay out the ground with concepts before diving into the actual hacking. This provides the understanding of what and why the things can be hacked, with a good mix of knowledge and learning-by-doing or in this case learning-by-hacking.

Students will receive a free IoT Hacking Kit (hardware with a value of +300 Euros), which contains the tools and some vulnerable devices used in class, so that they can continue sharpening their skills or hack devices after the event.

Note: The training is available as both on-site private and public training class.

Contents

  • IoT Security Concepts

  • IT and IoT Pentest methodologies and frameworks

  • Firmware hacking

  • Bluetooth

  • Hardware and debugging interfaces

  • Software defined radio

Key indicators

Learn-by-hacking
Pace
Hands-on
Theory

Learning Objectives

After the class, the attendees will be able to evaluate the security of different IoT architectures, identify the attack surface, knowledge of security testing methodologies and how to use them, dump, extract and analyze device firmware, hack UART, SPI, I2C and JTAGs, debug and attack hardware and software, analyze protocols, attack radio and wireless communications like BLE, Zigbee, and custom protocols and much more.

All the topics above are taught with learning-by-hacking in mind, with a combination of theory and hands-on labs.

Target audience

  • Security Professionals
  • IT Professionals
  • Embedded Security Enthusiasts
  • All kinds of professionals with an understanding of IT or hacking
  • Anyone interested in learning IoT device hacking

Course Content

Day 1:

* IoT Security Concepts
– Identify the attack surface
– Evaluate the security of different IoT architectures
* IT and IoT Pentest methodologies and frameworks
* BLE
– Concepts
– Sniffing
– MiTM attacks and proxy attacks

Day 2:

* Firmware
– Definitions
– Dump, extract and analyze device firmware
– Emulate parts of and entire firmware
– Adding a backdoor and re-building firmware
* Hardware and debugging interfaces
– Electronics 101
– Serial interfaces: UART, SPI, I2C and JTAG
– Extracting firmware and data from EEPROM chips
– JTAG debugging, exploitation

Day 3:

* Software defined radio
– Concepts
– Sniffing and reversing radio frequencies
– Working with 433 MHz: rx, tx, decoding
* Zigbee
– Concepts
– Working with Zigbee: rx, tx, decoding
– Hacking Zigbee
* Capture the Flag
– Hack a real IoT device

Additional information

Pre-requisites:

  • Laptop with at least 50 GB free space and at least 8 GB RAM, external USB access (3 ports), Virtualization software (Virtualbox or VmWare)
  • Eagerness to learn
  • Basic knowledge of Linux or UNIX (especially bash) is always an advantage

What we will provide:

  • IoT hacking Kit (to take home and practice the skills learned in class)
  • PDF files of slides and workbooks
  • All meals and refreshments (on public trainings)

Language:

  • Reference material (slides, handouts, etc.): English
  • Classes: English (on public classes), Private classes can be held in Spanish or German

Prices

€2,249.10 incl. 19% VAT    Early Bird

€2,499.00 incl. 19% VAT   Standard

Price includes: event attendance,
 IoT Security Hacking Kit, food and drinks during the event.

Next dates

 IoT Security Bootcamp
2019-05-14 - 2019-05-16 – Cologne
 IoT Security Bootcamp
2019-11-26 - 2019-11-28 – Cologne

Book your training now

Make sure you take advantage of the Early Bird discount!

Seats in these classes are limited to ensure personalized experience and encourage maximum collaboration.

Select your event from the left to complete your booking.

IoT security hacking kit

  • All the basic tools for IoT security

    Take home all the tools you need and learned to use in the bootcamp

  • Free with each bootcamp registration

  • Exclusive for SevenShift trainees

Contents:

  • Vulnerable devices i.e Smart plug
  • Software defined radio (SDR) kit
  • BLE snifing tools
  • BLE dongles
  • General purpose USB to GPIO + SPI + I2C + JTAG + UART
  • Arduino Nano +  shields
  • Breadboard + jumper wires and cables
  • Assorted electronic components
  • EEPROM
  • Zigbee shields
  • Zigbee sniffer
  • 433 MHz tools
  • Multimeter
  • and more

Note: the content of the kit varies per session based on the content and availability

Meet the trainer

Pablo Endres

Managing director / Lead Security Consultant / Trainer

Pablo Enjoys hacking, IoT, teaching, working with new technologies, startups, collaborating with Open Source projects, learning new things and being challenged.

In the last couple of years, he has been working mainly IoT security, testing dozens of devices and working with multiple platform providers to secure their solutions.

  • Professional Hacker
  • Experienced professional

    Not just a trainer
    15+ years of experience in security

  • Tested dozens of IoT devices and ecosystems
  • Well structured
  • Can change gears

    Adapts explanations to the level of the crowd

  • Can explain complex things in simple words
  • Passion for teaching

Comments from our students

“Training was really comprehensive and engaging with excellent focus on vulnerabilities and threat vectors specific to IoT domain. I will recommend it to every company or individual, who is serious about IoT Security deployment”.

Jamal Tariq Security Compliance Analyst (IoT) - Vodafone Group Services

“A very well structured and detailed training series with the right mix of theory and practice. Pablo Endres goes into the participants´ previous knowledge, questions and comments individually. His experience as an IT Security Expert enables him to give useful and very valuable tips”.

Cristian Weißleder Security Consultant - CETECOM GmbH

The session was great!

For a beginner like me, I could not ask for anything more, it covered all aspects of IoT. The session was really engaging, filled with positive and negative examples. I like to know every aspect of something, I found it very beneficial to learn about all aspects of IoT.

(…) I learnt a lot of new things that I had no knowledge about before.

Kamaal TauqirTechnology Discover Security Assurance Specialist