IOT PENTESINTG AND SECURITY
IoT Pentesting and Security Training is Industrial use cases based hands-on practical course. The training focuses on deep diving into standard IoT components and technologies to protect the automative systems and devices. Being the hottest technology, the developments and innovations are happening at a stellar speed, but the security of IoT is yet to catch up. Since the safety and security repercussions are serious and at times life-threatening, there is no way you can afford to neglect the security of IoT products.
IoT pentesting and security training is a unique course that offers security professionals, a comprehensive understanding of the complete IoT Technology suite including, IoT protocols, firmware, client-side, etc., and their underlying weaknesses. The extensive hands-on labs enable attendees to identify, exploit, or fix vulnerabilities in IoT, not just on emulators but also on real smart devices.
The IoT pentesting and security training focuses on the attack surface on current and evolving IoT technologies in various domains such as home, enterprise Automation, etc. It covers grounds-up on various IoT protocols including internals, specific attack scenarios for individual protocols, and open-source software/hardware tools one needs to have in their IoT penetration testing arsenal. It also covers hardware attack vectors and approaches to identify respective vulnerabilities
At the end of IoT Pentesting and security training there is an extensive session will be focused on creating the IoT pentesting reports.
IOT FUNDAMENTALS AND SECURITY BASICS
- Introduction to IoT Architecture and attack surfaces
- IOT Protocol Internals
- Reconnaissance techniques
- Information leakage in Devices
- DOS attacks
- Hands-on with open-source tools
BLUETOOTH BASED ATTACKS
- Introduction and protocol Overview
- Reconnaissance (Active and Passive) with HCI tools
- GATT Service Enumeration
- Sniffing GATT protocol communication
- Reversing GATT protocol communication
- Read and write on the GATT protocol
- Fuzzing Characteristic values
RADIO FRQUENCEY ATTACKS
- Zigbee and protocol Overview
- Reconnaissance (Active and Passive)
- Sniffing and Eavesdropping
- Decrypting communication
- Hands-on with Zigbee Auditor and open-source tools
- CAN Bus essentials
- Attacks on CAN Bus
IOT PENTESTING - PART 1
- Firmware analysis and reversing
- Firmware modification and encryption
- Emulating device firmware (User-space & Full System)
- IoT hardware Basis
- Introduction to hardware
- Hardware Tools
- Exploit Nano
- EEPROM readers
- Bus Auditor
- Logic Analyzer
- Exploiting Hardware Interfaces
- Hardware Reconnaissance
- Analysing the board and Datasheets
IOT PENTESTING - PART 2
- Identifying UART interface
- Methods to analyse the UART interface
- Accessing sensor via UART
- Brute-forcing Custom consoles
- Identifying JTAG interface
- Methods to analyse JTAG interface
- Extracting firmware from the microcontroller
- Run-time patching the firmware code
- Attacking the Memory
- Where and What data is stored?
- Common memory chips and protocols
- Hands on memory attacks
Defense and Report Writing
- Interfacing with I2C
- Manipulating Data via I2C
- Hands on run-time I2C communication
- Interfacing with SPI
- Hands on data Manipulation with SPI
- Report Writing
- IoT Reporting industry guidelines
- Automative assessment reports
- Detailed assessment reporting guidelines
- Certcube Labs IoT Pentesting Assessments Use Cases
who should attend this training?
- Security Associates
- Penetration testers/Red team members
- Network security engineers
- Information security consultants
why should i take this training?
IoT devices are widely used nowadays in many automotive operations as well as in daily life. These devices are exposing multiple threats to the outside world. It may sometimes cause a serious impact. IoT Pentesting and security training bulid’s a skillful IoT pentester .Candidate can apply this knowledge to secure IoT channels and Devices worldwide
prerequisite of the training ?
The candidate should familiar with the basics of electric communication and Data communication.
What is the duration of the training ?
It’s an Instructor-led online training and the total duration of the training is 30 hours.
What People Are Saying
Today I've completed my one 2 one online training by Mr Naresh sir from Certcube Labs .
This is the first time I have attended a class in this format and wondered how effective it would be. It was very effective and therefore I would definitely be interested in attending other classes in the same format. The instructor was very knowlegeable and provided a wealth of information about the current version, especially since the last version I used was several releases ago.
5 start training. Naresh is the best. He made me Zero to Hero in 3 months time. Little bit expensive compare to others ,but totally worth it .
We're Here To Help!
3500 , 1st Floor , Raja Park , New Delhi -110034
M-S: 10am - 11pm