IoT Exploitation
RT430
Table of Contents
Description
IoT or the Internet of Things is one of the most upcoming trends. However, within the growth of many new devices coming up every few months, not much attention has been paid to its security until now.
The course will be based on both theoretical and practical use of vulnerabilities in IoT devices, IoT devices architecture, identifying attack surfaces, and exploiting IoT vulnerabilities.
How to make the most of this course?
In order to succeed in the course, the following requirements must be met:
- Participation in all practical laboratories
- Self-work at home between lessons
- Repetition of materials, self-learning, performing tasks, etc…
In addition to regular classroom studies, the participant is required to practice at least 10 hours a week in order to gain practical experience in the field.
The participant will also need a good personal computer suitable for running virtual machines, with a broadband Internet connection.
Target audience
- Governmental bodies, army and security officials
- Private organizations that are interested in preparing their teams for IoT offensive exploitation
- Security Professionals and Penetration Testers
- SOC Analysts
- IoT Developers
Objectives
- Becoming familiar with IoT
- Acquiring the necessary techniques and tools for IoT exploitation
- Mapping IoT devices
- Firmware exploitation and analysis
- Learning to attack and defend both locally and remote IoT devices
Pre-requisites
- ThinkCyber Level-2 Courses
Syllabus
Description
During this module, participants will learn about IoT and smart devices, IoT device architecture analysis, and breaking it down to individual components, techniques, and tools. Participants will learn to find vulnerabilities all around the internet using smart queries.
Technical content
- Fundamental Concepts
o Understanding Firmwares
Filesystems Kernel Bootloader
o Retrieving Firmwares
o IoT Protocols Zigbee GSM zWave 6LoWPAN Ethernet and WiFi - Mapping the Internet
o Mapping Attack Surface of an IoT Device
o Setting up Debian-OS for IoT Penetration Testing
o Nmap Basics Scanning and Enumerating OS Detection NSE with IoT
o Banner Grabbing Techniques
o IoT Mapping with Shodan Shodan History Searching with CLI CVE Detection
Description
In this module, participants will get familiar with Linux and network-based exploitation and use their skills in IoT environments.
Technical content
- Introduction to Embedded OS
o Working with SquashFS
o Using Binwalk
▪ U-Boot Version Detection
▪ Extracting the SquashFS
o Detecting Default Password
▪ Finding Sensitive Files
▪ Offline Brute-Forcing Password Files
o Analyzing System Files
▪ Finding Preset iptables
▪ Researching Existing Scripts
o Firmware Analysis – Identifying Hardcoded Secrets
Description
A firmware is running embedded systems and IoT devices, which holds sensitive information and data. This module will help us analyze firmware and extract them. Also, identifying vulnerabilities in the firmware of IoT devices.
Technical content
- Emulating Firmware Binary
o Mimicking Chroot and Understanding QEMU
o Deploying Firmadyne
▪ Requirements and Problem Mitigation
▪ Building the MySQL Database
o Components of Firmadyne
▪ Extractor
▪ getArch
▪ tar2db
▪ makeImage
▪ inferNetwork
o Automating the Deployments
▪ FAT – Old Automater
▪ Firmadyne-Launcher – New Automater
o Weaponising Firmwares
▪ Crafting Custom Firmwares using Firmware-Mod-Kit
▪ Backdooring Firmwares using Buildroot
▪ Uploading Armed Firmwares Undetectably
Description
In this module, we will cover the IoT devices software’s aspects, preforming exploitation on ARM and MIPS architectures. We will also identify command injection vulnerabilities in firmware binaries and attack mobile web apps.
Technical content
- Common Exploitation Techniques
o ReadELF
o Intro to MIPS and ARM
o Binary Debugging and Disassembling
▪ Buffer Overflow
▪ Exploitation with GDB
▪ Analyzing Open-Source Codes
o Debugging Services o Understanding UART, SPI, I2C, and JTAGs Concepts - Web application Security for IoT
o Installing BurpSuite and Setting Proxy Interruption
o BurpSuite Components
▪ Spider
▪ Proxy
▪ Intruder
▪ Repeater
▪ Sequencer
▪ Decoder
o Exploitation with Command Injection
▪ Exploitation with CSRF and XSS
▪ Blind Command Injection
o Online Brute-Force Basics
▪ SSH Cracking using Hydra
▪ Launching Crowbar against RDP
Labs
- Lab 1 Mapping the Internet
- Lab 2 Firmware Analysis
- Lab 3 Single Emulations
- Lab 4 Firmware Emulation
- Lab 5 IoT Backdoors
- Lab 6 Web Application Vulnerabilities
- Lab 7 RouterSploit
Course type
This course is delivered in the following ways:
- Virtual classroom with proctored labs and scenarios executed in our Cyberium Arena
- In situe classroom with proctored labs and scenarios executed in our Cyberium Arena
All sessions are recorded and attendees can replay them during 30 days. All course material is electronically made available to the participant.
Course Group: FOUNDATION
Hands-on / Theory MiX
The following course incorporates a high level of hands-on labs exercises, as well as real life case studies.
Required EqUIPMENT
Network connection
As this course extensively uses a cloud based Learning Management System, including a lab arena, attendees need a stable broadband connection to the Internet.
BYOD – Bring Your Own Device
As it is a very practical course, and in order for the participants to make the most of the course, they need a laptop with the following capabilities:
- Audio and Video
- 8 GB RAM
- 200 GB Disk Space
- Virtualization capabilities ( supporting latest version of Virtualbox or similar virtual machine application)
And also a Good Headset with Mic
