IoT Exploitation


Table of Contents


IoT or the Internet of Things is one of the most upcoming trends. However, within the growth of many new devices coming up every few months, not much attention has been paid to its security until now.

The course will be based on both theoretical and practical use of vulnerabilities in IoT devices, IoT devices architecture, identifying attack surfaces, and exploiting IoT vulnerabilities.

How to make the most of this course?

In order to succeed in the course, the following requirements must be met:

  • Participation in all practical laboratories
  • Self-work at home between lessons
  • Repetition of materials, self-learning, performing tasks, etc…

In addition to regular classroom studies, the participant is required to practice at least 10 hours a week in order to gain practical experience in the field.

The participant will also need a good personal computer suitable for running virtual machines, with a broadband Internet connection.

Target audience

  • Governmental bodies, army and security officials
  • Private organizations that are interested in preparing their teams for IoT offensive exploitation
  • Security Professionals and Penetration Testers
  • SOC Analysts
  • IoT Developers


  • Becoming familiar with IoT
  • Acquiring the necessary techniques and tools for IoT exploitation
  • Mapping IoT devices
  • Firmware exploitation and analysis
  • Learning to attack and defend both locally and remote IoT devices


  • ThinkCyber Level-2 Courses



During this module, participants will learn about IoT and smart devices, IoT device architecture analysis, and breaking it down to individual components, techniques, and tools. Participants will learn to find vulnerabilities all around the internet using smart queries.

Technical content

  • Fundamental Concepts
    o Understanding Firmwares
    ▪ Filesystems
    ▪ Kernel
    ▪ Bootloader
    o Retrieving Firmwares
    o IoT Protocols
    ▪ Zigbee
    ▪ GSM
    ▪ zWave
    ▪ 6LoWPAN
    ▪ Ethernet and WiFi
  • Mapping the Internet
    o Mapping Attack Surface of an IoT Device
    o Setting up Debian-OS for IoT Penetration Testing
    o Nmap Basics
    ▪ Scanning and Enumerating
    ▪ OS Detection
    ▪ NSE with IoT
    o Banner Grabbing Techniques
    o IoT Mapping with Shodan
    ▪ Shodan History
    ▪ Searching with CLI
    ▪ CVE Detection


In this module, participants will get familiar with Linux and network-based exploitation and use their skills in IoT environments.

Technical content

  • Introduction to Embedded OS
    o Working with SquashFS
    o Using Binwalk
    ▪ U-Boot Version Detection
    ▪ Extracting the SquashFS
    o Detecting Default Password
    ▪ Finding Sensitive Files
    ▪ Offline Brute-Forcing Password Files
    o Analyzing System Files
    ▪ Finding Preset iptables
    ▪ Researching Existing Scripts
    o Firmware Analysis – Identifying Hardcoded Secrets


A firmware is running embedded systems and IoT devices, which holds sensitive information and data. This module will help us analyze firmware and extract them. Also, identifying vulnerabilities in the firmware of IoT devices.

Technical content

  • Emulating Firmware Binary
    o Mimicking Chroot and Understanding QEMU
    o Deploying Firmadyne
    ▪ Requirements and Problem Mitigation
    ▪ Building the MySQL Database
    o Components of Firmadyne
    ▪ Extractor
    ▪ getArch
    ▪ tar2db
    ▪ makeImage
    ▪ inferNetwork
    o Automating the Deployments
    ▪ FAT – Old Automater
    ▪ Firmadyne-Launcher – New Automater
    o Weaponising Firmwares
    ▪ Crafting Custom Firmwares using Firmware-Mod-Kit
    ▪ Backdooring Firmwares using Buildroot
    ▪ Uploading Armed Firmwares Undetectably


In this module, we will cover the IoT devices software’s aspects, preforming exploitation on ARM and MIPS architectures. We will also identify command injection vulnerabilities in firmware binaries and attack mobile web apps.

Technical content

  • Common Exploitation Techniques
    o ReadELF
    o Intro to MIPS and ARM
    o Binary Debugging and Disassembling
    ▪ Buffer Overflow
    ▪ Exploitation with GDB
    ▪ Analyzing Open-Source Codes
    o Debugging Services o Understanding UART, SPI, I2C, and JTAGs Concepts
  • Web application Security for IoT
    o Installing BurpSuite and Setting Proxy Interruption
    o BurpSuite Components
    ▪ Spider
    ▪ Proxy
    ▪ Intruder
    ▪ Repeater
    ▪ Sequencer
    ▪ Decoder
    o Exploitation with Command Injection
    ▪ Exploitation with CSRF and XSS
    ▪ Blind Command Injection
    o Online Brute-Force Basics
    ▪ SSH Cracking using Hydra
    ▪ Launching Crowbar against RDP


The following labs are part of the actual RT430 course:
  • Lab 1 Mapping the Internet
  • Lab 2 Firmware Analysis
  • Lab 3 Single Emulations
  • Lab 4 Firmware Emulation
  • Lab 5 IoT Backdoors
  • Lab 6 Web Application Vulnerabilities
  • Lab 7 RouterSploit

Real cases studies

Case Study #1 (IOt001)
Amazon’s video doorbell is in the news, due to hackers exploiting a bug in the device’s OS that allows hackers to discover your WiFi password. When the news about the bug went public, a mass panic occurred in the USA due to people fearing for their privacy. The R&D manager has created a special team to replay the hacker’s steps and find the source of the bug.
Case Study #2 (IOT002)
Phillips' smart lightbulb has recently received a software update that included a patch to the implemented ZigBee communication protocol. Due to programming malpractice and code errors, the smart light bulb can be turned to a malware downloader and infect all devices on the network. As an IoT security specialist at Phillips, you need to disclose the vulnerability and find the solution.

 Course type

This course is delivered in the following ways:

  • Virtual classroom with proctored labs and scenarios executed in our Cyberium Arena
  • In situe classroom with proctored labs and scenarios executed in our Cyberium Arena

All sessions are recorded and attendees can replay them  during 30 days. All course material is electronically made available to the participant.

 Course Group: FOUNDATION


 Hands-on / Theory MiX

The following course incorporates a high level of hands-on labs exercises, as well as real life case studies.

1 %
Case Studies

Required EqUIPMENT

Network connection

As this course extensively uses a cloud based Learning Management System, including a lab arena, attendees need a stable broadband connection to the Internet.

BYOD – Bring Your Own Device

As it is a very practical course, and in order for the participants to make the most of the course, they need a laptop with the following capabilities:

  • Audio and Video
  • 8 GB RAM
  • 200 GB Disk Space
  • Virtualization capabilities ( supporting latest version of Virtualbox or similar virtual machine application)

And also a Good Headset with Mic

More Details