IoT or the Internet of Things is one of the most upcoming trends. However, within the growth of many new devices coming up every few months not much attention has been paid to its security till now. The course will be based on theoretical and practical use of vulnerabilities in IoT devices, IoT devices architecture, identifying attack surface and exploiting IoT vulnerabilities.
ZX OFFENSIVE
IE309: IoT Exploitation Intermediate
מספר הקורס 71580
למה ללמוד בג'ון ברייס?
- למידה חדשנית ודינמית עם כלים מתקדמים בשילוב סימולציות, תרגול וסביבות מעבדה
- מגוון הכשרות טכנולוגיות עם תכנים המותאמים להתפתחות הטכנולוגית ולביקוש בתעשיית ההייטק
- מובילים את תחום ההכשרות לעולם ההייטק והטכנולוגיה כבר 30 שנה, עם קהילה של עשרות אלפי בוגרים
- אתם בוחרים איך ללמוד: פרונטאלית בכיתה, מרחוק ב- Live Class או בלמידה עצמית
המועדים הקרובים
קורס לקבוצות
הקורס נפתח במתכונת של קבוצה בלבד, בהתאמה אישית לארגונים.
לפרטים נוספים: Muzman@johnbryce.co.il
משך הקורס
שעות לימוד:
40
מספר מפגשים:
קורס בוקר:
5
מתכונת הקורס
הקורסים המוזמנים לארגונים מותאמים באופן אישי ומלא לצרכי הארגון, מערכי הלימוד גמישים וניתן לשלב בהם תכנים רלוונטיים וייעודיים.
- מרצים מומחים ומנוסים מהתעשייה
- למידה מתקדמת בהתאמה אישית
- התפתחות ושדרוג מקצועי
- חוויית למידה חדשנית ומקיפה
- ליווי וייעוץ מקצועי
- חומרי לימוד ייחודיים ובלעדיים
Overview
Objectives
Becoming familiar with the cyber threat of IoT exploitation
Acquiring the necessary techniques and tools for IoT exploitation
Mapping IoT devices
Firmware exploitation and analysis
Preparing for cyber-attacks
Becoming familiar with a variety of available tools for performing IoT exploitation tasks
Who Should Attend
Governmental bodies, army and security officials
Private organizations that are interested in preparing their teams for IoT offensive exploitation
Security Professionals and Penetration Testers
SOC Analysts
IoT Developers
The course targets participants with foundation knowledge in computer networking, who wish to operate a SOC on the analyst and incident responder levels, or individuals who serve as corporate security analysts. Incident responders System/network administrators IT security personnel
תכנית הלימודים
Full Syllabus
Module 1: Introduction to IoT Security
During this module, students will be introduced to IoT and smart devices, IoT device architecture analyzation and breaking it down to individual components, techniques and tools. Students will learn to find vulnerabilities all around the internet using smart queries.
- Learning Shodan
- Using Advanced API
- Searching with CLI
- Collecting and Extracting Data
- Mapping the Internet
- Vulnerabilities by Choice: OS, Application, Metasploit
Module 2: Conventional Attack Techniques
In this module we look for more attacks on IoT devices. Students will get familiar with Linux and network-based exploitation and use their skills on IoT device environments.
- Setting your VM for Penetration Testing
- Introduction to Embedded OS
- Mapping Attack Surface of an IoT Device
Module 3: Firmware Analysis
A firmware is running embedded systems and IoT devices, which holds sensitive information and data.
This module will help us analyze firmware’s and extract them, also identifying vulnerabilities in the firmware of IoT devices.
- Mounting File Systems
- Firmware Analysis – Identifying Hardcoded Secrets
- Emulating Firmware Binary
- Backdooring a Firmware
- Firmware Emulation using FAT
Module 4: Software-Based Exploitation
In this module we will cover the IoT devices software’s aspects, preforming exploitation on ARM and MIPS architectures. We will also identify command injection vulnerabilities in firmware binaries and attack mobile web apps.
- Common Software Exploitation Techniques
- Intro to MIPS
- Binary Debugging
- ARM Buffer Overflow
- Exploitation with GDB on MIPS
Module 5: Digging Deep into Embedded Devices
This module will dive deeper into the world of embedded devices as we know IoT systems have a device-centric architecture. In this module, we look at the circuit board by opening the device, plan exploitation techniques by identifying the on board components.
- Web application Security for IoT
- Exploitation with Burp
- Exploitation with Command Injection
- Exploitation with Blind Command Injection
- Exploitation with Brute-Force
- Exploitation with CSRF
Prerequisites- Working experience with virtualization
- Linux basic commands
סימולטור - Cyberium ArenaThe courses at John Bryce Training allow you to gain experience with unique simulators and hands-on practice labs that include a variety of scenarios. Students are given the opportunity to put in practice what they have learned in order to retain all the relevant skills and information they were given throughout the course, this way upgrading their knowledge and expertise.
The simulator that is used in the hands on practice labs is The Cyberium system. This is an advanced cyber scenario simulator which has been developed by cyber experts who have been constantly involved in cyber training and in giving knowledge gaps solutions in the field of cyber. The simulator includes two main types of scenarios – educational and realistic.
Each educational scenario is focused on a different aspect of the course and simulates a specific aspect of the training topics. Each issue or topic taught in the course has a point exercise that allows the student to focus on it and deeply learn it.
The realistic scenarios simulate possible or past incidents related to Information Security. This includes everything from topics such as the Regulation of Cyber Systems to Attacks by Terrorist Hacker Organizations. These scenarios are broader than the educational exercises and require more of a systemic, strategic and comprehensive vision.
After each scenario, the system automatically generates detailed reports that serve as immediate feedback that allows the student and lecturer to measure the abilities, strengths, and weaknesses of the participant.
רוצה עוד מידע על קורס בהתאמה אישית לארגון שלך?
נשמח לייעץ, ללוות ולענות על כל השאלות