shape-876@2x

ZX OFFENSIVE

IE309: IoT Exploitation Intermediate

מספר הקורס 71580

40 סה"כ שעות אקדמאיות
5 מפגשים
* מספר המפגשים והשעות למפגש עשויים להשתנות בין קורס לקורס
calendar-1.svg

המועדים הקרובים

קורס לקבוצות

הקורס נפתח במתכונת של קבוצה בלבד, בהתאמה אישית לארגונים.
לפרטים נוספים: Muzman@johnbryce.co.il

ספרו לי עוד

Overview

IoT or the Internet of Things is one of the most upcoming trends. However, within the growth of many new devices coming up every few months not much attention has been paid to its security till now. The course will be based on theoretical and practical use of vulnerabilities in IoT devices, IoT devices architecture, identifying attack surface and exploiting IoT vulnerabilities.

hat.png

Objectives

Becoming familiar with the cyber threat of IoT exploitation

Acquiring the necessary techniques and tools for IoT exploitation

Mapping IoT devices

Firmware exploitation and analysis

Preparing for cyber-attacks

Becoming familiar with a variety of available tools for performing IoT exploitation tasks

kahal.png

Who Should Attend

Governmental bodies, army and security officials

Private organizations that are interested in preparing their teams for IoT offensive exploitation

Security Professionals and Penetration Testers

SOC Analysts

IoT Developers

The course targets participants with foundation knowledge in computer networking, who wish to operate a SOC on the analyst and incident responder levels, or individuals who serve as corporate security analysts. Incident responders System/network administrators IT security personnel

structure.png

תכנית הלימודים

Full Syllabus
PDF להורדה

Module 1: Introduction to IoT Security

During this module, students will be introduced to IoT and smart devices, IoT device architecture analyzation and breaking it down to individual components, techniques and tools. Students will learn to find vulnerabilities all around the internet using smart queries.

  • Learning Shodan
  • Using Advanced API
  • Searching with CLI
  • Collecting and Extracting Data
  • Mapping the Internet
  • Vulnerabilities by Choice: OS, Application, Metasploit

Module 2: Conventional Attack Techniques

In this module we look for more attacks on IoT devices. Students will get familiar with Linux and network-based exploitation and use their skills on IoT device environments.

  • Setting your VM for Penetration Testing
  • Introduction to Embedded OS
  • Mapping Attack Surface of an IoT Device

Module 3: Firmware Analysis

A firmware is running embedded systems and IoT devices, which holds sensitive information and data.

This module will help us analyze firmware’s and extract them, also identifying vulnerabilities in the firmware of IoT devices.

  • Mounting File Systems
  • Firmware Analysis – Identifying Hardcoded Secrets
  • Emulating Firmware Binary
  • Backdooring a Firmware
  • Firmware Emulation using FAT

Module 4: Software-Based Exploitation

In this module we will cover the IoT devices software’s aspects, preforming exploitation on ARM and MIPS architectures. We will also identify command injection vulnerabilities in firmware binaries and attack mobile web apps.

  • Common Software Exploitation Techniques
  • Intro to MIPS
  • Binary Debugging
  • ARM Buffer Overflow
  • Exploitation with GDB on MIPS

Module 5: Digging Deep into Embedded Devices

This module will dive deeper into the world of embedded devices as we know IoT systems have a device-centric architecture. In this module, we look at the circuit board by opening the device, plan exploitation techniques by identifying the on board components.

  • Web application Security for IoT
  • Exploitation with Burp
  • Exploitation with Command Injection
  • Exploitation with Blind Command Injection
  • Exploitation with Brute-Force
  • Exploitation with CSRF

Prerequisites
  • Working experience with virtualization
  • Linux basic commands
סימולטור - Cyberium Arena

The courses at John Bryce Training allow you to gain experience with unique simulators and hands-on practice labs that include a variety of scenarios. Students are given the opportunity to put in practice what they have learned in order to retain all the relevant skills and information they were given throughout the course, this way upgrading their knowledge and expertise.

The simulator that is used in the hands on practice labs is The Cyberium system. This is an advanced cyber scenario simulator which has been developed by cyber experts who have been constantly involved in cyber training and in giving knowledge gaps solutions in the field of cyber. The simulator includes two main types of scenarios – educational and realistic.

Each educational scenario is focused on a different aspect of the course and simulates a specific aspect of the training topics. Each issue or topic taught in the course has a point exercise that allows the student to focus on it and deeply learn it.

The realistic scenarios simulate possible or past incidents related to Information Security. This includes everything from topics such as the Regulation of Cyber Systems to Attacks by Terrorist Hacker Organizations. These scenarios are broader than the educational exercises and require more of a systemic, strategic and comprehensive vision.

After each scenario, the system automatically generates detailed reports that serve as immediate feedback that allows the student and lecturer to measure the abilities, strengths, and weaknesses of the participant.

Schedule Appointment

Fill out the form below, and we will be in touch shortly.

לא הצלחנו לאתר את הטופס.

בודק...