Skip Main Navigation
Page Content

Save This Event

Event Saved

Practical Internet of Things (IoT) Exploitation 2017

Hackfest Communication

Tuesday, 31 October 2017 at 9:00 AM - Thursday, 2 November 2017 at 5:00 PM (SST)

Practical Internet of Things (IoT) Exploitation 2017

Ticket Information

Ticket Type Sales End Price Fee GST/HST Quantity
Early-Bird - Practical Internet of Things (IoT) Exploitation
Training at Hackfest 2017 on October 31st and November 1-2nd
Ended $1,200.00 $0.00 $179.64
Regular - Practical Internet of Things (IoT) Exploitation
Training at Hackfest 2017 on October 31st and November 1-2nd
21 Oct 2017 $1,500.00 $0.00 $224.55

Who's Going

Loading your connections...

Share Practical Internet of Things (IoT) Exploitation 2017

Event Details

Hackfest is proud to present “Practical Internet of Things (IoT) Exploitation” with Aditya Gupta and Arun Magesh.

Practical IoT Exploitation is a hands-on class focusing on the Internet of Things Security and Exploitation with a practitioner’s approach.

IoT or the Internet of Things is one of the most popular trends in technology as of now. A lot many new devices are coming up every single month. However, not much attention has been paid to the device's security till now.

"Practical IoT Exploitation" is a class offering attendees the ability to assess and exploit the security of these smart devices - by looking at the devices from an attackers approach, diving deep into Embedded security issues, reverse engineering firmware, analyzing radio communications and more.

The 3-days action packed training will cover different varieties of IoT devices and will have numerous labs focusing on real world security issues found in commercial Internet of Things solutions.

The course labs include both real world devices and emulated environments provided to the attendees during the training. Practical IoT Exploitation training class is designed for individuals who want to kickstart their career in IoT Pentesting and walk out of the class on completion with having the skill sets needed to perform a real-world IoT Pentest.

The training is beginner friendly and does not expect the attendees to have any prior knowledge of IoT Security. The attendees will be provided with VM image of AttifyOS for IoT pentesting, created by the trainers themselves. 

After the 3-days class, the attendees will be able to:

  • Extract, dump and analyze device firmwares 
  • Analyzing firmware and binaries 
  • Hands-on Labs with UART, SPI and JTAG Exploitation 
  • Device Scanning and reversing communication APIs
  • 3rd party and USB based Attacks 
  • SDR based exploitation for IoT devices 
  • Attacks on BLE, ZigBee - Hands-on labs 

Practical IoT Exploitation is the course for you if you want to try exploitation on new hardwares and find security vulnerabilities and 0-days in IoT devices. The class will conclude with a CTF exercise where the attendees will have to apply all the different skillsets learnt during the 3-day class.

 Training includes

  • Badge for the conference on November 3-4th
  • Lunch (October 31st, November 2-3rd)
  • Coffee breaks
  • If you want to play on the CTF, please email us!


Why chose this course ?

  • Learn hardware hacking
  • Understand firmware extraction and analysis
  • Have hands-on practice with uart, spi and jtag exploitation
  • and much more!


Course contents
Core Modules

  • Embedded Device security analysis
  • Accessing Root console via Serial Interfacing
  • NAND Glitching
  • Dumping data from an SPI flash
  • JTAG identification, debugging and exploitation
  • Emulating and Reversing firmware
  • Exploiting firmware binaries - ARM and MIPS exploitation
  • Backdooring firmware and flashing to device
  • External media based attacks
  • M2MXML, CoAP and MQTT vulnerabilities
  • ICS based vulnerabilities
  • Sniffing Radio Signals
  • Extracting data from captured signal
  • Sniffing and Exploiting BLE based devices
  • Sniffing and Exploiting ZigBee based devices
  • Conducting a real-world IoT pentest
  • CTF


Technical prerequisites
Details will be sent to students before the class begins.

Biography

Aditya Gupta (@adi1391) is the founder and principal consultant of Attify, a specialized IoT and mobile security firm. He is a mobile security expert and evangelist. Gupta has conducted a lot of in-depth research on mobile application security and IoT device exploitation, and is the author of Learning Pentesting for Android Devices and IoT Hackers Handbook .

Gupta is the creator and lead instructor for the popular training course “Offensive Internet of Things Exploitation,” which has seen great success at Black Hat USA 2015, Black Hat USA 2016, and Brucon. He has discovered serious web application security flaws in websites such as Google, Facebook, PayPal, Apple, Microsoft, Adobe and many more. Gupta published a research paper on ARM Exploitation titled “A Short Guide on ARM Exploitation.”

In his previous roles, he has worked on mobile security, application security, network penetration testing, developing automated internal tools to prevent fraud, finding and exploiting vulnerabilities. Gupta is a frequent speaker and trainer at various international security conferences such as Black Hat, Syscan, OWASP AppSec, PhDays, Brucon, Toorcon, and Clubhack. He also provides private and customized training programmes for organizations.

Have questions about Practical Internet of Things (IoT) Exploitation 2017? Contact Hackfest Communication

Save This Event

Event Saved

When & Where


Hotel Plaza Québec
3031 Boulevard Laurier
Quebec, QC G1V 2M2
Canada

Tuesday, 31 October 2017 at 9:00 AM - Thursday, 2 November 2017 at 5:00 PM (SST)


  Add to my calendar
Practical Internet of Things (IoT) Exploitation 2017
Things to do in Quebec Class Science & Tech

Please log in or sign up

In order to purchase these tickets in installments, you'll need an Eventbrite account. Log in or sign up for a free account to continue.