Learning the secret incantations to make embedded systems carry out your will is not as hard as one might think. In the world of IoT, the hardened system is rare and most times a firmware image is more than enough to find and exploit weakness. Embedded devices are flooding corporate and home networks with limited insight into product security.
These sessions teach attendees how to evaluate IoT devices regularly deployed on enterprise networks. Learning the techniques utilized by attackers will help enterprise admins vet devices intended for deployment while also helping companies that develop these devices identify how attackers operate.
Participants will be provided with a virtual machine pre-loaded with IoT analysis tools and configured to emulate several embedded devices. Students will learn how to analyze and exploit these devices through a series of hands-on lab exercises designed to demonstrate some of the key concepts involved in IoT hacking. Upon completion of each lab, students will be given the opportunity to test their exploits against live devices.
These techniques have been successfully employed by the author to identify over 100 CVEs on embedded/IoT devices as well as to win the 0-day and CTF tracks in the DEF CON 22 SOHOpelessly Broken router hacking competition.
For the first time ever, we’re offering this advanced IoT Hacking – Brainwashing Embedded Systems course. If you’ve not completed the IoT Hacking course at SecTor 2016 or 2017, or not experienced in embedded exploit dev or proficient in shell, we recommend you take our 2018 IoT hacking introductory course.