Find and exploit weaknesses in connected devices with this year’s hands-on Brainwashing Embedded Systems deep dive training course at SecTor 2019.
This two-day course will focus on fundamental IoT security exploits before taking a deep dive into advanced techniques used by security researchers with hand-on exercises, live demos and take-aways thrown in the mix.
The software-based analysis techniques taught in this class are designed to find vulnerabilities with a emphasis on readily exploited logic errors and command injection, which form the basis of many attacks in the wild.
A Linux virtual machine (VM) will be provided to students preloaded with tools to emulate instances for running IoT software extracted from device firmware. Using this VM, students will be walked through a series of exercises using real vulnerabilities as case studies for different analysis or exploitation techniques.
In addition to exploiting the virtual IoT devices, students will have the opportunity to try several exploits within the classroom hack lab.
Topics include:
- Firmware extraction and dynamic analysis
- Enumerating unauthenticated attack surface
- Finding and exploiting OS injection bugs
- Using UPnP and SOAP APIs
- Remote/browser-based exploitation
Students will learn about technologies and tools including:
- Python
- BASH
- Binwalk
- cURL
Students will be given a take-home lab exercise on day-two to go through the process of virtualizing something. We’ll encourage students to bring it to the IoT Hack Lab in the SecTor Expo (days following this course) for feedback and/or help.
Craig Young is a computer security researcher with Tripwire’s Vulnerability and Exposures Research Team (VERT). He has identified and responsibly disclosed dozens of vulnerabilities in products from Google, Amazon, IBM, NETGEAR, Adobe, HP, Apple, and others. His research has resulted in numerous CVE assignments and repeated recognition in the Google Application Security Hall of Fame. Craig’s presentations on Google authentication weaknesses have led to considerable security improvements for all Google users. Craig won in track 0 and track 1 of the first ever SOHOpelessly Broken contest at DEF CON 22 by demonstrating 10 0-day flaws in SOHO wireless routers. His research into iOS WiFi problems exposed CVE-2015-3728 that could allow attackers to force devices onto malicious hot spots. Craig has also successfully employed fuzzing techniques to find flaws in a variety of open source software including memory safety issues in PHP, Apache, Perl, Ruby, MatrixSSL, and more. Most recently, Craig was part of the team disclosing the ROBOT attack which affects products from F5, Citrix, Cisco, and others.
Tyler Reguly is the Manager of Security Research and Development with Tripwire. At Tripwire, Reguly is a key member of VERT, Vulnerability and Exposure Research Team, where he focuses on web application security and vulnerability detection. He has also lent his expertise on various projects, including reverse engineering and web application security. He has been involved in industry initiatives, such as CVSS-SIG and WASSEC and has spoken at various security events, including RSA, SecTor, and OWASP Toronto. Additionally, he has contributed to the Computer Systems Technology curriculum at Fanshawe College in London, Ontario, by developing and teaching a number of security-related courses. He is also frequently quoted in industry trade press and is a prolific blogger.
Lane Thames is a senior security researcher with Tripwire’s Vulnerability and Exposure Research Team (VERT). As a member of VERT, Lane develops software that detects applications, devices, and operating systems along with vulnerability detection and management software. He also spends time looking for new vulnerabilities, contributing to the Tripwire State of Security blog, and understanding emerging cybersecurity threats. Lane received his PhD in Electrical and Computer Engineering from the Georgia Institute of Technology and has spent over 15 years working in information technology and software/hardware development.