Skip to main content
Offensive IoT Exploitation - $3,800
Offensive IoT Exploitation - $3,800

Offensive IoT Exploitation - $3,800


Offensive IoT Exploitation


Class Description

As IoT becomes more integrated and integral into personal and work lives, there is a growing need to understand the inner workings of IoT devices and ensure these devices are secure. This course teaches security professionals and hackers how to identify and exploit security vulnerabilities in IoT devices. Participants will learn to interact with hardware debug capabilities, communicate with memory devices, and virtualize and analyze firmware. The course also covers various hardware attacks including glitching and side channel attacks, as well as diving into communications protocols, including Bluetooth, Zigbee, Thread and Matter. Participants will gain hands-on experience with industry tools and techniques. This course is suitable for security professionals, penetration testers, and hackers with basic programming and computer system knowledge, and equips them with skills to discover new vulnerabilities in IoT devices.

Course Outline

The course is broken down into the following sections:

  1. Introduction to IoT and Embedded Device Hacking

    • Overview of devices & device architectures
    • What is firmware?
    • Introduction to digital signals analysis
  2. Interacting with Hardware Debugging Interfaces

    • Overview of hardware debugging interfaces
      1. UART
      2. JTAG
    • Using UART and JTAG to debug or extract firmware from devices
  3. Analyzing Firmware for Security Vulnerabilities

    • Extracting firmware from binary files
    • Tools for analyzing firmware, including disassemblers and debuggers
    • Overview of common vulnerabilities found in IoT
    • Where to look for vulnerabilities
    • Reverse engineering firmware
    • Identifying security vulnerabilities using code analysis and fuzzing
  4. Communicating with Memory Devices

    • Overview of memory devices commonly used in IoT systems, such as flash memory, EEPROM, and SD cards
    • Communicating with common memory devices
      1. SPI Flash
      2. eMMC
    • Challenges encountered when communicating with memory devices
  5. Glitching and Side Channel Attacks

    • Overview of glitching and side channel attacks
    • Identifying vulnerabilities through glitching and side channel attacks
    • Tools for performing glitching and side channel attacks
  6. Virtualizing Firmware

    • Overview of firmware virtualization
    • Reasons for virtualizing firmware
    • Techniques for virtualizing firmware, such as emulators and hypervisors
    • Advantages and disadvantages of firmware virtualization
  7. Communications Protocols in Embedded Systems

    • Overview of communications protocols commonly used in IoT systems, such as Bluetooth, and Zigbee, Thread and Matter
    • Overview of application protocols such as MQTT and UPnP
    • Analyzing and reverse engineering communications protocols
    • Tools and techniques for sniffing and spoofing communications protocols


Trevor Stevado

Trevor Stevado is a renowned security consultant and the founder of Loudmouth Security. With over 15 years of experience in the industry, Trevor has developed a deep understanding of cyber security and is recognized as an expert in his field. In 2018, Trevor won a Black Badge in the IoT CTF at DEF CON 26, and since then, he has been a regular contributor to IoT Village. In fact, he's now one of the founders of the new Embedded Systems Village, where he continues to push the boundaries of security research.

In addition to his technical expertise, Trevor is an exceptional teacher with a proven track record of success. He's adept at explaining complicated technical findings to executive management teams, and he's spent years mentoring younger hackers coming into the field. Trevor's ability to teach stems from his passion for the subject matter and his dedication to continuous learning. He's always seeking out new information and insights, which he incorporates into his courses to provide the most up-to-date and relevant training possible.

Trevor Hough

Trevor Hough is a partner and passionate security researcher at Loudmouth Security. With extensive experience participating in large-scale cyber training operations involving embedded systems, Trevor has become a recognized expert in his field. He has an insatiable curiosity and has performed research on some of the weirdest and coolest embedded systems around, discovering and disclosing bugs in the process.

Trevor has a deep technical knowledge and passion for security that's evident in his work. He won a Black Badge in the IoT CTF at DEF CON 26 and has been a regular contributor to DEF CON ever since. Trevor is part of the team that's bringing the new Embedded Systems Village to DEF CON 31, where he's excited to push the envelope of bigger, cooler, and more exotic systems that attendees can interact with. He is a highly skilled trainer who's always eager to share his knowledge and experience with others.

Nicholas Coad

Nicholas is a consultant at Loudmouth Security and an accomplished PCB designer with extensive knowledge of hardware. He brings his expertise to our training team, where he's an invaluable asset. Nicholas is also a regular contributor to IoT Village and part of the team behind the new Embedded Systems Village.

Prior to joining Loudmouth Security, Nicholas worked as an IT administrator for industrial and manufacturing companies, where he gained invaluable experience about the practical applications of embedded systems. This hands-on experience gives him a unique perspective that he brings to this training.

Nicholas is an exceptional trainer with a passion for sharing his knowledge and experience with others. He's a key member of our team, and his expertise in PCB design and embedded systems makes him an invaluable resource to our students.

Patrick Ross

Patrick is a seasoned security expert with a wealth of experience in the field. As a member of the team that won the Black Badge at DEF CON 26 in the IoT CTF, Patrick is recognized as one of the top experts in his field. He's also a DEF CON goon and an integral part of the team behind the new Embedded Systems Village.

Patrick's expertise lies in the virtualization of embedded devices, and he's one of the key researchers behind the MIPS-X project. His deep technical knowledge and experience make him a valuable asset to Loudmouth Security's training team.

In addition to his technical skills, Patrick is an exceptional teacher with superb teaching skills. He's passionate about sharing his knowledge and experience with others, and he's committed to helping organizations stay ahead of the latest cyber threats.

Class Break Down

Day 1 Day 2
0800 Intro to IoT and Embedded Devices Communicating with Memory Devices
Interacting with Hardware Debugging Interfaces Glitching and Side Channel Attacks
Virtualizing Firmware
1200 Lunch
1300 Interacting with Hardware Debugging Interfaces (cont’d) Communications Protocols in Embedded Systems
Analyzing Firmware for Security Vulnerabilities
1800 End of Day 1hr Proficiency Test

Technical Difficulty of the class:

Beginner to Intermediate. This is a compressed course and will move quickly.

Students should have:

  • A willingness and desire to learn
  • Understanding of common networking protocols
  • Basic familiarity of virtualization technologies
  • Basic familiarity of Windows and Linux
  • Basic understanding of penetration testing

Students should bring:

  • Laptop with 16GB RAM and at least 50GB free disk space
  • External ethernet adapter
  • VMware Player/Workstation/Fusion installed
  • Administrator/Root access to their host Operating

We believe firmly that you learn best from doing, which is why our course is jampacked with hands-on exercises throughout the 2 days of the course.

Many courses either scratch the surface of IoT or go very deep into specific topics. Our course strikes a balance between breadth and depth, giving the student a solid foundation from which to start researching IoT Security

We know our stuff – after winning the DEF CON black badge at DEF CON 26, we have been an integral part of the IoT Village both at DEF CON and other conferences throughout the world. Our team developed the IoT 101 Labs that had lineups out the door of IoT Village at DEF CON 27. We have contributed to the IoT CTF since DEF CON 27, but starting this year our team is launching a completely new DEF CON Village - Embedded Systems Village.


DATE: November 2nd-3rd 2024
TIME: 8am to 5pm
VENUE: Meydenbauer Center Bellevue, WA
TRAINER: Trevor Stevado, Trevor Hough, Nicholas Coad, Patrick Ross

- 16 hours of training with a certificate of completion.
- 2 coffee breaks are provided per day
- Note: Food is not included

Registration terms and conditions:

Trainings are refundable before August 15th, the processing fee is $250.

Trainings are non-refundable after September 1st, 2024.

Training tickets may be transferred. Please email us for specifics.

Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.