
DEF CON Training
Offensive IoT Exploitation - $2,600 Early $2,150
Offensive IoT Exploitation
THIS WAS THE LARGEST CLASS AT THE INAUGURAL DEF CON TRAININGS, BOOK YOUR SPOT BEFORE IT FILLS UP!
Trainers
Trevor Hough
- 10+ years in offensive application and network security
- Led and contributed to dozens of security assessments (Red Team, VA, Pen Test)
- DEF CON 26 Black Badge holder (part of 3-person team)
- Member of Pros versus Joes (PvJ) Red Cell
- Managing Partner & Hacker @ Loudmouth Security
Nicholas Coad
- 5+ years in offensive application and network security
- 10+ years in network administration and security operations
- Contributed to dozens of security assessments (Red Team, VA, Pen Test)
- Managed security operations for Fortune 500 company
- Winner of the IoT CTF, DEF CON 27
- Member of Pros versus Joes (PvJ) Red Cell
- Hacker @ Loudmouth Security
Patrick Ross
- 7+ years in offensive security roles
- 10+ years in security architecture
- DEF CON 26 Black Badge holder (part of 3-person team)
- Member of Pros versus Joes (PvJ) Red Cell
- Hacker @ Village Idiot Labs
Trainer(s) social media links: Trevor Stevado & Trevor Hough
Class Description
As IoT becomes more integrated and integral into personal and work lives, there is a growing need to understand the inner workings of IoT devices and ensure these devices are secure. Testing IoT devices for security bridges several skill sets from application security, operating systems penetration testing, wireless signals analysis, and embedded hardware security. While many courses in this industry deal with each topic individually, either taking a deep dive into hardware hacking, teaching advanced web application security, or teaching exploit development of different microarchitectures, we designed this training to take a step back and look at the bigger picture of IoT security testing, teaching the basics of each skill set to bridge the gaps and enable students to apply modern penetration testing techniques to IoT device testing.
Course Outline
The course is broken down into the following sections:
- Introduction to IoT
- Trends in IoT and IoT Security
- Penetration testing Methodology Overview for IoT
- How it differs from other methodologies
- Linux Command Refresher (Command line fu)
- Hardware Recon and Analysis
- Physical Embedded Hardware Inspection
- Includes Analyzing and Identifying Chips, Ports and Circuits Connections
- Hardware analysis
- JTAG
- UART
- SPI
- eMMC
- Hardware attacks
- Glitching (Boot Loader Attacks)
- Side Channel Attacks
- Physical Embedded Hardware Inspection
- Software Recon and Analysis
- Firmware Analysis
- Introduction to Binwalk
- Introduction to Manual Firmware Analysis
- Emulating firmware
- Introduction to QEMU
- IoT Software Protocols
- Configuration & Discovery Protocols (UPnP)
- API’s (REST, SOAP, MQTT)
- Firmware Analysis
- Communication Protocols in IoT
- Wireless Communications Protocols and how to attack them
- BLE
- WIFI
- ZigBee
- Thread
- LoRa
- Wireless Communications Protocols and how to attack them
Technical Difficulty of the class:
Beginner to Intermediate. This is a compressed course and will move quickly.
Students should have:
- A willingness and desire to learn
- Understanding of common networking protocols
- Basic familiarity of virtualization technologies
- Basic familiarity of Windows and Linux
- Basic understanding of penetration testing
Items students will need to provide. What tools, systems, or equipment is required for the student to take the training?
- Laptop with 16GB RAM and at least 40GB free disk space
- External ethernet adapter
- VMware Player/Workstation/Fusion or VirtualBox installed
- Administrator/Root access to their host Operating
A comprehensive 1hr proficiency test will be performed at the end of the course for those students who purchase that option.
Why should you take this course?
We believe firmly that you learn best from doing, which is why our course is jampacked with approximately 10 hands-on exercises throughout the 2 days of the course.
Many courses either scratch the surface of IoT or go very deep into specific topics. Our course strikes a balance between breadth and depth, giving the student a solid foundation from which to start researching IoT Security
We know our stuff – after winning the DEF CON black badge at DEF CON 26, we have been an integral part of the IoT Village both at DEF CON and other conferences throughout the world. Our team developed the IoT 101 Labs that had lineups out the door of IoT Village at DEF CON 27. We have contributed to the IoT CTF since DEF CON 27, and completely redesigned and re-invented the IoT CTF for DEF CON 30, bringing it back to Black Badge status.
We delivered the largest training class at the inaugural DEF CON trainings and received amazing feedback from the students. We expect this course to fill up fast so book your spot today!
Date: April 13th - 14th 2023
TIME: 8am to 5pm PDT VENUE: Meydenbauer Center Bellevue, WA TRAINERS: Trevor Stevado, Trevor Hough, Nicholas Coad, Patrick Ross
- 16 hours of training with a certificate of completion.
-
Note: Classes that do not meet their minimum class size by the deadline will be canceled, please register early.
-
2 coffee breaks are provided per day.
- Note: Food is not included.
Registration terms and conditions:
Trainings are refundable before March 1st, the processing fee is $250.
Trainings are non-refundable after March 10th, 2023.
Training tickets may be transferred. Please email us for specifics.
Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.
DEF CON Communications, Inc.
1100 Bellevue way NE
8A-85
Bellevue, WA 98004