IoT Hack Labs
Over the years, I’ve found dozens of vulnerabilities affecting a wide array of embedded devices including routers, cameras, baby monitors, televisions, and various home automation products. In 2015, I began documenting the tools and techniques which worked best for me and developed a series of hands-on labs to teach the fundamental skills of software based device hacking.
My training sessions and workshops teach students how to find and exploit bugs. All classes focus on lab exercises using a provided VM along with an online learning portal. Most lab exercises make use of virtualized vulnerable components from real-world devices that I have found vulnerabilities in.
The topics planned for this year are as follows:
- Exploiting Embedded HTTP Servers with curl
- Finding and exploiting command injection within firmware
- Fuzzing for vulnerabilities in a SOAP API
- Building and delivering advanced exploit payloads
- Virtualizing device firmware
- Exploiting DNS rebinding to attack local devices
- Drive-by Rick Rolling
Available Training Dates
|A Guided Tour of Embedded Software Hacks||Jul 9-10||Shakacon X||ALL|
|A Guided Tour of Embedded Software Hacks||Aug 4-5||Black Hat USA||ALL|
|Intro to Brainwashing Embedded Systems||Oct 1||SecTor||1-3|
|Brainwashing Embedded Systems (Advanced)||Oct 1||SecTor||4-6|