IoT Hack Labs

Over the years, I’ve found dozens of vulnerabilities affecting a wide array of embedded devices including routers, cameras, baby monitors, televisions, and various home automation products. In 2015, I began documenting the tools and techniques which worked best for me and developed a series of hands-on labs to teach the fundamental skills of software based device hacking.

My training sessions and workshops have taught hundreds of students about how to find and exploit bugs. All classes focus on lab exercises using a provided VM along with an online learning portal. Most lab exercises make use of virtualized vulnerable components from real-world devices that I have found vulnerabilities in.

This year, I will be doing things a little differently by having a stronger focus on building the fundamental Linux skills needed to perform effective security audits.

Black Hat USA

Title: An Introduction To IoT Pentesting with Linux
Dates: August 5-6, 2019 (Las Vegas, USA)
Register Here

The goal of this class is to help students of all backgrounds learn how to better use Linux for vulnerability research with an emphasis on IoT. This two-day, comprehensive training covers topics ranging from basic router hacking all the way to sophisticated DNS rebinding exploitation. Students will learn fundamental Linux concepts needed to effectively analyze, emulate, and exploit devices. Each lesson concludes with a walkthrough of different vulnerabilities from initial analysis and discovery through exploitation.

Topics include:

  • Firmware component emulation
  • Router authentication bypass and password disclosure
  • HTTP command injection
  • UPnP API vulnerability
  • CSRF with automated target discovery
  • DNS rebinding

Students will learn about technologies and tools including:

  • QEMU
  • Binwalk
  • BASH
  • cURL
  • Python
  • JavaScript

SecTor 2019

Title: Brainwashing Embedded Systems Deep Dive
Dates: October 7-8, 2019 (Toronto, ON)
Registration Not Yet Open