IoT Hack Labs

Over the years, I’ve found dozens of vulnerabilities affecting a wide array of embedded devices including routers, cameras, baby monitors, televisions, and various home automation products. In 2015, I began documenting the tools and techniques which worked best for me and developed a series of hands-on labs to teach the fundamental skills of software based device hacking.

My training sessions and workshops teach students how to find and exploit bugs. All classes focus on lab exercises using a provided VM along with an online learning portal. Most lab exercises make use of virtualized vulnerable components from real-world devices that I have found vulnerabilities in.

The topics planned for this year are as follows:

  1. Exploiting Embedded HTTP Servers with curl
  2. Finding and exploiting command injection within firmware
  3. Fuzzing for vulnerabilities in a SOAP API
  4. Building and delivering advanced exploit payloads
  5. Virtualizing device firmware
  6. Exploiting DNS rebinding to attack local devices
  7. Drive-by Rick Rolling

Available Training Dates

Title Date Location Topics
A Guided Tour of Embedded Software Hacks Jul 9-10 Shakacon X ALL
A Guided Tour of Embedded Software Hacks Aug 4-5 Black Hat USA ALL
Intro to Brainwashing Embedded Systems Oct 1 SecTor 1-3
Brainwashing Embedded Systems (Advanced) Oct 1 SecTor 4-6