IoT Exploitation


IoT or the Internet of Things is one of the most upcoming trends. However, within the growth of many new devices coming up every few months, not much attention has been paid to its security until now. The course will be based on both theoretical and practical use of vulnerabilities in IoT devices, IoT devices architecture, identifying attack surfaces, and exploiting IoT vulnerabilities.

Duration: 40 Hours

Target Audience
• Governmental bodies, army and security officials
• Private organizations that are interested in preparing their teams for IoT offensive exploitation
• Security Professionals and Penetration Testers
• SOC Analysts
• IoT Developers

• ThinkCyber Level-2 Courses

• Becoming familiar with IoT
• Acquiring the necessary techniques and tools for IoT exploitation
• Mapping IoT devices
• Firmware exploitation and analysis
• Learning to attack and defend both locally and remote IoT devices



Module 1: Introduction to IoT Security

During this module, students will learn about IoT and smart devices, IoT device architecture analyzation, and breaking it down to individual components, techniques, and tools. Students will learn to find vulnerabilities all around the internet using smart queries.

  • Fundamental Concepts
    • Understanding Firmwares
  • Filesystems
  • Kernel
  • Bootloader
    • Retrieving Firmwares
    • IoT Protocols
  • Zigbee
  • GSM
  • zWave
  • 6LoWPAN
  • Ethernet and WiFi
  • Mapping the Internet
    • Mapping Attack Surface of an IoT Device
    • Setting up Debian-OS for IoT Penetration Testing
    • Nmap Basics
  • Scanning and Enumerating
  • OS Detection
  • NSE with IoT
    • Banner Grabbing Techniques
    • IoT Mapping with Shodan
  • Shodan History
  • Searching with CLI
  • CVE Detection

Module 2: Embedded oS

In this module, students will get familiar with Linux and network-based exploitation and use their skills in IoT environments.

  • Introduction to Embedded OS
    • Working with SquashFS
    • Using Binwalk
  • U-Boot Version Detection
  • Extracting the SquashFS
    • Detecting Default Password
  • Finding Sensitive Files
  • Offline Brute-Forcing Password Files
    • Analyzing System Files
  • Finding Preset iptables
  • Researching Existing Scripts

Module 3: Dynamic Firmware Analysis

A firmware is running embedded systems and IoT devices, which holds sensitive information and data. This module will help us analyze firmware and extract them. Also, identifying vulnerabilities in the firmware of IoT devices.

  • Emulating Firmware Binary
    • Mimicking Chroot and Understanding QEMU
    • Deploying Firmadyne
  • Requirements and Problem Mitigation
  • Building the MySQL Database
    • Components of Firmadyne
  • Extractor
  • getArch
  • tar2db
  • makeImage
  • inferNetwork
    • Automating the Deployments
  • FAT – Old Automater
  • Firmadyne-Launcher – New Automater
    • Weaponising Firmwares
  • Crafting Custom Firmwares using Firmware-Mod-Kit
  • Backdooring Firmwares using Buildroot
  • Uploading Armed Firmwares Undetectably

Module 4: Software-Based Exploitation

In this module, we will cover the IoT devices software’s aspects, preforming exploitation on ARM and MIPS architectures. We will also identify command injection vulnerabilities in firmware binaries and attack mobile web apps.

  • Common Exploitation Techniques
    • ReadELF
    •  Intro to MIPS and ARM
    • Binary Debugging and Disassembling
  • Buffer Overflow
  • Exploitation with GDB
  • Analyzing Open-Source Codes
    • Debugging Services o Understanding UART, SPI, I2C, and JTAGs Concepts
    • Web application Security for IoT
    • Installing BurpSuite and Setting Proxy Interruption
    • BurpSuite Components
  • Spider
  • Proxy
  • Intruder
  • Repeater
  • Sequencer
  • Decoder
    • Exploitation with Command Injection
  • Exploitation with CSRF and XSS
  • Blind Command Injection
    • Online Brute-Force Basics
  • SSH Cracking using Hydra
  • Launching Crowbar against RDP

Module 5: Attacking Techniques

This module will expose the students to two of the most popular frameworks for IoT-Exploitation, the Metasploit Framework, aimed to perform attacks against hosts, and Routersploit, designed against Router with Linux-Embedded FS.

  • Metasploit and Routersploit
    • Understanding CVE and Vulnerability
  • MiTRE and ExploitDB
  • SearchSploit
  • Launching Automatic Attacks
  • Understanding Railgun
    • Routersploit – Metasploit For IoT
  • Scanning
  • Exploitation