T5: iot security bootcamp

Training Details

3-DAY TRAINING, 2-4 SEPTEMBER @ MEERVAART AMSTERDAM
TICKET PRICE: €1800 EX BTW + €330 HARDWARE KIT


The IoT Security Bootcamp is a meticulously designed, hands-on training program aimed at demystifying the complexities of IoT security for professionals and enthusiasts alike. In this course, participants are immersed in a rigorous curriculum that spans a broad spectrum of critical topics, from Linux-based firmware analysis to the nuances of hardware hacking and the intricacies of wireless communication technologies such as Zigbee, Bluetooth Low Energy (BLE), and proprietary wireless protocols.

This training distinguishes itself by offering a deep-dive into the foundations underpinning IoT devices and systems. Participants will delve into the architecture of Linux-based firmware, gaining insights into how these systems operate and how they can be exploited. The course also goes into hardware hacking, covering essential techniques for interfacing devices (UART, JTAG, and SWD), data a rest and in motion (I2C and SPI).

A significant portion of the bootcamp is dedicated to wireless technologies, a cornerstone of IoT functionality. Attendees will explore BLE and Zigbee protocols in detail, learning how to capture, analyze, and exploit communications. The course also covers proprietary wireless protocols (433, 866, 915 MHz), offering strategies for reverse engineering and securing these less-documented interfaces.

This bootcamp follows a learning-by-hacking approach. Each participant receives an IoT Security Hacking Kit, equipped with tools and devices to complete the course, as well as continue working in this area in the long run. This approach ensures that attendees not only understand the theoretical aspects of IoT security but also acquire practical skills in real-world hacking and testing scenarios.

By the end of the bootcamp, participants will have achieved a comprehensive understanding of IoT security technologies and testing methodologies. They will be proficient in evaluating IoT architectures, identifying and exploiting vulnerabilities, and employing security testing methodologies across various communication protocols and interfaces.

The bootcamp is designed to empower participants to:

  • Analyze and exploit Linux-based firmware in IoT devices.
  • Conduct hardware hacking, interfacing directly with device components to uncover vulnerabilities.
  • Intercept, analyze, and exploit wireless communications, including BLE, Zigbee, and proprietary protocols.
  • Employ advanced security testing methodologies to assess and improve the security posture of IoT systems.

Students will be provided with:

  • All slides in PDF format
  • AnalyzeIoT Lab Manual in PDF format
  • AnalyzeIoT Security Hacking Kit v2

Contents of the kit:

  • 2 x NRF52840 DK (target devices)
  • Software defined radio (SDR) kit
  • BLE sniffing tools
  • BLE dongles
  • USB to serial adapter
  • Breadboard + jumper cables
  • EEPROM
  • Zigbee sniffer
  • Digital Multimeter and USB cables
  • and more

Note: the content of the kit varies per session based on the content and availability.

Prerequisites

Any prior knowledge of IoT and the technologies in class are usefull.

Basic knowledge of Linux or UNIX (especially bash) and security is always an advantage, but not required. It is assumed that attendees will have no knowledge of the topics of the class.

Training Outline

Introduction to IoT Security

  • Overview of IoT Security Challenges
  • The IoT Ecosystem and its Vulnerabilities
  • Common Attack Vectors in IoT Devices and Systems
  • Review of Real-World IoT Security Incidents
  • IoT Security Best Practices and Mitigation Strategies
  • IoT Security frameworks, methodologies and regulatory changes

IoT Security Hacking Kit

  • Introducing all tools and targets
  • Introduction to the Nordic NRF Connect Desktop
  • Setup and flashing of the SevenThings IoT devices (custom devices designed for the course based on the NRF52 platform using BLE and Zigbee) - This is the central target device for the training

Linux-Based Firmware Analysis

  • Role of Linux in IoT Devices
  • Firmware Extraction Techniques
  • Analyzing and Identifying Vulnerabilities in Firmware
  • Handling firmware encryption
  • Emulate parts of and entire firmware
  • Adding a backdoor and re-building firmware

Hardware Hacking Fundamentals

  • Introduction to Hardware Interfaces (UART, SPI, I2C, JTAG, and SWD)
  • Techniques for Circuit Analysis and Signal Manipulation
  • Hands-on labs with each of the mentioned interfaces

Bluetooth Low Energy (BLE) Security

  • BLE Protocol Basics
  • Sniffing and Analyzing BLE Communications
  • Performing Man-in-the-Middle (MiTM) Attacks

Zigbee Security

  • Exploring Zigbee Communication
  • Techniques for Sniffing and Decoding Zigbee Traffic
  • Zigbee Device Exploitation Methods

Dealing with Proprietary Wireless Protocols

  • Introduction to Software Defined Radio
  • Reverse Engineering Proprietary Wireless Communications

Hardware Requirements

  • Android Smartphone (running Android 7 o newer) - will used to run standard applications from the PlayStore --- will not be hacked
  • USB-A Hub (at some point we connect 3 USB-A devices to the laptop) - powered is better -- optional but encouraged
  • Laptop with at least the following requirements:
    • 64-bit processor with 64-bit operating system (Linux is recommended, but Windows and IOS will work as well)
    • VT or other 64-bit virtualization settings enabled in your BIOS to run 64-bit VMs
    • At least eight (8) GB of RAM, recommended sixteen (16) GB if possible
    • At least fifty (50) GB of free hard drive space
    • Current virtualization software, both VmWare and VirtualBox will work
    • Access to an account with administrative permissions and the ability to disable all security software on their laptop such as Antivirus and/or firewalls if needed for the class.

Software Requirements

  • Current virtualization software, both VmWare and VirtualBox will work
  • Access to an account with administrative permissions and the ability to disable all security software on their laptop such as Antivirus and/or firewalls if needed for the class.

PABLO ENDRES

Founder - SefenShift GmbH
Experienced security consultant and Professional Hacker


Pablo’s career has taken place mostly doing security in a variety of industries, and roles (from defensive to offensive, and builder). In the last couple of years, he has been working mainly on IoT security, testing dozens of devices, training students on its nuances and supporting many clients to secure their products. Pablo, frequently teaches at top international security conferences such as Black Hat, BruCON, RomeHack, Nullcon, and more.