Book Description
IoT is an upcoming trend in the IT industry today; there are a lot of IoT devices on the market, but there is a minimal understanding of how to safeguard them. If you are a security enthusiast or pentester, this book will help you understand how to exploit and secure IoT devices.
This book follows a recipe-based approach, giving you practical experience in securing upcoming smart devices. It starts with practical recipes on how to analyze IoT device architectures and identify vulnerabilities. Then, it focuses on enhancing your pentesting skill set, teaching you how to exploit a vulnerable IoT device, along with identifying vulnerabilities in IoT device firmware. Next, this book teaches you how to secure embedded devices and exploit smart devices with hardware techniques. Moving forward, this book reveals advanced hardware pentesting techniques, along with software-defined, radio-based IoT pentesting with Zigbee and Z-Wave. Finally, this book also covers how to use new and unique pentesting techniques for different IoT devices, along with smart devices connected to the cloud.
By the end of this book, you will have a fair understanding of how to use different pentesting techniques to exploit and secure various IoT devices.
What You Will Learn
- Set up an IoT pentesting lab
- Explore various threat modeling concepts
- Exhibit the ability to analyze and exploit firmware vulnerabilities
- Demonstrate the automation of application binary analysis for iOS and Android using MobSF
- Set up a Burp Suite and use it for web app testing
- Identify UART and JTAG pinouts, solder headers, and hardware debugging
- Get solutions to common wireless protocols
- Explore the mobile security and firmware best practices
- Master various advanced IoT exploitation techniques and security automation
Table of Contents
1: IoT Penetration Testing
- Introduction
- Defining the IoT ecosystem and penetration testing life cycle
- Firmware 101
- Web applications in IoT
- Mobile applications in IoT
- Device basics
- Introduction to IoT's wireless communications
- Setting up an IoT pen testing lab
2: IoT Threat Modeling
- Introduction
- Getting familiar with threat modeling concepts
- Anatomy of threat modeling an IoT device
- Threat modeling firmware
- Threat modeling of an IoT web application
- Threat modeling an IoT mobile application
- Threat modeling IoT device hardware
- Threat modeling IoT radio communication
3: Analyzing and Exploiting Firmware
- Introduction
- Defining firmware analysis methodology
- Obtaining firmware
- Analyzing firmware
- Analyzing filesystem contents
- Emulating firmware for dynamic analysis
- Getting started with ARM and MIPS
- Exploiting MIPS
- Backdooring firmware with firmware-mod-kit (FMK)
4: Exploitation of Embedded Web Applications
- Introduction
- Getting started with web app security testing
- Using Burp Suite
- Using OWASP ZAP
- Exploiting command injection
- Exploiting XSS
- Exploiting CSRF
5: Exploiting IoT Mobile Applications
- Introduction
- Acquiring IoT mobile applications
- Decompiling Android applications
- Decrypting iOS applications
- Using MobSF for static analysis
- Analyzing iOS data storage with idb
- Analyzing Android data storage
- Performing dynamic analysis testing
6: IoT Device Hacking
- Introduction
- Hardware exploitation versus software exploitation
- Hardware hacking methodology
- Hardware reconnaissance techniques
- Electronics 101
- Identifying buses and interfaces
- Serial interfacing for embedded devices
- NAND glitching
- JTAG debugging and exploitation
7: Radio Hacking
- Introduction
- Getting familiar with SDR
- Hands-on with SDR tools
- Understanding and exploiting ZigBee
- Gaining insight into Z-Wave
- Understanding and exploiting BLE
8: Firmware Security Best Practices
- Introduction
- Preventing memory-corruption vulnerabilities
- Preventing injection attacks
- Securing firmware updates
- Securing sensitive information
- Hardening embedded frameworks
- Securing third-party code and components
9: Mobile Security Best Practices
- Introduction
- Storing data securely
- Implementing authentication controls
- Securing data in transit
- Securely using Android and iOS platform components
- Securing third-party code and components
- Employing reverse engineering protections
10: Securing Hardware
- Introduction
- Hardware best practices
- Uncommon screw types
- Antitamper and hardware protection mechanisms
- Side channel attack protections
- Exposed interfaces
- Encrypting communication data and TPM
11: Advanced IoT Exploitation and Security Automation
- Introduction
- Finding ROP gadgets
- Chaining web security vulnerabilities
- Configuring continuous integration testing for firmware
- Configuring continuous integration testing for web applications
- Configuring continuous integration testing for mobile applications
SKU | 031036SE |
---|---|
Weight | 0.0000 |
Coming Soon | No |
Days of Training | No |
Audience | Student |
Product Family | Partnerware |
Product Type | Digital Courseware |
Electronic | Yes |
ISBN | No |
Language | English |
Page Count | No |
Curriculum Library | IoT |
Year | No |
Manufacturer's Product Code | No |
Current Revision | 1.0 |
---|---|
Revision Notes | No Revision Information Available |
Original Publication Date | 2018-10-17 00:00:00 |