Offensive Internet of Things Exploitation Training @ BlackHat

. 2 min read

BlackHat 2015 was the first run of our IoT security training class named “Offensive Internet of Things Exploitation” and it was a HUGE success.

The class got sold out quite fast, much faster than we expected. In fact, we had to increase a few seats in both the batches of our class before limiting further registrations.

The training course was delivered by Attify’s founder Aditya Gupta and was an intensive 2-day hands-on class with lots of exercises and challenges to help attendees understand the security issues with the Internet of Things.

Some pictures from our class :


IoT Hacking Training

IoT Penetration Testing

Internet of Things Penetration Testing

Tinkering with Hardware

The class was divided into 3 sections :

  1. Embedded Device Security Analysis and Exploitation
  2. Mobile/Web Based vulnerabilities
  3. Radio Communications Security

This is indeed the 3 sections on which consists of any Internet of Things architecture – and we decided to approach the problem of IoT security in a similar fashion. Some of the topics that we will cover in our upcoming training classes are  :

  1. IoT architecture and attack surface analysis
  2. ARM and MIPS based vulnerabilities
  3. Firmware Analysis and finding vulnerabilities
  4. UART, SPI and JTAGs
  5. Dumping firmwares from the device and bug hunting
  6. Modifying and Backdooring firmwares
  7. Security vulnerabilities in communication protocols and implementation
  8. Common Mobile App based security issues

We have many more upcoming classes in various security events – Brucon, BlackHat EU etc. and are also offering private versions of the training class. Contact us here to know more about our training offerings.