IoT Security Training by TechMaker
2-Day Training | Hybrid
| 22-23 November 2021

IoT Security Training by TechMaker

During this two day training we are going to discuss threat model of IoT devices with backend interaction. Our examples are based on STM32 and ESP32 microcontrollers, SDR demonstrations are done with bladeRF 2.0.
YOU WILL BE USING YOUR HITB BADGE AS AN IOT HACKING DOLL AND YOU’LL BE ABLE TO PUMP YOUR SKILLS BY SOLVING OVER A DOZEN SPECIALLY CRAFTED CTF-LIKE CHALLENGES!
Head of Embedded Dept, Thea Auto
Embedded developer, Thea Auto

Available seats

TBA

Difficulty

Advanced
US$ 2,399

Attend in-person

at ADNEC Abu Dhabi

Attend online

via Livestream

Date

22-23 November 2021

Time

09:00 to 17:00 GST/GMT+4
To be announced

Online attendees on Nov 22-23 will be present via Zoom and Discord but will not have a practical part of training. HITB Badge and additional hardware will be shipped to online attendees after all registrations are confirmed. A separate single day online session with hardware practice will be scheduled in the second half of December as soon as all attendees confirm their mail package received.

 

_______________________________________________________________________________

Microcontrollers and embedded devices are all around us. Cheap hardware has many integrated basic communication methods, including access to the Internet. At the same time, there are almost no built-in security features in most microcontrollers to protect code from reverse engineering, cloning, finding hardcoded keys and accessing backend API endpoints that device uses.

During this two day training we are going to discuss threat model of IoT devices with backend interaction. Our examples are based on STM32 and ESP32 microcontrollers, SDR demonstrations are done with bladeRF 2.0.

TechMaker’s blog: https://blog.techmaker.ua/en

You will be using your HITB Badge as an IoT hacking doll and you’ll be able to pump your skills by solving over a dozen specially crafted CTF-like challenges!

  • CISO, system architects and project leads to better understand IoT cybersecurity risks and threat models
  • Penetration testers and embedded engineers hoping to learn more about IoT hacking and how to secure your code and hardware
  • Bug bounty hunters who wants to start working on hardware/IoT projects
  • Basic UNIX/Linux knowledge
  • Basic Understanding of computer architecture
  • Feel free to contact us and discuss what you need to read/learn before the training begins info@techmaker.ua
  • Analyze attack surface and create threat model of IoT devices
  • Audit an existing device on vulnerabilities in device architecture, firmware and hardware design
  • Analyze RF signals and decode data payload
  • Proactively participate in cybersecurity decision-making when designing a new IoT device
  • Conduct pentesting on IoT projects based on MCUs (ARM Cortex-M, ARM Cortex-A, xTensa, RISC-V)
  • Laptop with macOS or Linux-based OS
  • ESP-IDF, esptool
  • GHIDRA, radare2, Cutter + Rizin
  • Firefox
  • sigrok + PulseView
  • Universal Radio Hacker
  • Burp
  • Gobuster
  • Sqlmap
  • Anubis
  • bettercap + compatible WIFI adapter (built-in or USB). Compatible == supports monitor mode

+Testimonials

No data was found

+agenda

Title

Details

Date

Day 1 - IoT Security Training

1. What is a microcontroller?
2. Comparing architectures and toolchains
3. Hardware interfaces: I2C, SPI, UART, USB, CANbus
4. How to read PCBA and find valuable stuff
5. Analysing digital data
6. JTAG, bootloaders, secure boot, root of trust, FUSEs
7. Wireless connectivity. Threat model, attack vectors
8. Device to backend connection architecture: MQTT, HTTPS, TLS

TBA
Day 2 - IoT Security Training

9. Intercepting wired data
10. Intercepting wireless data
11. Reverse engineering binary firmware obtained from debug interface or OTA update
12. Analysing backend infrastructure: anubis -> gobuster, Firefox + Burp + sqlmap
13. Expert topics. Side-channel attacks, ChipWhisperer
14. Expert topics. Using SDR and blank SIM cards to capture 4G traffic

TBA

Book your spot for this training

+TRAINERS

Andrey Voloshin
Head of Embedded Dept, Thea Auto

Head of Embedded dept at Thea Auto, a connected cars company, developing systems & software for car telemetry. Additionally teaching application security at TechMaker (https://techmaker.ua) – a special appsec course for software developers explaining every aspect of the backend, frontend, mobile applications security, hardware security, including side-channel attacks and RF-signals hacking.

Sasha Olenyev
Embedded developer, Thea Auto

Embedded developer at Thea Auto, a connected cars company, developing systems & software for car telemetry. Additionally teaching firmware development at TechMaker (https://techmaker.ua) – an embedded programming course featuring STM32 ARM-based development boards.

+OTHER COURSES YOU MIGHT BE INTERESTED IN

x86-64 All You Can Learn Buffet!
US$ 4,299
x86-64 All You Can Learn Buffet!

This class is run a little different from most classes. We provide you purpose-built recorded lectures instead of trapping you in realtime with live-lectures. But fear not, the instructor is always right there eagerly waiting to mingle with the students and answer any questions you have. (The instructor really likes being asked questions. It shows you're paying attention ;)). One of many benefits is that you can watch lectures at 2x speed and zoom ahead of the other students and get to the hands on labs quicker. Or if there's bits of material you already know, you can just skip them and move on to the bits you don't know! Another big benefit is that you get to take the full lectures and labs with you! That means if you forget stuff and then need it in 6 months, you can quickly re-bootstrap yourself! Or you can watch the class twice, to really grow those neural connections and cement it in your brain! And unlike live lectures, our lectures are always getting more factually accurate, by having any accidental errors edited out.


Go HERE to join the 2-day x86-64 Assembly class. Or,
Go HERE to join the 2-day x86-64 OS Internals class. Or,
Go HERE to join the 4-day x86-64 Reset Vector Firmware class.
4-Day Training Hybrid
x86-64 Reset Vector Firmware
US$ 2,299
x86-64 Reset Vector Firmware

This class is designed to give you all the background you need to understand how x86-64 reset vector firmware works, and what the most common security misconfigurations are. It will prepare you to be able to read and understand the existing attack and defense research in the space, taking an explicit walk through of the attack and defense moves and counter-moves threat tree. And as always, this classes teaches you to be comfortable with Reading The Fun Manual (RTFM!) to go seek out the most accurate details of how things work, and to see out new problems in new areas that no one's read yet with a security mindset.

You can also opt to attend this class on 23 & 24 Nov instead. To do so, just email info@cyberweek.ae

Go HERE to join the 2-day x86-64 Assembly class. Or,
Go HERE to join the 2-day x86-64 OS Internals class. Or,
Go HERE to join the 4-day x86-64 All You Can Learn Buffet class.
2-Day Training Hybrid
x86-64 OS Internals
US$ 2,299
x86-64 OS Internals

This class teaches you about the fundamental hardware mechanisms which all operating systems, virtualization systems, and firmware *must* interact with in order to run successfully on x86 hardware. This is taught in a *mostly* OS-agnostic way focusing on Intel-isms rather than OS-isms (albeit with using Windows as reinforcement, thanks to its excellent kernel-level debugging support.) This class also teaches you to be comfortable with Reading The Fun Manual (RTFM!) to give you self-sufficiency when seeking out the most accurate details of how things work.

You can also opt to attend this class on 23 & 24 Nov instead. To do so, just email info@cyberweek.ae

Go HERE to join the 2-day x86-64 Assembly class. Or,
Go HERE to join the 2-day x86-64 Reset Vector Firmware class. Or,
Go HERE to join the 4-day x86-64 All You Can Learn Buffet class.
2-Day Training Hybrid
x86-64 Assembly
US$ 2,299
x86-64 Assembly

This class teaches you how to disassemble binaries, read x86-64 assembly language, and debug black-box binaries in WinDbg and GDB. This knowledge of assembly is the fundamental skill which is required to learn reverse engineering and vulnerability exploitation. Reverse engineering is in turn a fundamental skill which is required for malware analysis and vulnerability hunting.

 

You can also opt to attend this class on 23 & 24 Nov instead. To do so, just email info@cyberweek.ae

 
Go HERE to join the 2-day x86-64 OS Internals class. Or,
Go HERE to join the 2-day x86-64 Reset Vector Firmware class. Or,
Go HERE to join the 4-day x86-64 All You Can Learn Buffet class.  
2-Day Training Hybrid