Kaspersky ICS CERT Hands-on: IoT vulnerability research and exploitation training

This is Pre-Header-Content

Лаборатория Касперского

Meet and greet the new world of smart everything! It is everywhere around us: above, below and on us. Most of the IoT and smart devices make our life easier and much more interesting. But is there anything hidden behind this usability and simplicity?

Kaspersky ICS CERT is conducting a practical course in IoT vulnerability research and exploitation training in association with (ISC)² Bangalore Chapter. This class provides a deep dive into hardware analysis, firmware extraction and analysis, vulnerability research and exploitation.

Trainers

Roland Sako, Swiss Security Researcher, ICS CERT Vulnerability Research
Sergey Temnikov, Senior Security Researcher, ICS CERT Vulnerability Research

Location: Radisson Blu Bengaluru Outer Ring Road, Bangalore

Date: July 2 – 4, 2019
Duration: 3 days
This training aims to introduce the participants to conducting security assessments of Internet of Things (IoT) devices. We will start by drawing the big picture and briefly introducing some IoT-related definitions. We will then go through the methodology for analyzing such targets – from knowing nothing about the device to understanding its functioning well enough to start looking for software and hardware vulnerabilities. Mainly practical (80%), this training is organized by types of attack vector and uses hands-on exercises backed by enough theory to allow you to approach most cases when faced with real-life devices.
During this course, will be given a set of real devices and a step-by-step methodology that will help you identify and exploit vulnerabilities.

Class plan

  • Meet the devices. Identifying research surface: input and output interfaces, communication channels and architecture
  • Firmware analysis: different practical ways of extraction
  • OS identification and analysis
  • IoT firmware and binaries static analysis
  • IoT firmware and binaries dynamic analysis
  • Breaking stuff: firmware modification, patching, vulnerability identification, analysis and exploitation

Topics

  • Hardware analysis
  • Firmware extraction
  • Unpacking/repacking
  • Firmware analysis
  • Firmware parts reverse engineering
  • Vulnerability research
  • Vulnerability exploitation
  • Mitigation strategies

Prerequisites

  • Understanding of ARM architecture
  • Basic knowledge of C/C++, script languages
  • Basic understanding of Unix-like systems

Requirements

Hardware & Software requirements: laptop with VMWare / VirtualBox virtualization solution
To Register