Kaspersky ICS CERT Hands-on: IoT vulnerability research and exploitation training
This is Pre-Header-Content
Meet and greet the new world of smart everything! It is everywhere around us: above, below and on us. Most of the IoT and smart devices make our life easier and much more interesting. But is there anything hidden behind this usability and simplicity?
Kaspersky ICS CERT is conducting a practical course in IoT vulnerability research and exploitation training in association with (ISC)² Bangalore Chapter. This class provides a deep dive into hardware analysis, firmware extraction and analysis, vulnerability research and exploitation.
Trainers
Roland Sako, Swiss Security Researcher, ICS CERT Vulnerability Research Sergey Temnikov, Senior Security Researcher, ICS CERT Vulnerability Research
Location: Radisson Blu Bengaluru Outer Ring Road, Bangalore
Date: July 2 – 4, 2019
Duration: 3 days
This training aims to introduce the participants to conducting security assessments of Internet of Things (IoT) devices. We will start by drawing the big picture and briefly introducing some IoT-related definitions. We will then go through the methodology for analyzing such targets – from knowing nothing about the device to understanding its functioning well enough to start looking for software and hardware vulnerabilities. Mainly practical (80%), this training is organized by types of attack vector and uses hands-on exercises backed by enough theory to allow you to approach most cases when faced with real-life devices.
During this course, will be given a set of real devices and a step-by-step methodology that will help you identify and exploit vulnerabilities.
Class plan
Meet the devices. Identifying research surface: input and output interfaces, communication channels and architecture
Firmware analysis: different practical ways of extraction
OS identification and analysis
IoT firmware and binaries static analysis
IoT firmware and binaries dynamic analysis
Breaking stuff: firmware modification, patching, vulnerability identification, analysis and exploitation