VW IoT Pentest Course
Introduction to IoT Security
Firmware Analysis and Exploitation
Getting started with Firmware
Extracting file system from Firmware
Automated File System Extraction using Binwalk
Hidden Certificates inside Firmware
Hardcoded Telnet Credentials inside Firmware
Additional Firmware analysis - password protected firmware
Reversing Binaries using Hopper
Working with Encrypted Firmware Binaries
Emulating IoT Firmware Binaries
Debugging Emulated Binaries
Full Firmware Emulation with FAT
Backdooring Firmware Binaries
Firmware Patching
Firmware Patching - Hands On
Conventional Attack Techniques
Attacking Web Apps
Performing Command Injection
Diffing based vulnerabilities
Getting started with SmartPlug
Additional mobile application analysis
Reversing Encryption
Using Frida for App Analysis
Smart Plug Hacking
Orvibo Smart Plug Hacking
Native library analysis using Ghidra
Binary Exploitation for IoT Devices
Intro to Binary Exploitation & ARM
ARM Instruction Sets and Addressing Modes
Using GDB to analyze ARM Binaries
ARM Mode and Thumb Mode
Manipulating Program Execution
Reversing Binary and Understanding Disassembly
ROP Based Exploitation for ARM
ARM Exploitation on Real World Firmware
Writing Shellcodes for ARM
Binary Exploitation on MIPS - A Short Overview
Hardware/Embedded Hacking for IoT Devices
Introduction to Hardware Hacking
Analyzing Circuit Boards (PCB Recon)
PCB Reconnaissance Continued
Performing Pin Tracing (Analyzing Tracks)
Serial Communication Interfaces and Introduction to UART
Exploiting an IP Camera
NAND Glitching
Introduction to JTAG
Identifying JTAG pinouts with Arduino Nano and JTAGEnum
Using JTAGulator to identify JTAG pinouts
Connections for JTAG
JTAG Debugging with Attify Badge
Flashing new firmware using JTAG
Reading Memory Contents using JTAG
Dumping data using JTAG
Connections for the Final Exercise
JTAG Authentication Bypass Walkthrough
Serial Peripheral Interface (SPI) Communication
SPI Flash Firmware Dumping
Logic and Bus Sniffing
Software Defined Radio and Radio Communications for IoT
Introduction to Software Defined Radio (SDR)
Common Radio Terminologies
Getting Started With RTL-SDR
Working with GNURadio
Sending Data with a 433 MHz transmitter
Identifying Exact frequency using GQRX
Decoding a 433 MHz signal
Bluetooth Low Energy (BLE)
Introduction to Bluetooth Low Energy
BLE Device Recon
Analyzing a BLE device
Getting started with ESP32 for BLE Security Research
Exploring BLE using ESP32
Sniffing BLE using Adafruit Sniffer
Sniffing BLE using Ubertooth sniffer
Exploiting a BLE Smart Lock
Getting started with BLE Smart Lock (OKLOK)
Reverse Engineering OKLOK with JADx and Frida
Smartlock BLE Traffic Capture and Analysis
Understanding the Smart Lock Logic
Smartlock Unlock Script and Mechanism
Zigbee
Introduction to ZigBee and Lab Setup
Sniffing and Dumping ZigBee packets
[DEMO] Attify Zigbee Framework - Sniff, Replay and Exploit ZigBee traffic in IoT devices