IoT Safeguard: Entry-Level Training
Introduction
In an era where the interconnectivity of devices defines our daily lives, the security of the Internet of Things (IoT) stands at the forefront of technological concerns. The pervasive nature of IoT devices, ranging from smart home appliances to industrial sensors, has brought unprecedented convenience and efficiency. However, this connectivity also exposes vulnerabilities that can be exploited by malicious actors. Addressing these security challenges necessitates a thorough understanding of the risks inherent in IoT ecosystems. This training initiative is designed to equip participants with the necessary expertise to assess, identify, and mitigate potential threats within these interconnected systems.
By delving into the intricacies of IoT security assessments, participants will explore the diverse landscape of risks associated with these devices and networks. From examining vulnerabilities in hardware and software components to evaluating data transmission protocols, this training provides a comprehensive overview of potential attack vectors. Through practical exercises and case studies, participants will learn to apply assessment methodologies and industry best practices, empowering them to proactively secure IoT infrastructures against cyber threats.
The ultimate goal of this training is to arm participants with the knowledge and tools needed to bolster the security posture of IoT environments. With a focus on real-world scenarios and hands-on learning experiences, participants will emerge adept at conducting effective security assessments, devising risk mitigation strategies, and fortifying IoT systems against potential breaches. This newfound expertise will empower individuals to play a pivotal role in upholding data integrity, ensuring confidentiality, and building resilient IoT ecosystems that engender trust and reliability.
- Who Should Attend
- Information Security Professionals
- IoT Vulnerability Analyst /Auditors
- Pen testers and Security professionals interested to get into IoT Security"
- Key learning objectives
- Understand the IoT, ecosystem and Web architecture
- Identify specific threats and risks associated with the IoT environment
- Analyze the HTTP and Custom communication protocols and exploit the loopholes
- Perform a hands-on penetration test and reverse engineering of IoT device firmware
- Attendees will be able to find vulnerabilities in various real world IoT devices
- Prerequisite Knowledge
- Common security concepts of IoT or common application security issues.
- Basic knowledge of the Linux OS and network security basics.
Candidates could be familiar with below topics but not mandatory:
- Utilities/Software Requirements
- Genymotion free version installed (https://www.genymotion.com/download/)
- Virtual box installed (https://www.virtualbox.org/)
- Laptop with antivirus and firewall disabled.
- Attendees must have administrator privilege
- Update to the latest display drivers
- Working USB port and Wifi enabled
- System Requirements
- Min 50 GB free Hard disk space and 8 GB RAM preferred.
- Hardware Requirements
- Working Personal laptop with Windows 10/11, Linux(Kali/Ubuntu) in Host machine installed.
**no Netbooks, no Tablets, no corporate laptop due to restriction’s enabled
- What Students will be provided
- Vulnerable IoT hardware
- IoT firmware extraction tools
- Software/applications to analyze firmware and protocols
- Agenda
- Introduction to IoT security.
- Introduction to Vulnerable IoT device.
- Understanding the IoT device Architecture.
- Introduction to tools and methods to extract the firmware.
- Extract the firmware from vulnerable IoT devic.
- Analyze the fimrware using different techniques for sensitive information.
- Understand the standard communication protocol used by application to control IoT device
- Sniff the communication between IoT device and application
- Analyze the packets used by the application to control the device
- Understanding of key packets required for communication
- Learning technique to duplicate the packets to control the IoT device
- Packet creation techniques to duplicate the custom protocol packets
Module 1: Understanding IoT Device and Environment
Module 2: Firmware Extraction & Analysis
Module 3: Communication Protocol Analysis
Module 4: Packet Creation & Duplication
- Cyber War
- Control the other devices of the IoT ecosystem
- What not to expect
To become IoT Ninja overnight.
Although this training would considerably lead to a next level in IoT Security, people willing to learn new things and research further is expected to continue exploration in IoT Security.
 
          Jatan Raval
Mr. Jatan Raval is a Sr. Manager - Professional services in Net Square Solutions Pvt. Ltd. with a demonstrated history of working in the computer and network security industry. Skilled in IoT Research, Penetration Testing, Security Audit, OSCP and OSCE. Strong information technology professional with a Master of Technology (M.Tech.) in Cyber Security and Incident Response focused in Cyber Security from National Forensic Science University, Gandhinagar.
 
          Khushal Suthar
Mr. Khushal Suthar is a dedicated Security Analyst at Net Square Solutions with a passion for cybersecurity and expertise in Web and IoT Penetration Testing. His career is distinguished by innovative approaches that enhance the IoT mobile application testing process. He is driven by the goal of creating safer cyberspace for all.
 NSConclave
 NSConclave