• Goa'17
  • Training
  • Practical IoT Hacking Training

Practical IoT Hacking Training

Aseem Jakhar

Trainer Name: Aseem Jakhar
Title:Practical IoT Hacking Training
Duration: 3 Days
Dates: 28th Feb - 2nd March


The Great Power of IoT comes with the Great Responsibility of Security". Being the Hottest technology, the developments and Innovations are happening at a stellar speed. But the Security of IoT is yet to catch up.Since the Safety and Security repercussions are serious and at times life threatening, there is no way you can afford to neglect the security of IoT Devices. And when Security is Crucial for you, don't look beyond this Worlds Best Training on IoT Security. Learn it for the worlds leading experts.

"Practical IoT Hacking" is a research backed and unique course which offers security professionals the deep understanding of the core of IoT Technology. It gives hands on training to master the art, tools and techniques to analyze firmware , identifying attack surface, find-n-exploit or find-n-fix the vulnerabilities, not just on Emulators but Real Smart Devices.

Practical IoT Hacking training is for security professionals aiming to specialize in IoT security. Prior knowledge of assembly, mobile security or reversing will be Plus but not essential. We will be using DRONA a VM image for IoT security testing. DRONA is result of our research and development efforts and is becoming a standard tool for IoT Security Testing.

Course outline

Day 1
  • Introduction to IOT
  • IOT Architecture
  • Identify attack surfaces
  • Mobile App security (Android)
    1. App reversing and Analysis
    2. Input validation attacks
    3. Insecure Storage
    4. Access control attacks
    5. Hardcoding issues
  • ARM
    1. Architecture
    2. Instruction Set
    3. Reversing
Day 2
  • MIPS
    1. Architecture
    2. Instruction Set
    3. Reversing
  • Device scanning
  • Conventional Attacks
Day 3
  • Firmware
    1. Types
    2. Firmware analysis and reversing
    3. Firmware modification
  • Simulating real environments
  • USB/external Storage Attacks
  • Hardware
    1. Identifying components
    2. Identifying interfaces
    3. Identifying pin functions
    4. Firmware extraction
  • Introduction to radio protocols

Who Should Take this Course ?

  • Pentesters/security professional
  • Embedded security enthusiast
  • Anyone interested to learn IoT pentesting
  • IoT Developers and testers


  • Basic knowledge of web and mobile security
  • Basic knowledge of Linux OS
  • Basic knowledge of programming (C, python) would be a plus

What attendees should bring ?

  • Laptop with at least 30 GB free space
  • 4 GB minimum RAM
  • External USB access
  • Administrative privileges on the system
  • Virtualization software – VirtualBox 5.X

What attendees will be provided With ?

  • Shared IoT devices will be provided during the class for Labs
  • Drona VM for pen testing IoT products
  • Slides (PDF)

What to expect ?

  • Hands-on Labs
  • Reversing binaries and apps
  • Getting familiar with the IoT security
  • This course will give you a direction to start performing pentests on IoT devices

What not to expect ?

  • Becoming a hardware/IoT hacker overnight. Use the knowledge gained in the training to start pentesting IoT devices and sharpen your skills.

About Trainer

Aseem Jakhar is the Director, research at Payatu Software Labs payatu.com a boutique security testing company. He is well known in the hacking and security community as the founder of null -The open security community, registered not-for-profit organization http://null.co.in and also the founder of nullcon security conference nullcon.net and hardwear.io security conference http://hardwear.io He has extensive experience in system programming, security research, consulting and managing security software development projects. He has worked on various security software including UTM appliances, messaging/security appliances, anti-spam engine, anti-virus software, multicast packet reflector, Transparent HTTPS proxy with captive portal, bayesian spam filter to name a few. He currently spends his time researching on IoT security and hacking things. He is an active speaker and trainer at security and open source conferences; some of the conferences he has spoken at include AusCERT, Defcon, Hack.lu, Black Hat, Brucon, PHDays and many more. His research includes Linux remote thread injection, automated web application detection and dynamic web filter. He is the author of open source Linux thread injection kit -Jugaad and Indroid which demonstrate a stealthy in-memory malware infection technique.

Copyright © 2019-20 | Nullcon India | International Security Conference | All Rights Reserved