Introduction to loT Security

IoT Security Standards and Guidelines

Architecture of an IoT system

IoT Communication Protocols

*VAPT methodology for loT

Typical attacks to IoT

IoT Vulnerability Assessment and PenTest phases

Risk analysis

Threat modeling

*Hardware exploitation of loT devices

UART exploitation

I2C exploitation

SPI exploitation

JTAG exploitation

Firmware extraction and analysis

*Radio protocols exploitation of loT devices

Frequency ranges used by IoT radio protocols and SDR tools

Replay attacks and countermeasures

Test the presence of rolling code as a countermeasure to replay attacks

Bluetooth Low Energy (BLE) exploitation

ZigBee exploitation

Lab: sniffing ZigBee data traffic in Kali Linux with nRF52840 MDK USB Dongle

*Cloud/Web exploitation of loT infrastructure

OWASP Web Security Testing Guide

Help tools for Web Application VAPT

Input validation

XSS attack

XSS attack Lab

SQL Injection attack

SQL Injection attack Lab

OS command Inject attack

OS command Inject attack Lab

Unvalidated File Upload attack

Unvalidated File Upload attack Lab

Local and Remote File Inclusion attacks

Local and Remote File Inclusion attacks Lab

Insecure Deserialization attack

XXE (XML External Entities) attack

XXE (XML External Entities) Attack Lab