CURRICULUM: Offensive Operations A growing trend in recent years has seen small-form factor computing devices increasingly accessing networks to provide connectivity to what typically used to be disconnected devices. While we can debate if your home appliances truly need Internet access, there is no debate that the Internet of Things (IoT) is here to stay. It allows for deeper connectivity of many devices that are indeed useful, with great benefits to homes and enterprises alike. Unfortunately, with this proliferation of connected technology, many of these devices do not consider or only minimally consider security in the design process. While we have seen this behavior in other types of testing as well, IoT is different because it utilizes and mixes together many different technology stacks such as custom Operating System builds, web and API interfaces, various networking protocols (e.g., Zigbee, LoRA, Bluetooth/BLE, WiFi), and proprietary wireless. This wide range of diverse, poorly secured technology makes for a desirable pivot point into networks, opportunities for modification of user data, network traffic manipulation, and more. SEC556 will familiarize you with common interfaces in IoT devices and recommend a process along with the Internet of Things Attack (IoTA) testing framework to evaluate these devices within many layers of the Open Systems Interconnection (OSI) model. From firmware and network protocol analysis to hardware implementation issues and all the way to application flaws, we will give you the tools and hands-on techniques to evaluate the ever-expanding range of IoT devices. The course approach facilitates examining the IoT ecosystem across many different verticals, from automotive technology to healthcare, manufacturing, and industrial control systems. In all cases, the methodology is the same but the risk model is different. Syllabus Summary SECTION 1: Introduction to IoT Network Traffic and Web Services SECTION 2: Exploiting IoT Hardware Interfaces and Analyzing Firmware SECTION 3: Exploiting Wireless IoT: WiFi, BLE, Zigbee, LoRA, and SDR You Will Be Able To ▐ Assess IoT network-facing controls, web applications, and API endpoints with an IoT focus ▐ Examine hardware to discover functionality and find interaction points and use them to obtain data from the hardware ▐ Uncover firmware from hardware and other means, and explore it for secrets and implementation failures ▐ Sniff, interact with, and manipulate WiFi, LoRA, and Zigbee wireless technologies and understand security failures in implementation ▐ Interact with bluetooth low energy for device manipulation ▐ Automate recovery of unknown radio protocols to perform replay attacks and additional analysis Who Should Attend ▐ Penetration testers ▐ Embedded system developers ▐ Security analysts ▐ Security architects ▐ Product security engineers ▐ IoT product developers ▐ Anyone releasing an IoT device to market NICE Framework Work Roles ▐ System Testing and Evaluation Specialist (OPM 671) ▐ Vulnerability Assessment Analyst (OPM 541) ▐ Pen Tester (OPM 541) ▐ Adversary Emulation Specialist/Red Teamer (OPM 541) ▐ Cyber Ops Planner (OPM 332) SEC556: IoT Penetration Testing™ “ The labs work well for bringing concepts home and making them real. The work done to scale/virtualize them and make them repeatable is amazing.” —Lee Neely, Lawrence Livermore National Laboratory 3 Day Course 18 CPEs 15 Labs For detailed course description, visit SANS.ORG/SEC556 WAYS TO TAKE SEC556 Live Online In-Person OnDemand Larry Pesce Course Author James Leyte-Vidal Course Author