Practical IoT Hacking

Course Details

Training Level: Basic; Intermediate


Early Bird: USD2,899.00 (Use Code: SS2023TEB. Ends 30th June, 2359H)
Normal: USD3,330.00

Course Abstract

“The great power of Internet of Things comes with the great responsibility of security”. Being the hottest technology, the developments and innovations are happening at a stellar speed, but the security of IoT is yet to catch up. Since the safety and security repercussions are serious and at times life threatening, there is no way you can afford to neglect the security of IoT products.

“Practical Internet of Things (IoT) Hacking” is a unique course which offers security professionals, a comprehensive understanding of the complete IoT Technology suite including, IoT protocols, sensors, client side, mobile, cloud and their underlying weaknesses. The extensive hands-on labs enable attendees to identify, exploit or fix vulnerabilities in IoT, not just on emulators but on real smart devices as well.

The course focuses on the attack surface on current and evolving IoT technologies in various domains such as home, enterprise Automation. It covers grounds-up on various IoT protocols including internals, specific attack scenarios for individual protocols and open source software/hardware tools one needs to have in their IoT penetration testing arsenal.

It also covers hardware attack vectors and approaches to identify respective vulnerabilities. In addition to the protocols and hardware it also focuses on reverse engineering mobile apps and native code to find weaknesses.

Throughout the course, we will use eXos, an VM and a Raspberry pi which was created by us specifically for IoT penetration testing. eXos is the result of our R&D and has most of the required tools for IoT security analysis. We will also distribute DIVA – IoT, a vulnerable IoT sensor made in-house for hands-on exercises.

The “Practical Internet of Things (IoT) Hacking” course is aimed at security professionals who want to enhance their skills and move to/specialise in IoT security. The course is structured for beginner to intermediate level attendees who do not have any experience in IoT, reversing or hardware.

Course Outline

Introduction to IoT

  • Introduction
  • IoTArchitecture
  • Frameworks

IoT Security Testing

  • IoT Attack surface
  • IoT Security Guidelines and Compliance
  • IoT Product Security Testing Process
  • IoT Infrastructure Security Testing Process

EXPLIoT – IoT exploitation framework

  • Introduction
  • Architecture
  • Test Cases

IoT Protocols


  • Introduction
  • Protocol Internals
  • Reconnaissance
  • Information leakage
  • DOS attacks
  • Hands-on with open-source tools


1. Zigbee

  • Introduction and protocol Overview
  • Reconnaissance (Active and Passive)
  • Sniffing and Eavesdropping
  • Replay attacks
  • Hands-on with Zigbee Auditor and open-source tools

2. BLE

  • Introduction and protocol Overview
  • Reconnaissance (Active and Passive) with HCI tools
  • GATT service Enumeration
  • Sniffing GATT protocol communication
  • Reversing GATT protocol communication
  • Read and writing on GATT protocol
  • Fuzzing Characteristic value
  • Hands-on with open-source tools

Device (Firmware)

1. ARM

  • Architecture
  • Instruction Set
  • Procedure call convention
  • System call convention
  • Reversing
  • Hands-on Labs

2. Firmware

  • Types
  • Firmware updates
  • Firmware analysis and reversing
  • Firmware modification
  • Firmware encryption
  • Identifying Instruction Sets
  • Simulating device environments

Device (Hardware)

1. Introduction to hardware

  • Components
  • Memory
  • Packages

2. Hardware Tools

  • EEPROM readers
  • Multi-bus connectors
  • Debug Port Scanners
  • Logic Analyzer

3. Attacking Hardware Interfaces

  • Hardware Reconnaissance
    • Analysing the board
    • Datasheets


  • What is UART
  • Identifying UART interface
    • Method 1
    • Method 2
  • Accessing sensor via UART
  • Brute-forcing Custom consoles


  • Introduction
  • Identifying JTAG interface
    • Method 1
    • Method 2
  • Extracting firmware from the microcontroller
  • Run-time patching the firmware code
  • Live Debugging of the system

6. I2C

  • Introduction
  • I2C Protocol
  • Interfacing with I2C
  • Sniffing run-time I2C communication

7. SPI

  • Introduction
  • SPI Protocol
  • Interfacing with SPI
  • Manipulating data via SPI

Who should attend?

  • Penetration testers tasked with auditing IoT
  • Bug hunters who want to find new bugs in IoT products
  • Government officials from defensive or offensive units
  • Red team members tasked with compromising the IoT infrastructure
  • Security professionals who want to build IoT security skills
  • Embedded security enthusiasts
  • IoT Developers and testers
  • Anyone interested in IoT security

What to expect?

  • Hands-on Labs
  • Reverse engineering
  • Getting familiar with the IoT security
  • This course will give you a direction to start performing pen-tests on IoT products

What NOT to expect

  • Becoming a hardware/IoT hacker overnight. Use the knowledge gained in the training to start pen-testing IoT devices and sharpen your skills.


  • Basic knowledge of web and mobile security
  • Knowledge of Linux OS
  • Basic knowledge of programming – python

What to bring?

  • Laptop with:
    • At least 50 GB free space
    • 8+ GB minimum RAM (4+GB for the VM)
    • External USB access (min. 2 USB ports)
    • Ethernet port (or USB to ethernet connector)
  • Administrative privileges on the system
  • VirtualBox software – Latest VirtualBox version (including Virtualbox extension pack for the same version)
  • Linux host machines should have exfat-utils and exfat-fuse installed (ex: sudo apt-get install exfat-utils exfat-fuse).
  • Virtualization (Vx-t) option enabled in the BIOS settings for virtualbox to work.
  • Software Installation on Host machine

What participants will get

  •  Commercial IoT Devices for hands-on (only during the class)
  • DIVA – IoT: custom vulnerable IoT sensor Testbed for hands-on (only during the class)
  • Hardware tools for sensor analysis for hands-on (only during the class)
  • Training material/slides
  • Practical IoT hacking Lab manual PDF

Trainer Profile

Himanshu Chauhan

An IoT Security Researcher focused on researching hardware devices and finding security loopholes. Have more than one year of experience in testing IoT/Embedded devices. Currently researching on side-channel attacks.

Abhinav Thakur

A cybersecurity professional having 2+ years of experience, mostly involved with low-level security research areas alongside designing frameworks and tools in both offensive and defensive domains of cybersecurity. Having experience in malware research and currently inclined towards breaking IOT systems – mainly firmware security.

Hemant Sonkar

As a dedicated and accomplished Hardware Security Researcher with 2.5 years of experience in the field. With a strong focus on ensuring robust security measures, he has contributed to the implementation of effective hardware security solutions. Through his expertise in analyzing hardware vulnerabilities, conducting risk assessments, and understanding countermeasures, he has successfully pen-tested various types of IoT devices. Hemant’s in-depth knowledge of emerging technologies and industry best practices enables him to stay at the forefront of hardware security advancements.

Scroll to top