basics of iot hacking - the ethical hacker network · 2018-10-03 · basics of iot hacking for the...

BASICS OF IOT HACKING

FOR THE

CAREER PEN TESTERS E P T E M B E R 2 7 , 2 0 1 8

JACOB HOLCOMB

DON DONZAL

P R E S E N T E R S :

AGENDA

• Intro by Don Donzal, EH-Net Editor-in-Chief• Presentation by Jacob Holcomb, Principal Security Analyst @ ISE

• About ISE• Understand the process of finding vulnerabilities within IoT

devices.• Common classes of vulnerabilities which plague IoT devices &

How to exploit them• Attack Vectors

• Hardware / Firmware• Applications (i.e., Native, WebApps)• Network (i.e., Ethernet, Wireless)• Cloud

• Building Your Skillset• Live Demo• Career Opportunities

• Secure Software Developer• Network Penetration Tester• Security Analyst or Bug Hunter

• Q&A• Post Game on EH-Net in the “IoT Group“

INTRO

• Video will be made available on EH-Net

• Style = Open Conversation!

• Q&A in question tab in GTW

• Twitter using #EHNet

• Post Game in “IoT” Group on EH-Net:

https://www.ethicalhacker.net/groups/iot/

• Goal for today – Spark conversation.

Advance your career!

OVERVIEW OF THE NEW EH-NET

• The Return of EH-Net

• General Layout

• Magazine side - Columnists, Features, Global Calendar

• Community side – Members & Profiles, Activity, Forums, Groups, Community Articles

• Integrated UX

• Building your “Personal Ethical Hacker Network”

• Articles to Reference

• Welcome to the EH-Net Relaunch

• Hello world! – Get Published in the EH-Net

Community

• Demo – See EH-Net Live! April 2018

• Limited Time – All new members get a free pen testing course from eLS!!

Jacob Holcomb (@rootHak42) - BIO

The principal researcher on several pieces of ISE research, including the

landmark publication SOHOpelessly Broken, which discovered over 50

new 0-day vulnerabilities in network routers and served as the

foundation for the first-ever router hacking contest at DEFCON. He is

skilled in penetration testing, application security, network security,

and exploit research and development. A highly regarded speaker, he

has presented at security conferences such as BlackHat USA, BlackHat

Europe, DEFCON, DerbyCon, BSidesDC, and many others. In addition to

projects at work, coding, and his favorite pastime of EIP hunting, Jacob

loves to hack his way through the interwebz and has responsibly

disclosed dozens of 0-day vulnerabilities in commercial products and

services.

ISE Proprietary 8

About ISE

About ISE

• We are:- Ethical Hackers

- Computer Scientists

- Individuals

• Our Customers are:- Anyone in need of protecting important assets

• Our perspective is:– Whitebox (vs. Blackbox)

• Research

About ISE Labs

About SOHOpelesslyBroken

Started as a talk to highlight our research into embedded devices

About IoT Village•2015 – First Village•DEFCON 23•Expanded SOHOpelesslyBroken

WHAT IS IT?

IoT (Internet of Things) is a buzzy name for the proliferation of connected devices on the internet.

IOT DEVICE EXAMPLE

INHERENT SECURITY RISK

•Vast attack surface•Secure by default… NOT!•Security assumptions

•Poor design and implementation

ATTACK VECTORS

•Firmware (Hardware)

•Applications (Native, Web, Mobile)

•Network (Ethernet, Wireless)

•Cloud Services

IOT HACKING 101 TESTING METHODOLOGY

• Information Gathering

•Scanning and Enumeration

•Gaining Access

•Maintaining Access

IOT HACKING 101 COMMON VULNERABILITY CLASSES

•Command Injection

•Missing Function Level Access Controls

•Memory Corruption (e.g., overflow, UAF)

•Web (e.g., XSS, CSRF, SSRF)

BUILDING YOUR SKILLSET HACKING TIME

Methodology Execution

BUILDING YOUR SKILLSET CAREER OPPORTUNITIES

•Secure Software Developer

•Network Penetration Tester

•Security Analyst or Bug Hunter

BUILDING YOUR SKILLSET IOT VILLAGES @ CONS

DerbyCon (Oct 5 – 7, 2018)

• SOHO CTF

• Meeting experts

BSides DC (Oct 26 – 28, 2018)

• SOHO CTF

• Meeting experts

BUILDING YOUR SKILLSET ISE LABS

BLOGS ON RESEARCH LIVE STREAM HACKING

Reenacted by Chris Kirsch and Chris Hadnagy

https://blog.securityevaluators.com/iselabs/home

+

Advanced

Intermediate

New

● Experience – Employment, Home lab, CtFs, Non-profits, Open source projects, etc.

● ISE – ISE Labs, Blogs with Live Streaming, IoT Villages

● Practical Training – eLearnSecurity Training Paths (NIST-NICE Role-based Training)

https://www.elearnsecurity.com/training_paths/

HOW DO I GET THERE?

EH-NET LIVE! OCTOBER 2018

Nick Furneaux has 20 years of experience providing cyber security, forensic consultancy, and training to companies and law enforcement institutions in the UK and across Europe, the United States, and Asia. Nick is the Managing Director of CSITech, Ltd. and Director of the online forensic training company CSILearn Ltd.

Blockchain Hacking for Investigating CryptocurrenciesOctober 24, 2018

Guests, Dates & Topics Subject to Change

THANK YOUF O R J O I N I N G

www.ethicalhacker.net

team@ethicalhacker.net

Follow us:

Q&AP O S T G A M E I N E H - N E T G R O U P S