Embed Size (px)
Citation preview
BASICS OF IOT HACKING
FOR THE
CAREER PEN TESTERS E P T E M B E R 2 7 , 2 0 1 8
JACOB HOLCOMB
DON DONZAL
P R E S E N T E R S :
AGENDA
• Intro by Don Donzal, EH-Net Editor-in-Chief• Presentation by Jacob Holcomb, Principal Security Analyst @ ISE
• About ISE• Understand the process of finding vulnerabilities within IoT
devices.• Common classes of vulnerabilities which plague IoT devices &
How to exploit them• Attack Vectors
• Hardware / Firmware• Applications (i.e., Native, WebApps)• Network (i.e., Ethernet, Wireless)• Cloud
• Building Your Skillset• Live Demo• Career Opportunities
• Secure Software Developer• Network Penetration Tester• Security Analyst or Bug Hunter
• Q&A• Post Game on EH-Net in the “IoT Group“
INTRO
• Video will be made available on EH-Net
• Style = Open Conversation!
• Q&A in question tab in GTW
• Twitter using #EHNet
• Post Game in “IoT” Group on EH-Net:
https://www.ethicalhacker.net/groups/iot/
• Goal for today – Spark conversation.
Advance your career!
OVERVIEW OF THE NEW EH-NET
• The Return of EH-Net
• General Layout
• Magazine side - Columnists, Features, Global Calendar
• Community side – Members & Profiles, Activity, Forums, Groups, Community Articles
• Integrated UX
• Building your “Personal Ethical Hacker Network”
• Articles to Reference
• Welcome to the EH-Net Relaunch
• Hello world! – Get Published in the EH-Net
Community
• Demo – See EH-Net Live! April 2018
• Limited Time – All new members get a free pen testing course from eLS!!
Jacob Holcomb (@rootHak42) - BIO
The principal researcher on several pieces of ISE research, including the
landmark publication SOHOpelessly Broken, which discovered over 50
new 0-day vulnerabilities in network routers and served as the
foundation for the first-ever router hacking contest at DEFCON. He is
skilled in penetration testing, application security, network security,
and exploit research and development. A highly regarded speaker, he
has presented at security conferences such as BlackHat USA, BlackHat
Europe, DEFCON, DerbyCon, BSidesDC, and many others. In addition to
projects at work, coding, and his favorite pastime of EIP hunting, Jacob
loves to hack his way through the interwebz and has responsibly
disclosed dozens of 0-day vulnerabilities in commercial products and
services.
ISE Proprietary 8
About ISE
About ISE
• We are:- Ethical Hackers
- Computer Scientists
- Individuals
• Our Customers are:- Anyone in need of protecting important assets
• Our perspective is:– Whitebox (vs. Blackbox)
• Research
About ISE Labs
About SOHOpelesslyBroken
Started as a talk to highlight our research into embedded devices
About IoT Village•2015 – First Village•DEFCON 23•Expanded SOHOpelesslyBroken
WHAT IS IT?
IoT (Internet of Things) is a buzzy name for the proliferation of connected devices on the internet.
IOT DEVICE EXAMPLE
INHERENT SECURITY RISK
•Vast attack surface•Secure by default… NOT!•Security assumptions
•Poor design and implementation
ATTACK VECTORS
•Firmware (Hardware)
•Applications (Native, Web, Mobile)
•Network (Ethernet, Wireless)
•Cloud Services
IOT HACKING 101 TESTING METHODOLOGY
• Information Gathering
•Scanning and Enumeration
•Gaining Access
•Maintaining Access
IOT HACKING 101 COMMON VULNERABILITY CLASSES
•Command Injection
•Missing Function Level Access Controls
•Memory Corruption (e.g., overflow, UAF)
•Web (e.g., XSS, CSRF, SSRF)
BUILDING YOUR SKILLSET HACKING TIME
Methodology Execution
BUILDING YOUR SKILLSET CAREER OPPORTUNITIES
•Secure Software Developer
•Network Penetration Tester
•Security Analyst or Bug Hunter
BUILDING YOUR SKILLSET IOT VILLAGES @ CONS
DerbyCon (Oct 5 – 7, 2018)
• SOHO CTF
• Meeting experts
BSides DC (Oct 26 – 28, 2018)
• SOHO CTF
• Meeting experts
BUILDING YOUR SKILLSET ISE LABS
BLOGS ON RESEARCH LIVE STREAM HACKING
Reenacted by Chris Kirsch and Chris Hadnagy
https://blog.securityevaluators.com/iselabs/home
+
Advanced
Intermediate
New
● Experience – Employment, Home lab, CtFs, Non-profits, Open source projects, etc.
● ISE – ISE Labs, Blogs with Live Streaming, IoT Villages
● Practical Training – eLearnSecurity Training Paths (NIST-NICE Role-based Training)
https://www.elearnsecurity.com/training_paths/
HOW DO I GET THERE?
EH-NET LIVE! OCTOBER 2018
Nick Furneaux has 20 years of experience providing cyber security, forensic consultancy, and training to companies and law enforcement institutions in the UK and across Europe, the United States, and Asia. Nick is the Managing Director of CSITech, Ltd. and Director of the online forensic training company CSILearn Ltd.
Blockchain Hacking for Investigating CryptocurrenciesOctober 24, 2018
Guests, Dates & Topics Subject to Change
THANK YOUF O R J O I N I N G
www.ethicalhacker.net
Follow us:
Q&AP O S T G A M E I N E H - N E T G R O U P S
