Advanced Penetration Testing - Hacking IoT
|Publisher||Independently published (2. April 2019)|
"This book is an introduction for the reader into the wonderful world of IoT device exploitation. The book is supposed to be a tutorial guide that helps a reader understand various skills that are required for hacking an IoT device. As the IoT trend rises to one of the most popular technical trend, manufactures need to take necessary steps to ensure that the devices are secure and protect them from attackers. This hacking guide breaks down the Internet of Things, exploits it, and reveals how these devices can be exploited.The readers will learn to tear apart various Smart devices and understand how to grab the firmware using various techniques such as UART communication, SPI/I2C transfer and also understand how to use the "chip-off" technique to read from BGA/VBGA EEPROM chip. We will learn to identify security issues such as stack and heap overflows, command injection and other web security issues within a device's network daemons. The readers will also be shown how to analyze cloud services utilized by these devices and identify security issues within them that can allow to control the device remotely. Also we will learn to analyze the accompanying mobile apps that allow them to be controlled from anywhere in the world. The readers will be learn how to do all these things above by looking at case studies of VPN Gateway deviceSmart routerSmart home controllerSmart Security camerasSmart industrial tool Smart Fitness bandsAt the end of the chapter we will also learn how to write simple scripts that can help automate to some extent idetifying these kind of security issues within the binaries utilized by these devices. By the end of the book we would have identified 0 or 1-day exploits within all of these devices.What You’ll Learn Analyze a real-world IoT device and locate all possible attacker entry points Use reverse engineering techniques to identify security issues within firmware binaries Find 0 or 1-day exploits in various Sniff, capture, and exploit communication protocols, HTTP, custom protocols as well as Bluetooth Low Energy (BLE)Who This Book is ForThose interested in learning about IoT security, such as pentesters working in different domains, embedded device developers, or IT people wanting to move to an Internet of Things security role."