Each attendee will get the Damn Vulnerable IoT Device (DVID) with extension board (Bluetooth), a USBasp to flash the device and USBuart to communicate with the board. For each training, the attendee will flash the device with the corresponding firmware and start to find the solution.

During this course, all materials including slides, transcript and fully detailed step by step correction for training will be provided. For the lab, all runtimes are hosted on attendee’s local machines using docker technology.

This IoT security course will explain IoT concepts, IoT construction and inside security holes. Each attendee will train themself on a dedicated OpenSourced vulnerable board: the DVID project (https://dvid.eu). They will be able to improve their skills to find vulnerabilities and learn how to avoid them during development or starting to hack (with related authorization) real life IoT devices. Because the board is bought by each attendee and still be in the OpenSourced community, attendees could develop other training and get all new published community content for free. 

The course is related to the chain of data, not only on the hardware part. IoT is designed to produce data on hardware, control it on middleware (Android/iOS) and present it on the web part (ex.: dashboard). The course includes a Web hacking module to give attendees global knowledge on chain of data security assessment.

After completing the course, each attendee will be able to identify most famous IoT vulnerabilities, like plugging his computer into debug interfaces, analyze outgoing exchange, try to understand protocols used and do some fun tricks with them. They also will be able to write relevant audit reports with vulnerability details and remediation.

From author research, he would like to share his knowledge on IoT Security. This course targets: 

• IoT makers in order to help them to develop with security guideline and view impact about security absence 
• Security researchers in order to help them to identify the most famous vulnerabilities and be trained with them 
• IT Decision maker in order to help him to have appropriate responses when IoT knocks on his IT door

DURATION: 18 hours

CPE POINTS: On completion you get a certificate granting you 18 CPE points. 

Course format: 

• Self-paced
• Pre-recorded
• Accessible even after you finish the course
• No preset deadlines
• Materials are video, labs, and text
• All videos captioned

The board is included in some course purchase options. 

All practical works are based on a custom IoT device named DVID (Damn Vulnerable device), designed by the author and published on OpenSource. The main objective is to provide to each interested person a vulnerable board to improve their skill in IoT hacking.

The board core is composed of an Atmega328p SystemOnChip. For each training, a firmware could be flashed on the Atmega328p in order to cover a specific vulnerable environment. 

There are also connection ports like UART, Bluetooth and Wifi. In each training, a specific extension board must be plugged in to do the training. Training needs some attack tools like USBasp and USBuart. Many attendees may already have them in person. 

In this course, firmware, objectives and solutions are provided free as OpenSource. Moreover, the author will provide a more specific explanation only for this course (step-by-step). The DVID board is shipped from France, only fully assembled and tested. The package contains all tools needed to do all practical works except your favorite pentesting environment (ex.: Kali). 

All community content are open source and published on the official Github repository: https://github .com/Vulcainreo/DVID 

This board is necessary to participate in the "IoT Security - the DVID Challenge" online course. With some purchase options you'll get a pre-made, ready to go board.

The price includes international shipping, but it does not include any customs fees your country's Customs Office might charge. We are not responsible for getting your package through customs, and if your package is stopped at the border, you will be contacted by the Customs Office to make sure it goes through.  

If you have the skills, you can purchase the standalone course (no DVID included), and using the open source schematic and component reference solder everything together. You are responsible for sourcing and financing all components and a naked board. The instructor can provide remote support throughout the process. 

Premium subscriber? Order board only >>

Note about shipping

COVID-19: We are shipping normally. Due to restrictions, shipping time might be longer than usual, depending on the origin country. Please exercise all necessary caution when handling packages. 

The packages will have tracking enabled, if they are shipped to the following countries: Germany, Saudi Arabia, Australia, Austria, Belgium, Brazil, Canada, South Korea, Croatia, Cyprus, Denmark, Spain, Estonia, United States, Finland, Gibraltar, Great Britain, Hong Kong, Hungary, Ireland, Iceland , Israel, Italy, Japan, Latvia, Lebanon, Lithuania, Luxembourg, Malaysia, Malta, Norway, New Zealand, Netherlands, Poland, Portugal, Russia, Singapore, Slovakia, Slovenia, Serbia, Sweden, Switzerland.

All packages going out to countries outside of this group will have tracking up to the point of arrival in the destination country.

As we have previously experienced issues with customs and delayed/lost packages when shipping to India, we will only be sending boards to India through a premium service (like DHL), which will include extra cost for you to cover.

• Basic knowledge of web and mobile security 
• Knowledge of Linux OS 
• Basic knowledge of programming - Python

• The DVID (either ordered pre-made here or made on your own; look below for details)
• Mandatory: 
  • Laptop with at least 50 GB free space 
  • 8GB minimum RAM (4GB for virtual machine) 
  • External USB access (min. 2 USB ports) 
  • Administrative privileges on the system 
  • Virtualization software 
• Optional 
  • Android phone 
  • IoT hacking stuff,  like logic analyzer, custom IoT devices or probes

The whole course will be organized as follows:

Estimated duration is 18 hours with 7 hours of practical work and 11 hours of lectures. The course will finish with an at home final challenge. 

• Module 1: Concepts, protocols and referentials 
  • Course time: 1 hours 
  • Practical Work: 1 hour 
• Module 2: Hardware and firmware attacks 
  • Course time: 2 hours 
  • Practical Work: 3 hours 
• Module 3: Middleware 
  • Course time: 4 hours 
  • Practical Work: 2 hours 
• Module 4: Cloud 
  • Course time: 2 hours 
  • Practical Work: 1 hour 
• Module 5: Chain of data 
  • Course time: 3 hours 
  • Practical Work: 1 hour 
• Exam: Escape Game

• Communication protocols 
  • UART 
  • JTAG 
  • SPI 
  • I2C 
  • CanBUS 
  • Zigbee 
• Generalities 
  • Security VS safety 
  • Security objectives and definition 
  • Embedded system life cycle 
• Architecture 
  • Hardware level 
  • Software level 
  • Communication level 
  • Security level 
  • Focus on SecBus architecture 
• References: 
  • OWASP 
  • GSMA 
  • ETSI
  • Other initiatives
• Discovering an IoT object (TP board) 
  • Discovering methodology 
  • Hardware identification and information gathering 
  • Making a reverse engineering schema 
  • Attack vectors 

• Discover the practical work board DVID: Attendees will discover the practical work platform, discovering the DVID board, trying to interact with it and send first bytes of data. 

• Definition (Embedded system, RTOS, firmware, kernel space or bootloader) • File systems 
• Analysis 
  • Firmware extraction 
  • Firmware analysis (binwalk/FMK) 
    • Static analysis 
    • Firmware attacks 
• Hardware attacks introduction
  • Basic and PCB building 
  • Recon 
  • Analysis (Static, Dynamic) 
• Hardware attacks 
  • Side channel attacks - Timing attacks 
  • Memory spying attacks 
  • On bus attacks
  • Fault injections 
  • Hardware reverse engineering 
    • Counter measures 
• Pentesting 
  • Methodology 
  • Top 10 OWASP on IoT Security 
  • Remediation and best practices

• Find the datasheet: Attendees should explore public information in order to set up a working connection to the DVID board and get the flag. 
• Analyze the firmware: Attendees will explore firmware analysis to retrieve the root password. 
• Hardcoded password: Attendees should retrieve the confidential message by extracting and analyzing firmware. 
• Default password: Attendees should build a bruteforce attack to retrieve the right password. 
• EEPROM: Attendees should explore EEPROMstructure to solve the challenge.

• MQTT 
  • Presentation
    • Playing with the protocol 
  • Attacks 
• Bluetooth Low Energy 
  • Bluetooth history/evolution 
  • Advertising Concept 
  • Characteristics & services Concept 
    • Playing with the protocol 
  • Communication pairing/encryption 
    • ibeacons 
• CoAP 
  • Protocol Presentation 
  • Models 
  • Message 
  • Playing with the protocol 
• Android 
  • Architecture application and system 
  • Application components
  • Security 
  • Pentesting methodology 
  • Pentesting 
  • Methodology 
  • TOP 10 OWASP Mobile device 
  • Remediation and best practices 

• MQTT - Meetings: Attendees will explore MQTT by getting sensitive information about secret meetings. 
• MQTT - Open the door: Attendees will explore MQTT by interacting with a remote door locker.
• MQTT - RCE: Attendee will find vulnerabilities to take over the MQTT broker. 
• BLE - Advertising: Attendee will explore advertising on BLE to get sensitive information. 
• BLE - Characteristics: Attendee will explore BLE characteristics to read data to the remote device. 
• BLE - Characteristics 2: Attendee will explore BLE characteristics to write data to the remote device.

• Cloud architecture 
  • Characteristics and model 
  • Architecture example 
  • Threat identification 
• Vulnerabilities identification 
  • Injection 
    • SQL code injection 
    • NoSQL code injection 
  • Weakness in authentication and session management 
    • Session cookies 
    • Captcha 
    • Session management 
  • Cross Site Scripting 
  • Weakness in access control 
  • Weakness in configuration 
  • Sensitive information exposure 
    • Directory listing 
    • Direct file access 
    • Filename prediction 
  • Weak protection against attacks 
    • Absence of cryptography 
    • Absence of brute force protection 
  • Cross-Site Request Forgery (CSRF) 
  • Public vulnerabilities (lack patch management) 
  • Denial of service 
  • Insecure cache management 
• Rest API Analysis 
  • Definition (API, WSDL, Soap and REST) 
  • JWT token 
• Pentesting 
  • Concept presentation 
  • Pentesting Web methodology 
    • Information gathering 
    • Infrastructure analysis 
    • Application analysis 
  • Pentesting API methodology 
    • Finding endpoints 
    • Finding documentation 
    • Common vulnerabilities 
    • JWT focus 
• Security best practices 
  • Web application 
  • API application

• CSRF attack: Attendee should analyze the application to find the CSRF vulnerability. 
• SQL injection attack: Attendee should analyze the application to get the admin hashed password by exploiting a SQL injection vulnerability. 
• Cookie stealing: Attendee should analyze the application to find a possibility to extract the user’s cookie to the attacker's server in order to impersonate the user session. 
• API - Business workflow: Attendee should understand internal API workflow to find vulnerabilities in suspicious malicious behavior.

• Cloud provider 
  • AWS IoT Platform 
  • Microsoft  Azure IoT Hub 
  • IBM Watson IoT Cloud Platform 
  • Google IoT Cloud Platform 
• Real life architecture 
  • Availability oriented implementation 
  • Confidentiality oriented implementation 
  • Integrity oriented implementation 
  • Traceability oriented implementation 
• Pentesting 
  • Methodology 
  • Real life example 

• AWS Cloud ready device: Attendee should explore the security of device built AWS IoT cloud ready 
• Very secret wallet: Attendee should explore the security of a “very secret wallet” to find a way to get private data of the owner.

• In this exam, attendees will be in front of an IoT device. This device is a temperature sensor, located in datacenter racks. This sensor communicates temperature value to an Android appliance over Bluetooth. This appliance is located outside the datacenter door and communicates temperature values to the cloud server over MQTT protocol. 
• All learnt skills about hardware analysis, middleware reverse or cloud exploration are needed to analyze the security of this IoT device. 
• In order to pass the exam, all flags need to be found. However, attendees who would like to write a relevant report will be thanked for their work and will receive a special access to the full version of this EscapeGame.