Enter a short description of the course.

Hardware has become more and more popular in the security sector. Hardware devices are released in order to make our work easier, faster, and many times cheaper. For that reason in this course we examine how we can use Raspberry Pi and other security related hardware to perform attacks and pentest our clients, be able to defend ourselves from these attacks, and even use hardware to create defending processes and strategies.


  • Course launch date: November 6th 2018
  • Pre-recorded, self-paced
  • 18 hours, 18 CPE points, course certificate upon passing

What skills will you gain? 

  • Hardware manipulation
  • Raspberry Pi Installation and use as a penetration testing platform (Kali and Arch linux)
  • Raspberry Pi as a network security device (Firewall and IDS system installation with Arch linux) for IoT
  • Hardware manipulation for network and appliance security
  • Penetration testing and security auditing using hardware
    • HID attacks using Arduino and custom hardware
    • WiFi Deauthing using NodeMCU
    • Keylogger attacks with Arduino based devices

Example tools that will be used:

  • Metasploit
  • John the Ripper Jumbo
  • NagiosPi
  • NodeMCU
  • Arch Linux Distro
  • Snort
  • NextCloud

Example attacks that will be demonstrated: 

  • HID attacks
  • payload run with Metasploit
  • Password attacks
  • Wifi Deauthing
  • keylogger attacks
  • Psychson
  • BadUSB

What will you learn about? 

  • How Raspberry Pi can be useful to penetration testers
  • What kinds of attacks can be performed with Raspberry Pi and other MCBs
  • What open source software works well when setting up Raspberry Pi for security
  • How to protect against hardware attacks done with Raspberry Pi

What will you need?

  • PC with a preferred operating system (Mac OSX 10.11+, Windows 7+, Linux)
  • Raspberry Pi 2 or 3
  • Arduino and Teensy hardware

Course prerequisites: 

  • Programming Basics
    • Basic scripting language knowledge (Python, Javascript or bash scripting)
    • Pseudocode knowledge in order to understand code snippets that you will be supplied with
  • Linux Bash usage basics

Click to subscribe for course updates >>


COURSE SYLLABUS


Module 1: Pentesting with Raspberry Pi

Raspberry Pi is revolutionary hardware that gives us the capabilities of a complete system in the palm of our hands. This means that we can produce attacks and automate them, on the go, with ways that were never before even imagined. For that reason, in this module, we examine attacks that can be performed with Raspberry Pi in order to help us with our pentests and make our lives easier.

  • Kali Linux (version 2018.3) on Raspberry Pi
    • Automating attacks on Pi
  • Attacks using only Raspberry
    • HID attacks using Pi Zero
    • Password attacks with John the Ripper Jumbo
    • Automated HID attacks and payload run with Metasploit
  • Standalone pentesting portable station with Raspberry Pi
  • Network monitoring with Raspberry Pi and NagiosPi
  • Automating attacks with Raspberry Pi

Exercises and practicals: 

  • Exercises in this module will include knowledge-based exercises that will reinforce the theoretical background acquired by this module.
  • Also, HID custom attacks and network monitoring attacks will be executed by students in a testing environment that will be alterations of our initial setups, and new attacks that extend the capabilities of the presented ones.

Module 2: Pentesting with Security Related Hardware

Many other hardware alternatives exist that can be exploited in order to extend their capabilities, and help us perform attacks and pentesting processes that most of the time are costly and difficult to execute.

  • Pentesting with open source hardware
    • Open source rubber ducky
    • Wifi Deauthing with NodeMCU
    • Pentesting with Teensy hardware
  • Exploiting USB vulnerabilities for device alteration
    • Psychson
    • BadUSB
  • Pentesting with Arduino devices
    • HID attacks
    • keylogger attacks
  • Physical access hacking hardware and attacks
    • Metasploit usage with hardware attacks
  • Keyloggers and other intermediary hardware for sniffing.

Exercises and practicals: 

  • Exercises in this module will include knowledge-based exercises that will reinforce the theoretical background acquired by this module.
  • Also, some security auditing related exercises will be included, where students will be asked to perform module related attacks (Psychson attack, Teensy HID attack and penetration testing with Arduino and Teensy hardware) in a testing environment, or even extend these attacks.

Module 3: Defence and security using Raspberry Pi

Raspberry Pi can also be used in order to defend and secure our pentesting targets. Most networks come with complex installations that may result in vulnerable systems. In this module, we examine ways that we can implement inexpensive and easy security in our network using a Raspberry Pi.

  • Network security using the Arch Linux Distro
  • IoT security (cameras, smart assistants and others) on Pi connected devices using Pi firewalls on Arch Linux
  • Intrusion detection system using SNORT
  • Building a secure NextCloud with Web application firewall on Pi

Exercises and practicals: 

  • Exercises in this module will include knowledge-based exercises that will reinforce the theoretical background acquired by this module.
  • Also, some practical implementations of the material examined in this module will be executed by students, with defence techniques (custom firewall and IDS) in testing environments or in the students personal network.

Module 4: Defence and security from hardware related attacks

In previous modules, several attacks have been examined, which may result in several negative outcomes. In order to secure our network, our connected appliances and our PCs, we have to follow several strategies and practices that will save us from hardware attacks.

  • Defence from USB attacks (Psychson, BadUSB, general HID based attacks)
  • Defence from physical access attacks and keyloggers
  • Defence from LAN attacking hardware (LAN turtle and other custom LAN sniffers)
  • RF security and measures (RTL RF hacking hardware and HackRF)
  • Defence strategies

Exercises and practicals:  

  • Exercises in this module will include knowledge-based exercises that will reinforce the theoretical background acquired by this module.
  • Also, some practical examples will be examined, in order to test how to defend from USB, LAN sniffing and RF attacks, and strategies applied to security related hardware.

Final exam

The Final Exam will include knowledge-based exercises as well as security related auditing exercises for practical skill testing.


About your instructor: Thomas Sermpinis

  • 8 years of experience in the Security sector
  • 2 years of experience with Blockchain technologies
  • Programming experience in Java, C++, Python, Solidity and Go
  • Editor of “Penetration Testing with Android Devices”, “Penetration Testing with Kali 2.0” courses of PenTest Magazine
  • Editor of “Web Application Hacking: Data Store attacks and Advanced SQL Injection”, “Android Malware Analysis” and “Bypassing WAF” courses on eForensics Magazine.
  • Editor on DeltaHacker Magazine
  • 5 years of blogging on Security and Blockchain topics ( Cr0w’s Place )
  • Hacking and Android Enthusiast

Course format: 

  • The course is self-paced – you can visit the training whenever you want and your content will be there.
  • Once you’re in, you keep access forever, even when you finish the course.
  • There are no deadlines, except for the ones you set for yourself.
  • We designed the course so that a diligent student will need about 18 hours of work to complete the training.
  • Your time will be filled with reading, videos, and exercises. 

Course Reviews

N.A

ratings
  • 5 stars0
  • 4 stars0
  • 3 stars0
  • 2 stars0
  • 1 stars0

No Reviews found for this course.

TAKE THIS COURSECOURSE STARTS IN 2 weeks
  • $219.00 $199.00
  • 2 weeksSTARTS IN
  • UNLIMITED ACCESS
  • Course Certificate
39 STUDENTS ENROLLED

Who’s Online

There are no users currently online

Certificate Code

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013