Securing IoT: From Security to Practical Pentesting on IoT

The Internet of things is the network of physical objects or things embedded with electronics, software, sensors, and network connectivity which enables these objects to collect and exchange data whereas IoT Pentesting is much like taking a battering ram to the door of a fortress. You keep pounding away but try to find a secret backdoor to enter through.

With this practically oriented course, you will first start with deep dive into common IoT components and technologies to protect your systems and devices. Then you will explore some common IoT use cases across Industries for connected vehicles, microgrids and enterprise drone systems, along with this you will also be focusing on threats to IoT systems, attack vectors, current security regulations, and standards and common security architectures. Moving on, you will learn how to perform pentesting on advanced IoT Devices including Amazon Eco, Logitech Cameras, the Google Nexus phone, Vyos Gateways, TP-Link Smart Switches, and firewalls to ensure that the hardware devices and the software are free of any security loopholes.

Contents and Overview

This training program includes 2 complete courses, carefully chosen to give you the most comprehensive training possible.

The first course, Fundamentals of IoT Security will cover fundamental aspects of the Internet of Things, to include a review of use cases across various industries, we will discuss common IoT components and technologies to provide a baseline understanding of the systems and devices that you need to protect. We will also review common security architectures that can be applied to IoT systems, and discusses regulations and standards that apply to secure IoT systems. We will study of IOT components such as the IoT (hardware, real-time operating systems (RTOS), Application Programming Interfaces (APIs), messaging and communication protocols and backend services. We will discuss threats to IoT systems, attack vectors, current security regulations, and standards and common security architectures. We will examine Privacy by Design (PbD) principles and walk through an example Privacy Impact Assessment (PIA). By the end of this course, you will understand the fundamentals of IoT systems and IoT security and be able to identify threats and required mitigations to their own IoT systems.

The second course, Hands-On IoT Penetration Testing begins with the IoT device architecture to help you understand the most common vulnerabilities. You'll explore networks, sniffing out vulnerabilities while also ensuring that the hardware devices and the software running on them are free of any security loopholes. Moving on, you will learn how to perform pentesting on advanced IoT Devices including Amazon Eco, Logitech Cameras, the Google Nexus phone, Vyos Gateways, TP-Link Smart Switches, and firewalls. By the end of the course, you will be able to create IoT pentesting reports. After completion of the course, you will be able to penetrate even the most densely populated IoT networks.

About the Authors:

• Brian Russell is a chief engineer focused on cybersecurity solutions for Leidos. He oversees the design and development of security solutions and the implementation of privacy and trust controls for customers, with a focus on securing the Internet of Things (IoT). Brian leads efforts that include security engineering for Unmanned Aircraft Systems (UAS) and connected vehicles and development security systems, including high assurance cryptographic key management systems. He has 16 years of information security experience. He serves as chair of the Cloud Security Alliance (CSA) Internet of Things (IoT) Working Group, and as a member of the Federal Communications Commission (FCC) Technological Advisory Council (TAC) Cybersecurity Working Group. Brian also volunteers in support of the Center for Internet Security (CIS) 20 Critical Security Controls Editorial Panel and the Securing Smart Cities (SSC) Initiative

  
  

• Sunil Gupta is a certified ethical hacker. Currently, he teaches 45,000+ students online in 150+ countries. He is a specialist in ethical hacking and cybersecurity.

  His strengths lie in vulnerability assessment, penetration testing, intrusion detection, risk identification, data analysis, reporting, and briefing.