Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying IoT Penetration Testing Cookbook
  • Table Of Contents Toc
  • Feedback & Rating feedback
IoT Penetration Testing Cookbook

IoT Penetration Testing Cookbook

3.4 (5)
Buy this Book
close
close
IoT Penetration Testing Cookbook

IoT Penetration Testing Cookbook

3.4 (5)
Buy this Book

Overview of this book

IoT is an upcoming trend in the IT industry today; there are a lot of IoT devices on the market, but there is a minimal understanding of how to safeguard them. If you are a security enthusiast or pentester, this book will help you understand how to exploit and secure IoT devices. This book follows a recipe-based approach, giving you practical experience in securing upcoming smart devices. It starts with practical recipes on how to analyze IoT device architectures and identify vulnerabilities. Then, it focuses on enhancing your pentesting skill set, teaching you how to exploit a vulnerable IoT device, along with identifying vulnerabilities in IoT device firmware. Next, this book teaches you how to secure embedded devices and exploit smart devices with hardware techniques. Moving forward, this book reveals advanced hardware pentesting techniques, along with software-defined, radio-based IoT pentesting with Zigbee and Z-Wave. Finally, this book also covers how to use new and unique pentesting techniques for different IoT devices, along with smart devices connected to the cloud. By the end of this book, you will have a fair understanding of how to use different pentesting techniques to exploit and secure various IoT devices.
Table of Contents (12 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Sections
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Lock Free Chapter
1
IoT Penetration Testing
chevron up
Icon
IoT Penetration Testing
Icon
Introduction
Icon
Defining the IoT ecosystem and penetration testing life cycle
Icon
Firmware 101
Icon
Web applications in IoT
Icon
Mobile applications in IoT
Icon
Device basics
Icon
Introduction to IoT's wireless communications
Icon
Setting up an IoT pen testing lab
2
IoT Threat Modeling
Icon
IoT Threat Modeling
Icon
Introduction
Icon
Getting familiar with threat modeling concepts
Icon
Anatomy of threat modeling an IoT device
Icon
Threat modeling firmware
Icon
Threat modeling of an IoT web application
Icon
Threat modeling an IoT mobile application
Icon
Threat modeling IoT device hardware
Icon
Threat modeling IoT radio communication
3
Analyzing and Exploiting Firmware
Icon
Analyzing and Exploiting Firmware
Icon
Introduction
Icon
Defining firmware analysis methodology
Icon
Obtaining firmware
Icon
Analyzing firmware
Icon
Analyzing filesystem contents
Icon
Emulating firmware for dynamic analysis
Icon
Getting started with ARM and MIPS
Icon
Exploiting MIPS
Icon
Backdooring firmware with firmware-mod-kit (FMK)
4
Exploitation of Embedded Web Applications
Icon
Exploitation of Embedded Web Applications
Icon
Introduction
Icon
Getting started with web app security testing
Icon
Using Burp Suite
Icon
Using OWASP ZAP
Icon
Exploiting command injection
Icon
Exploiting XSS
Icon
Exploiting CSRF
5
Exploiting IoT Mobile Applications
Icon
Exploiting IoT Mobile Applications
Icon
Introduction
Icon
Acquiring IoT mobile applications
Icon
Decompiling Android applications
Icon
Decrypting iOS applications
Icon
Using MobSF for static analysis
Icon
Analyzing iOS data storage with idb
Icon
Analyzing Android data storage
Icon
Performing dynamic analysis testing
6
IoT Device Hacking
Icon
IoT Device Hacking
Icon
Introduction
Icon
Hardware exploitation versus software exploitation
Icon
Hardware hacking methodology
Icon
Hardware reconnaissance techniques
Icon
Electronics 101
Icon
Identifying buses and interfaces
Icon
Serial interfacing for embedded devices
Icon
NAND glitching
Icon
JTAG debugging and exploitation
7
Radio Hacking
Icon
Radio Hacking
Icon
Introduction
Icon
Getting familiar with SDR
Icon
Hands-on with SDR tools
Icon
Understanding and exploiting ZigBee
Icon
Gaining insight into Z-Wave
Icon
Understanding and exploiting BLE
8
Firmware Security Best Practices
Icon
Firmware Security Best Practices
Icon
Introduction
Icon
Preventing memory-corruption vulnerabilities
Icon
Preventing injection attacks
Icon
Securing firmware updates
Icon
Securing sensitive information
Icon
Hardening embedded frameworks
Icon
Securing third-party code and components
9
Mobile Security Best Practices
Icon
Mobile Security Best Practices
Icon
Introduction
Icon
Storing data securely
Icon
Implementing authentication controls
Icon
Securing data in transit
Icon
Securely using Android and iOS platform components
Icon
Securing third-party code and components
Icon
Employing reverse engineering protections
10
Securing Hardware
Icon
Securing Hardware
Icon
Introduction
Icon
Hardware best practices
Icon
Uncommon screw types
Icon
Antitamper and hardware protection mechanisms
Icon
Side channel attack protections
Icon
Exposed interfaces
Icon
Encrypting communication data and TPM
11
Advanced IoT Exploitation and Security Automation
Icon
Advanced IoT Exploitation and Security Automation
Icon
Introduction
Icon
Finding ROP gadgets
Icon
Chaining web security vulnerabilities
Icon
Configuring continuous integration testing for firmware
Icon
Configuring continuous integration testing for web applications
Icon
Configuring continuous integration testing for mobile applications

IoT Penetration Testing

Although the term IoT is known to have been coined in 1999 by MIT's Auto-ID Labs, embedded devices have been long-standing in technology for decades. The difference between new IoT and the embedded device world pertains to the legacy of design decisions and configurations that were never intended to be made public on the internet. Without manufacturing companies considering the consequences, widespread exploitation of IoT devices is now taking place, causing some of the world's biggest Distributed Denial of Service (DDoS) attacks ever recorded. We will cover various aspects of IoT pen testing and practical security guidance to provide preventative measures against the attacks we are currently seeing in the market.

To understand the origin of IoT you can visit this link:

http://autoid.mit.edu/iot_research_initiative

Details on the aforementioned DDoS attacks can be found via the following link: https://www.us-cert.gov/ncas/alerts/TA16-288A

In this chapter, we will cover the following topics:

  • Defining the IoT ecosystem and pen testing life cycle
  • Firmware 101
  • Web applications in IoT
  • Mobile applications in IoT
  • Device basics
  • Introduction to IoT's wireless communications
  • Setting up an IoT pen testing lab

The goal of this chapter is to set a foundation for IoT penetration testing, which will then be used in the subsequent chapters ahead.

Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
IoT Penetration Testing Cookbook
End of Section 1
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon