Book Image

Practical Hardware Pentesting

By : Jean-Georges Valle
Book Image

Practical Hardware Pentesting

By: Jean-Georges Valle

Overview of this book

If you’re looking for hands-on introduction to pentesting that delivers, then Practical Hardware Pentesting is for you. This book will help you plan attacks, hack your embedded devices, and secure the hardware infrastructure. Throughout the book, you will see how a specific device works, explore the functional and security aspects, and learn how a system senses and communicates with the outside world. You’ll set up a lab from scratch and then gradually work towards an advanced hardware lab—but you’ll still be able to follow along with a basic setup. As you progress, you’ll get to grips with the global architecture of an embedded system and sniff on-board traffic, learn how to identify and formalize threats to the embedded system, and understand its relationship with its ecosystem. You’ll discover how to analyze your hardware and locate its possible system vulnerabilities before going on to explore firmware dumping, analysis, and exploitation. The reverse engineering chapter will get you thinking from an attacker point of view; you’ll understand how devices are attacked, how they are compromised, and how you can harden a device against the most common hardware attack vectors. By the end of this book, you will be well-versed with security best practices and understand how they can be implemented to secure your hardware.

Related Content you might be interested in

Current Title:

Small book image
Practical Hardware Pentesting
Jean-Georges Valle
Apr, 2021 | 382 pages
Small book image
IoT Penetration Testing Cookbook.
Aditya Gupta | Aaron Guzman
Nov, 2017 | 452 pages
Small book image
Penetration Testing Bootcamp
Jason Beltrame
Jun, 2017 | 258 pages
Small book image
Embedded Systems Architecture
Daniele Lacamera
May, 2018 | 324 pages
Table of Contents (20 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Code in Action
Download the color images
Conventions used
Get in touch
Reviews
1
Section 1: Getting to Know the Hardware
Section 1: Getting to Know the Hardware
Free Chapter
2
Chapter 1: Setting Up Your Pentesting Lab and Ensuring Lab Safety
Chapter 1: Setting Up Your Pentesting Lab and Ensuring Lab Safety
Prerequisites – the basics you will need
Approach to buying test equipment
The component pantry
Sample labs
Summary
Questions
3
Chapter 2: Understanding Your Target
Chapter 2: Understanding Your Target
The CPU block
The storage block
The power block
The networking blocks
The sensor blocks
The actuator blocks
The interface blocks
Summary
Questions
Further reading
4
Chapter 3: Identifying the Components of Your Target
Chapter 3: Identifying the Components of Your Target
Technical requirements
Harvesting information – reading the manual
Harvesting information — researching on the internet
Starting the system diagram
Continuing system exploration – identifying and putting components in the diagram
Summary
Questions
5
Chapter 4: Approaching and Planning the Test
Chapter 4: Approaching and Planning the Test
The STRIDE methodology
Security properties – what do we expect?
Reaching the crown jewels – how do we create impacts?
Planning the test
Summary
Questions
Further reading
6
Section 2: Attacking the Hardware
Section 2: Attacking the Hardware
7
Chapter 5: Our Main Attack Platform
Chapter 5: Our Main Attack Platform
Technical requirements
Introduction to the bluepill board
Why C and not Arduino?
The toolchain
Introduction to C
Summary
Questions
Further reading
8
Chapter 6: Sniffing and Attacking the Most Common Protocols
Chapter 6: Sniffing and Attacking the Most Common Protocols
Technical requirements
Understanding I2C
Understanding SPI
Understanding UART
Understanding D1W
Summary
Questions
9
Chapter 7: Extracting and Manipulating Onboard Storage
Chapter 7: Extracting and Manipulating Onboard Storage
Technical requirements
Finding the data
Extracting the data
Understanding unknown storage structures
Mounting filesystems
Repacking
Summary
Questions
Further reading
10
Chapter 8: Attacking Wi-Fi, Bluetooth, and BLE
Chapter 8: Attacking Wi-Fi, Bluetooth, and BLE
Technical requirements
Basics of networking
Networking in embedded systems using Wi-Fi
Networking in embedded systems using Bluetooth
Summary
Questions
11
Chapter 9: Software-Defined Radio Attacks
Chapter 9: Software-Defined Radio Attacks
Technical requirements
Introduction to arbitrary radio/SDR
Understanding and selecting the hardware
Looking into the radio spectrum
Finding back the data
Identifying modulations – a didactic example
Demodulating the signal
Sending it back
Summary
Questions
12
Section 3: Attacking the Software
Section 3: Attacking the Software
13
Chapter 10: Accessing the Debug Interfaces
Chapter 10: Accessing the Debug Interfaces
Technical requirements
Debugging/programming protocols – What are they and what are they used for?
Finding the pins
Using OpenOCD
Practical case
Summary
Questions
14
Chapter 11: Static Reverse Engineering and Analysis
Chapter 11: Static Reverse Engineering and Analysis
Technical requirements
Executable formats
Dump formats and memory images
Analyzing firmware – introduction to Ghidra
Summary
Questions
15
Chapter 12: Dynamic Reverse Engineering
Chapter 12: Dynamic Reverse Engineering
Technical requirements
What is dynamic reverse engineering and why do it?
Leveraging OpenOCD and GDB
Understanding ARM assembly – a primer
Using dynamic reverse engineering – an example
Summary
Questions
16
Chapter 13: Scoring and Reporting Your Vulnerabilities
Chapter 13: Scoring and Reporting Your Vulnerabilities
Scoring your vulnerabilities
Being understandable to everyone
When engineers do not want to re-engineer
Summary
Questions
17
Chapter 14: Wrapping It Up – Mitigations and Good Practices
Chapter 14: Wrapping It Up – Mitigations and Good Practices
Industry good practices – what are they and where to find them
Common problems and their mitigations
What about now? Self-teaching and your first project
Closing words
18
Assessments
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Why subscribe?
19
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Leave a review - let other readers know what you think

Chapter 13

  1. This is an example of a matrix (the company is accepting a much higher overall risk level):

    1 is considered as irrelevant, 2-3 low, 4-5 medium, 6-7 high, and 8, 9, and 10 as critical.

  2. This is an example of a matrix where we reflect the possibility of a more refined attacker by reducing the impact of complexity on the reduction of the final risk (that is, the attacker is more skilled and can pull off more complex attacks easily):

    This is to avoid the client artificially changing the scales in order to lower the scoring of vulnerabilities that they consider annoying to fix or remediate.

  3. In order for you to have an internal party at the client that is acting as a neutral party (that is, compliance has no conflict of interest with the technical implementation team when it comes to do things properly) and usually have a much stricter approach to regulation compliance than the business.
Previous Section
End of Section 13
Next Section