Book Image

Practical Hardware Pentesting

By : Jean-Georges Valle
Book Image

Practical Hardware Pentesting

By: Jean-Georges Valle

Overview of this book

If you’re looking for hands-on introduction to pentesting that delivers, then Practical Hardware Pentesting is for you. This book will help you plan attacks, hack your embedded devices, and secure the hardware infrastructure. Throughout the book, you will see how a specific device works, explore the functional and security aspects, and learn how a system senses and communicates with the outside world. You’ll set up a lab from scratch and then gradually work towards an advanced hardware lab—but you’ll still be able to follow along with a basic setup. As you progress, you’ll get to grips with the global architecture of an embedded system and sniff on-board traffic, learn how to identify and formalize threats to the embedded system, and understand its relationship with its ecosystem. You’ll discover how to analyze your hardware and locate its possible system vulnerabilities before going on to explore firmware dumping, analysis, and exploitation. The reverse engineering chapter will get you thinking from an attacker point of view; you’ll understand how devices are attacked, how they are compromised, and how you can harden a device against the most common hardware attack vectors. By the end of this book, you will be well-versed with security best practices and understand how they can be implemented to secure your hardware.

Related Content you might be interested in

Current Title:

Small book image
Practical Hardware Pentesting
Jean-Georges Valle
Apr, 2021 | 382 pages
Small book image
IoT Penetration Testing Cookbook.
Aditya Gupta | Aaron Guzman
Nov, 2017 | 452 pages
Small book image
Penetration Testing Bootcamp
Jason Beltrame
Jun, 2017 | 258 pages
Small book image
Embedded Systems Architecture
Daniele Lacamera
May, 2018 | 324 pages
Table of Contents (20 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Code in Action
Download the color images
Conventions used
Get in touch
Reviews
1
Section 1: Getting to Know the Hardware
Section 1: Getting to Know the Hardware
Free Chapter
2
Chapter 1: Setting Up Your Pentesting Lab and Ensuring Lab Safety
Chapter 1: Setting Up Your Pentesting Lab and Ensuring Lab Safety
Prerequisites – the basics you will need
Approach to buying test equipment
The component pantry
Sample labs
Summary
Questions
3
Chapter 2: Understanding Your Target
Chapter 2: Understanding Your Target
The CPU block
The storage block
The power block
The networking blocks
The sensor blocks
The actuator blocks
The interface blocks
Summary
Questions
Further reading
4
Chapter 3: Identifying the Components of Your Target
Chapter 3: Identifying the Components of Your Target
Technical requirements
Harvesting information – reading the manual
Harvesting information — researching on the internet
Starting the system diagram
Continuing system exploration – identifying and putting components in the diagram
Summary
Questions
5
Chapter 4: Approaching and Planning the Test
Chapter 4: Approaching and Planning the Test
The STRIDE methodology
Security properties – what do we expect?
Reaching the crown jewels – how do we create impacts?
Planning the test
Summary
Questions
Further reading
6
Section 2: Attacking the Hardware
Section 2: Attacking the Hardware
7
Chapter 5: Our Main Attack Platform
Chapter 5: Our Main Attack Platform
Technical requirements
Introduction to the bluepill board
Why C and not Arduino?
The toolchain
Introduction to C
Summary
Questions
Further reading
8
Chapter 6: Sniffing and Attacking the Most Common Protocols
Chapter 6: Sniffing and Attacking the Most Common Protocols
Technical requirements
Understanding I2C
Understanding SPI
Understanding UART
Understanding D1W
Summary
Questions
9
Chapter 7: Extracting and Manipulating Onboard Storage
Chapter 7: Extracting and Manipulating Onboard Storage
Technical requirements
Finding the data
Extracting the data
Understanding unknown storage structures
Mounting filesystems
Repacking
Summary
Questions
Further reading
10
Chapter 8: Attacking Wi-Fi, Bluetooth, and BLE
Chapter 8: Attacking Wi-Fi, Bluetooth, and BLE
Technical requirements
Basics of networking
Networking in embedded systems using Wi-Fi
Networking in embedded systems using Bluetooth
Summary
Questions
11
Chapter 9: Software-Defined Radio Attacks
Chapter 9: Software-Defined Radio Attacks
Technical requirements
Introduction to arbitrary radio/SDR
Understanding and selecting the hardware
Looking into the radio spectrum
Finding back the data
Identifying modulations – a didactic example
Demodulating the signal
Sending it back
Summary
Questions
12
Section 3: Attacking the Software
Section 3: Attacking the Software
13
Chapter 10: Accessing the Debug Interfaces
Chapter 10: Accessing the Debug Interfaces
Technical requirements
Debugging/programming protocols – What are they and what are they used for?
Finding the pins
Using OpenOCD
Practical case
Summary
Questions
14
Chapter 11: Static Reverse Engineering and Analysis
Chapter 11: Static Reverse Engineering and Analysis
Technical requirements
Executable formats
Dump formats and memory images
Analyzing firmware – introduction to Ghidra
Summary
Questions
15
Chapter 12: Dynamic Reverse Engineering
Chapter 12: Dynamic Reverse Engineering
Technical requirements
What is dynamic reverse engineering and why do it?
Leveraging OpenOCD and GDB
Understanding ARM assembly – a primer
Using dynamic reverse engineering – an example
Summary
Questions
16
Chapter 13: Scoring and Reporting Your Vulnerabilities
Chapter 13: Scoring and Reporting Your Vulnerabilities
Scoring your vulnerabilities
Being understandable to everyone
When engineers do not want to re-engineer
Summary
Questions
17
Chapter 14: Wrapping It Up – Mitigations and Good Practices
Chapter 14: Wrapping It Up – Mitigations and Good Practices
Industry good practices – what are they and where to find them
Common problems and their mitigations
What about now? Self-teaching and your first project
Closing words
18
Assessments
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Why subscribe?
19
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Leave a review - let other readers know what you think

What this book covers

Chapter 1, Setting Up Your Pentesting Lab and Ensuring Lab Safety, will go through what hardware to buy and when, how to arrange your lab and how to keep yourself safe.

Chapter 2, Understanding Your Target, explains how to understand the functionality of a system, and how to reverse engineer an embedded system.

Chapter 3, Identifying the Components of Your Target, will help understand how to identify chips and their relationships.

Chapter 4, Approaching and Planning the Test, will show how to identify the risk scenarios and threats to a target system and how to organize the test

Chapter 5, Our Main Attack Platform, will go over the microcontroller platform we will use to attack the target systems, and will demonstrate the usage of common hardware protocols

Chapter 6, Sniffing and Attacking the Most Common Protocols, covers the most common hardware protocols and how to attack them

Chapter 7, Extracting and Manipulating Onboard Storage, covers the different hardware formats used to store information and how to extract and manipulate them

Chapter 8, Attacking Wi-Fi, Bluetooth, and BLE, covers the most common forms of wireless communication and how to attack them

Chapter 9, Software-Defined Radio Attacks, introduces you to software-defined radio and how to intercept and attack proprietary wireless communications

Chapter 10, Accessing the Debug Interfaces, introduces you to hardware-specific debugging protocols and how to exploit them in order to attack embedded systems

Chapter 11, Static Reverse Engineering and Analysis, introduces you to binary reverse engineering tools and methodology in order to understand and attack the firmware that runs on your target system.

Chapter 12, Dynamic Reverse Engineering, leverages the two previous chapters to show you how to interact and attack firmware while it is running on the target system.

Chapter 13, Scoring and Reporting Your Vulnerabilities, teaches you how to report the problems you have found on the target system to your clients.

Chapter 14, Wrapping It Up – Mitigations and Good Practices, orients you towards the solutions that can be given to your clients in order to solve the problems you have found.

Previous Section
Next Section