An Introduction to IoT Pentesting with Linux

The goal of this class is to help students of all backgrounds learn how to better use Linux for vulnerability research with an emphasis on IoT. This two-day, comprehensive training covers topics ranging from basic router hacking all the way to sophisticated DNS rebinding exploitation. Students will learn fundamental Linux concepts needed to effectively analyze, emulate, and exploit devices. Each lesson concludes with a walkthrough of different vulnerabilities from initial analysis and discovery through exploitation. Topics include: Firmware component emulation Router authentication bypass and password disclosure HTTP command injection UPnP API vulnerability CSRF with automated target discovery DNS rebinding Students will learn about technologies and tools including: QEMU Binwalk BASH cURL Python JavaScript