Today I attended a webinar hosted by EH.net: Basics of IoT Hacking for the Career Pen Tester with guest Jacob Holcomb of Independent Security Evaluators (ISE). A key takeaway for me was to watch how the binwalk tool can be used to extract and review IOT firmware packages.
IoT is not only a hot buzzword, but the sheer number of devices shows that it’s living up to the hype. The benefits can be a game changer for any organization. But at the pace with which the technology is being adopted, we as security professionals know all too well what happens when speed to market is the highest priority. As Trinity said, “You have been down there, Neo. You know that road. You know exactly where it ends. And I know that’s not where you want to be.” On the other hand, this gives us a huge opportunity in the field of IoT security research and bug hunting.
IoT devices are beautiful not only because of their capabilities in such a small package, but also because they are a wonderful merging of several technologies. But with each new added feature, the attack surface gets that much bigger. And anywhere there’s a way in for an attacker, there’s alsoIndependent Security Evaluators (ISE)Independent Security Evaluators (ISE) a paying gig for a security professional… before, during and after a product is released.
Join the experts from Independent Security Evaluators (ISE), the people that bring you IoT Village at DEF CON, DerbyCon, RSA and many others, as they guide you through the inner workings of this great field of ethical hacking with a live demo, discussing career paths, and additional resources to keep you educated in this rapidly changing industry. From those in the maker movement to InfoSec professionals, IoT hacking isn’t just a fun skill, but a lucrative one! Agenda for “Basics of IoT Hacking for the Career Pen Tester”:
Intro by Don Donzal, EH-Net Editor-in-Chief Presentation by Jacob Holcomb, Principal Security Analyst @ ISE About Jake & ISE Understand the process of finding vulnerabilities within IoT devices. Common classes of vulnerabilities which plague IoT devices & How to exploit them Attack Vectors Hardware / Firmware Applications (i.e., Native, WebApps) Network (i.e., Ethernet, Wireless) Cloud Building Your Skillset Live Demo Career Opportunities Secure Software Developer Network Penetration Tester Security Analyst or Bug Hunter Q&A Post Game on EH-Net in the “IoT Group“
Jacob Holcomb (AKA Gimppy) is the principal researcher on several pieces of ISE research, including the landmark publication SOHOpelessly Broken, which discovered over 50 new 0-day vulnerabilities in network routers and served as the foundation for the first-ever router hacking contest at DEFCON. He is skilled in penetration testing, application security, network security, and exploit research and development. A highly regarded speaker, he has presented at security conferences such as BlackHat USA, BlackHat Europe, DEFCON, DerbyCon, BSidesDC, and many others. In addition to projects at work, coding, and his favorite pastime of EIP hunting, Jacob loves to hack his way through the interwebz and has responsibly disclosed dozens of 0-day vulnerabilities in commercial products and services.