Requirements

Participants should be comfortable with reading C code and simple x86-64 assembly listings. Experience with reverse engineering is not required but will help when debugging the exercises.

You should also bring a laptop with an ssh client to connect to the challenge servers and a Software Reverse Engineering tool such as Ghidra (Recommended), Radare2, or IDA. No additional software is required as all the tools will be provided remotely.

Familiarity with tmux, pwntools and pwndbg and the command line will help but are absolutely not required.

Tools

The following tools will be presented and used in the workshop:

• Ghidra SRE
• gdb and pwndbg
• Python and pwntools
• ROPGadget

Are you a penetration tester/security researcher interested in IoT security but are reluctant to start because you have been told that it requires knowledge of hardware internals, hardware security, IoT architecture, protocols and plethora of tools both software and hardware? If yes, then this workshop is meant for you. While it does require considerate amount of knowledge in the domain, it is not as difficult as you may think. In this workshop we will introduce you to the some of the important concepts and tools in a very simple way and will try to map it to general security techniques.

The primary focus of this workshop is to introduce the attendees to the open source IoT Security Testing framework - EXPLIoT (https://gitlab.com/expliot_framework/expliot) and enable them to use it as well as write plugins for new IoT based exploits and analysis test cases.

As we started digging deeper into IoT security, one thing was evident that there was a lot of time being spent in understanding IoT tools and protocols. So, we decided to create a flexible and extendable framework that would help the security community and us in writing quick IoT test cases and exploits. The objectives of the framework are:

1. Easy to use

2. Extendable

3. Support for hardware, radio and IoT protocol analysis

EXPLIoT currently supports the following protocols which can be utilized for writing new plugins/exploits:

1. Radio – BLE

2. Network – MQTT, CoAP, DICOM, MODBUS

3. Hardware – CAN, SPI, I2C, UART, JTAG

This talk would give attendees a first-hand view of the functionality, how to use it and how to write plugins to extend the framework.

Workshop outline:

• IoT Attack Surface

• Expliot Framework

-- Architecture

-- Executing plugins

-- Extending the framework by writing your own plugins

• MQTT

-- Protocol

-- Security issues

-- Hands-on with plugins

-- Write a custom Plugin

• BLE plugins Hands-on/Demo

• CANbus plugins Hands-on/Demo

• DICOM plugins Hands-on/Demo

• UART Plugins Hands-on/Demo

• Hackathon - Get creative and write your own plugin

Pre-requisites

• Knowledge of generic security testing (web, mobile or infra)

• Knowledge of Python

• Knowledge of Linux

• Laptop with Linux OS and EXPLIoT installed

• Install dependencies - https://expliot.readthedocs.io/en/latest/installation/manual-installation.html

• Install EXPLIoT - $ sudo pip3 install expliot

=================================================

Notes

I am the author of EXPLIoT framework and love to share information on how it can make the life of an IoT Security test easier.

=================================================

Audience Level

All

=================================================

Important

Duration of the Workshop - 3-4 hrs

=================================================

At the core of every IoT device is its firmware. Detailed security assessment of devices starts with obtaining a copy of the firmware. The firmware can then be statically analyzed or dynamically. Several techniques exist for firmware extraction.

This workshop takes participants through a low level firmware extraction process which is easy to perform and doesn’t require expensive hardware.

details of the workshop:

We shall present how do it using a cheap USB to serial adapter and open source softwares on a linux computer.

The workshop will be going through the process with the following steps :

1. Understanding the reconnaissance phase related to hardware

2. Examining the hardware and find a serial port

3. If there is no serial port obviously available, chase the working combination of pins to reveal a serial port with a multimeter

4. Setting up of your minicom working environment and connecting the adapter

5. Extracting the firmware

6. Analyze

=================================================

Notes

technical requirements:

Attendees can also bring their own devices (mostly IoT, or routers), I'll have extra adapters and wires to provide for the workshop.

Attendees need to bring their own laptop.

The workshop is done in *nix environment, Linux or Mac (for binaries).

Do you have a principal network and repo from where people can download the material for the workshop (binaries, slides)?

In any case, I publish configuration requirements soon enough before the con so people can have the time to set up.

=================================================

Duration of the wortkshop

2 hours

=================================================

Audience Level

Entry level

Summary

In intro to fuzzing we will discuss and understand all parts to a successful fuzzing and why it’s needed, understanding various fuzzer’s and setting up the environment.

We will move ahead and start with AFL, understating the installation part. Also, we will quickly have a look on AFL key components which is, process timing, stages, findings, yields, path geometry and stability. We have created certain vulnerable binaries from which we will demonstrate overflows using AFL and analyzing the targets, crashes and hangs which gets generated by AFL.

After that we will move ahead and start with smart fuzzing where we will integrate ASAN with AFL, but before that we will give a brief understanding about ASAN and MSAN and how it is used to detects the runtime bugs during the compilation of a binary.

In end we will give small exercise’s to students to gets hands-on, on what they have learned so far and clear their doubts. We will quickly wrap-up our workshop by discussing about how they can leverage this knowledge against the bug bounty programs and then show casing multiple bugs which we found during our research..

Verifpal is new software for verifying the security of cryptographic protocols that aims is to work better for real-world practitioners, students and engineers without sacrificing comprehensive formal verification features. Verifpal has already been used to verify security properties for Signal, Scuttlebutt, TLS 1.3 and other protocols. It is a community-focused project, and available under a GPLv3 license.

In this workshop, you will learn how to use Verifpal to model and verify the security goals of advanced, cutting-edge protocols such as Signal and TLS 1.3. No prior knowledge in formal verification is necessary — Verifpal is specifically tailored for beginners and newcomers!

OUR SCENARIOS

BLUE Exercise 1: Threat modeling study of your wireless network that you own or have assumed

BLUE Exercise 2: Analysis Environmental Threats

• Download pcap file
• Analysis environmental threats
• Report result of the analysis

BLUE Exercise 3: Can you detect abnormal Activities?

BLUE Exercise 4: Can you detect abnormal Activities?

• Detect attack type
• Which users were affected by the attack?
• Targeted organization?

OUR GIFTS (You can take this to home)

• We will give wifi blue team box
• Free training videos about course