Practical IoT Hacking: The Definitive Guide to Attacking the Internet of Things
- 7h 21m
- Beau Woods, Evangelos Deirmentzoglou, Fotios Chantzis, Ioannis Stais, Paulino Calderon
- No Starch Press
- 2021
Drawing from the real-life exploits of five highly regarded IoT security researchers, Practical IoT Hacking teaches you how to test IoT systems, devices, and protocols to mitigate risk.
The book begins by walking you through common threats and a threat modeling framework. You’ll develop a security testing methodology, discover the art of passive reconnaissance, and assess security on all layers of an IoT system. Next, you’ll perform VLAN hopping, crack MQTT authentication, abuse UPnP, develop an mDNS poisoner, and craft WS-Discovery attacks.
You’ll tackle both hardware hacking and radio hacking, with in-depth coverage of attacks against embedded IoT devices and RFID systems.
You’ll also learn how to:
- Write a DICOM service scanner as an NSE module
- Hack a microcontroller through the UART and SWD interfaces
- Reverse engineer firmware and analyze mobile companion apps
- Develop an NFC fuzzer using Proxmark3
- Hack a smart home by jamming wireless alarms, playing back IP camera feeds, and controlling a smart treadmill
The tools and devices you’ll use are affordable and readily available, so you can easily practice what you learn. You can also download this book’s code examples at
https://github.com/practical-iot-hacking.
Whether you’re a security researcher, IT team member, or hacking hobbyist, you’ll find Practical IoT Hacking indispensable in your efforts to hack all the things
REQUIREMENTS: Basic knowledge of Linux command line, TCP/IP, and programming
About the Author
Fotios (Fotis) Chantzis is laying the foundation for a safe and secure Artificial General Intelligence (AGI) at OpenAI. He has been a member of the core Nmap development team since 2009 and is the creator of Ncrack, Nmap's network authentication cracking tool.
Ioannis Stais is a senior IT security researcher and Head of Red Teaming at CENSUS S.A. He has presented in the past in security conferences such as Black Hat Europe, Troopers and Security Bsides.
Paulino Calderon is a published author and international speaker with over 12 years of experience in network and application security. When he isn’t traveling to security conferences or consulting for Fortune 500 companies with Websec, a company he co-founded in 2011, he spends peaceful days enjoying the beach in Cozumel, Mexico.
Evangelos Deirmentzoglou is an information security professional interested in solving security problems at scale. He led and structured the cybersecurity capability of the financial tech startup Revolut. A member of the open-source community since 2015, he has made multiple contributions to Nmap and Ncrack.
Beau Woods is a cyber safety innovation fellow with the Atlantic Council and a leader with the I Am The Cavalry grassroots initiative. He is also the founder and CEO of Stratigos Security and sits on the board of several nonprofits. Beau is a published author and frequent public speaker.
In this Book
-
Foreword
-
Introduction
-
The IoT Security World
-
Threat Modeling
-
A Security Testing Methodology
-
Network Assessments
-
Analyzing Network Protocols
-
Exploiting Zero-Configuration Networking
-
UART, JTAG, and SWD Exploitation
-
SPI and I2C
-
Firmware Hacking
-
Short Range Radio: Abusing RFID
-
Bluetooth Low Energy
-
Medium Range Radio: Hacking Wi-Fi
-
Long Range Radio: LPWAN
-
Attacking Mobile Applications
-
Hacking the Smart Home
-
Tools for IoT Hacking