Telecoms, Media & Technology is part of the Knowledge and Networking Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 3099067.

Informa

IoT Village: Hacking The Internet of Things

An immersive, technical, one-day IoT Security workshop hosted by Independent Security Evaluators (ISE)

October 15th, 2018 | 9:00am - 5:00pm

About IoT Village

Organized by security consulting and research firm Independent Security Evaluators (ISE)

IoT Village delivers advocacy for and expertise on security advancements in Internet of Things devices. IoT Village hosts talks by expert security researchers who dissect real-world exploits and vulnerabilities and hacking contests consisting of off-the-shelf IoT devices.

AGENDA BREAKDOWN

Session One: Lecture

9:00am - 1:00pm

The morning will consist of an introduction to Hacking IoT.  This four hour lecture-style presentation session teaches students about secure design principles, effective use of hacking tools, and strategies & tactics best utilized to be successful in the hacking contest. Students will learn how to discover and exploit vulnerabilities in IoT devices.

Session Two: CTF - Hands-On Hacking Contest

1:00pm - 5:00pm

The remainder of the day is focused on this highly interactive, hands-on competition, trying to find and exploit vulnerabilities in a range of connected devices.  Students who can find vulnerabilities in devices known to be vulnerable win points; whoever obtains the most points wins an award!  Instructor subject matter experts will be actively engaging with students with on-the-spot coaching to help students learn and compete.

Tools You Will Learn
  • nmap
  • netcat
  • Packet capturing utilities 
  • Burp Suite 
  • Browser developer tools (both built-in and extensions or plug-ins)
  • Spike and other fuzzers
  •  GDB and other debuggers

ABOUT THE INSTRUCTORS

JOSH DOMANGUE


Josh Domangue serves Independent Security Evaluators (ISE) as Security Analyst. At ISE, Mr. Domangue works on various projects involving application security, network security, and reverse engineering. As one of the main organizers of the SOHOpelessly Broken CTF at IoT Village, Mr. Domangue has continued to improve the IoT hacking challenges and overall quality of the contest. Outside of work, he enjoys participating in security competitions, particularly CTFs. He also organizes and presents lectures at various venues on a wide range of topics within the field of information security.

IAN SINDERMANN


Ian Sindermann is an Associate Security Analyst at Independent Security Evaluators (ISE), where he conducts rigorous security assessments of various computer hardware and software products. With a primarily self-taught education and prior experience as a wannabe sysadmin, his background lies in web application security, IoT devices, and *NIX systems. Insatiable curiosity has led to a variety of other interests including mainframes, legacy systems, hardware hacking, and whatever tech obscurities he can get his hands on.

LEARNING OBJECTIVES


  • Understand the process of finding vulnerabilities within IoT devices.
  • Understand common classes of vulnerabilities which plague IoT devices, how to exploit them, and what developers can do to mitigate them.
  • Gain hands-on experience with exploiting IoT devices.
  • Fundamentals of IoT security (aka “Why most IoT devices are vulnerable”)
  • IoT Threat modeling 
  • How to identify & resolve vulnerabilities in Internet of Things technologies 
  • Approaches to and best practices for securing IoT products
  • Hands on experience finding and exploiting vulnerabilities

WHO SHOULD ATTEND


You will benefit most from this workshop if you have a technical or engineering background and want to better understand how IoT devices get exploited, and what to do about it or if you are:

  • A programmer interested in learning how to build security into solutions
  • A technology professional who wants to retool their skill set and/or learn new tools
  • A software or hardware engineer working for a company that may expand into the connected device space
  • A technology professional working at the intersection of software and hardware
  • A technology professional working in an environment that may be impacted by “connected devices” especially in regard to issues such as user provisioning, access controls, rights management, network management, security information management, etc.

BENEFITS OF ATTENDING

As an Attendee
  • Learn a viable methodology for conducting application security assessments and network penetration testing
  • Learn how embedded systems get hacked, and how to make them more resilient.
  • Acquire a valuable skill set: security assessment and testing.
  • Learn from actual practitioners and get hands-on experience, not just slides and theory
For your Employer
  • Broaden employees’ security awareness from I.T. to physical assets.
  • Empower employees to better identify, assess and protect your mission-critical assets.
  • Prepare your employees to defend against new threats that come with IoT adoption.
  • Better understand how adversaries will leverage vulnerabilities in IoT devices to undermine the security of your organization.

ABOUT INDEPENDENT SECURITY EVALUATORS


Independent Security Evaluators (ISE) is an independent security consulting firm headquartered in Baltimore, Maryland dedicated to securing high value assets for global enterprises and performing groundbreaking security research. Using an adversary-centric perspective driven by our elite team of analysts and developers, we improve our clients’ overall security posture, protect digital assets, harden existing technologies, secure infrastructures, and work with development teams to ensure product security prior to deployment.

Follow both ISE (@ISEsecurity) and IoT Village (@IoTvillage) on Twitter for updates on talks, contests, and giveaways.