# SANS SEC556: IoT Penetration Testing - Syllabus [Download PDF](https://www.sans.org/brochure/course/iot-penetration-testing/3735) # Overview This course section introduces the overall problem with IoT security and examines how testing can address the problem in largely generic terms, given the multitude of IoT implementations. The first technical concepts include network recon and attacks as well as key web application issues often found with IoT devices, such as authentication bypass, RFI, and command injection. Additionally, we will examine API requests from mobile apps to back-end services and the devices themselves, then use the tools testers need to inspect and exploit network and web-based IoT. Exercises * Lab 1.1: Wireshark filters and PCAP inspection * Lab 1.2: Nmap scan of an IoT device and exploitation with Metasploit * Lab 1.3, Part 1: Burp Suite interception on IoT web portal for exposed secrets * Lab 1.3, Part 2: Using Postman to send password data to an IoT API * Lab 1.4, Part 1: Exploiting an IoT portal for consumer-grade devices * Lab 1.4, Part 2: Injecting commands into vulnerable IoT web services Topics * Course introduction * Course methodology for testing IoT: Modified IoTA * Tooling for IoTA: Introducing hardware tools * Network discovery and recon * Active network discovery * Network exploitation for IoT * Web services in IoT * Web and API recon and discovery * Tools for web services * Web service attack types and exploitation * Overview This section will introduce key concepts to perform recon against various hardware devices for destructive and semi-destructive testing for hardware, as well as hardware identification, communication, and exploitation using various hardware tools. We will also examine ways to recover device operating systems (firmware) and analyze them to recover stored secrets and various implementation flaws. Exercises * Lab 2.1: Obtaining and analyzing Specification Sheets * Lab 2.2: Sniffing serial and SPI * Lab 2.3: Recovering firmware from PCAP * Lab 2.4: Recovering filesystems with binwalk * Lab 2.5: Pillaging the filesystem Topics * Background and importance of IoT hardware * Opening the device * Examining and identifying components * Discovering and identifying ports * A soldering primer * Sniffing, interaction, and exploitation of hardware ports: Serial, SPI, JTAG * Recovering firmware * Firmware analysis * Pillaging the firmware Overview This course section focuses on the more popular and developing, documented, and standardized wireless technologies often found in IoT technology. The concepts introduced include capturing traffic, gaining access to networks and encrypted data, and interacting with and compromising IoT devices and their functions. The section will introduce the concepts to analyze and exploit non-standard and proprietary RF communications often found in IoT devices Exercises * Lab 3.1: WiFi PSK cracking * Lab 3.2: BLE device interaction * Lab 3.3: Zigbee traffic capture * Lab 3.4: Conducting a replay transmission attack on IoT Topics * Wi-Fi * Bluetooth Low Energy * Zigbee * LoRA * SDR