About the Seminar
This hands-on session goes through the basics of pentesting via a concrete case study, namely a custom made IoT ecosystem consisting of an embedded device running on Linux that is communicating with an Android app. Both static and dynamic analysis tools as well as manual testing are applied to discover vulnerabilities in IoT ecosystems. Moreover, the tutorial provides pointers to prevent common vulnerabilities, and introduces a number of feasible tools to support the pentesting process. The core goal consists of giving a sneak peak into hacker/pentester tools and strategies, and convince the reader about the importance of embracing security when developing novel IoT ecosystems.
Key Topics
- Introduction to IoT and its Security Challenges
- Planning & Reconnaissance
- Vulnerability identification
- Exploiting the device
- Exploiting the ecosystem
- Reflection
Target audience
This seminar is ideal for developpers, researchers, and enthusiasts interested in IoT development. Whether you're an IoT developer, or simply curious about the security challenges posed by IoT, this seminar will provide valuable insights and knowledge.
Contact
Contact for technical questions victor.goeman@kuleuven.be and dairo.deruck@kuleuven.be, and for more information about the seminar, please contact jorn.lapon@kuleuven.be.
Feel free to use the open source resources to follow the Walkthrough yourself.
Interested to learn more about this Seminar?
The seminar and the thought process behind the development of this seminar was published in the ARES ETACS 2023 conference (Paper). For more infomation about the design decisions behind the seminar, you can read the paper.
The project is open source
Cite this work
@inproceedings{10.1145/3600160.3604986,
author = {Goeman, Victor and de Ruck, Dairo and Bohé, Ilse and Lapon, Jorn and Naessens, Vincent},
title = {IoT Security Seminar: Raising Awareness and Sharing Critical Knowledge},
year = {2023},
isbn = {9798400707728},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3600160.3604986},
doi = {10.1145/3600160.3604986},
booktitle = {Proceedings of the 18th International Conference on Availability, Reliability and Security},
articleno = {62},
numpages = {8},
keywords = {Awareness, Education, Cybersecurity, IoT},
location = {Benevento, Italy},
series = {ARES '23}
}
Authors
This work was developed by Victor Goeman, Dairo de Ruck, Ilse Bohé, Jorn Lapon and Vincent Naessens from Distrinet@Ghent
Download the images
Download the ova images from this google drive: for the DVD, for the Kali machine (optional)
* See PDF Setup.pdf for the installation of the Damn Vulnerable Device (and the Kali machine).