Securing IoT: From Security to Practical Pentesting on IoT
3.8 (31 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
160 students enrolled

Securing IoT: From Security to Practical Pentesting on IoT

Learn about Systems, Security architecture and perform IoT penetration testing with industry-specific tools
3.8 (31 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
160 students enrolled
Created by Packt Publishing
Last updated 4/2019
English
English [Auto-generated]
Current price: $129.99 Original price: $199.99 Discount: 35% off
19 hours left at this price!
30-Day Money-Back Guarantee
This course includes
  • 5 hours on-demand video
  • 1 downloadable resource
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
Training 5 or more people?

Get your team access to 4,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
What you'll learn
  • Learn current security issues related to the IoT and common security architectures.
  • Identify Threats, Vulnerabilities, and Risks.
  • Incorporating privacy controls into the new IoT systems designs.
  • Discuss privacy regulations and standards that apply to secure IoT systems and keeping stakeholder information private.
  • In-depth exploration of privacy challenges and mitigations for the IoT.
  • Perform Gateway Penetration Testing on VyOS by hacking the gateway and its services.
  • Implement Wireless Penetration Testing on your Google wireless device.
  • Perform Endpoint Penetration Testing on Client Servers and Machines like Amazon echo, tp -link device and software firewalls like Comodo and private eye.
  • Pentest your Android devices with Android Studio.
Requirements
  • Basic pentesting knowledge is necessary for this course.
Description

The Internet of things is the network of physical objects or things embedded with electronics, software, sensors, and network connectivity which enables these objects to collect and exchange data whereas IoT Pentesting is much like taking a battering ram to the door of a fortress. You keep pounding away but try to find a secret backdoor to enter through.

With this practically oriented course, you will first start with deep dive into common IoT components and technologies to protect your systems and devices. Then you will explore some common IoT use cases across Industries for connected vehicles, microgrids and enterprise drone systems, along with this you will also be focusing on threats to IoT systems, attack vectors, current security regulations, and standards and common security architectures. Moving on, you will learn how to perform pentesting on advanced IoT Devices including Amazon Eco, Logitech Cameras, the Google Nexus phone, Vyos Gateways, TP-Link Smart Switches, and firewalls to ensure that the hardware devices and the software are free of any security loopholes.

Contents and Overview

This training program includes 2 complete courses, carefully chosen to give you the most comprehensive training possible.

The first course, Fundamentals of IoT Security will cover fundamental aspects of the Internet of Things, to include a review of use cases across various industries, we will discuss common IoT components and technologies to provide a baseline understanding of the systems and devices that you need to protect. We will also review common security architectures that can be applied to IoT systems, and discusses regulations and standards that apply to secure IoT systems. We will study of IOT components such as the IoT (hardware, real-time operating systems (RTOS), Application Programming Interfaces (APIs), messaging and communication protocols and backend services. We will discuss threats to IoT systems, attack vectors, current security regulations, and standards and common security architectures. We will examine Privacy by Design (PbD) principles and walk through an example Privacy Impact Assessment (PIA). By the end of this course, you will understand the fundamentals of IoT systems and IoT security and be able to identify threats and required mitigations to their own IoT systems.

The second course, Hands-On IoT Penetration Testing begins with the IoT device architecture to help you understand the most common vulnerabilities. You'll explore networks, sniffing out vulnerabilities while also ensuring that the hardware devices and the software running on them are free of any security loopholes. Moving on, you will learn how to perform pentesting on advanced IoT Devices including Amazon Eco, Logitech Cameras, the Google Nexus phone, Vyos Gateways, TP-Link Smart Switches, and firewalls. By the end of the course, you will be able to create IoT pentesting reports. After completion of the course, you will be able to penetrate even the most densely populated IoT networks.

About the Authors:

  • Brian Russell is a chief engineer focused on cybersecurity solutions for Leidos. He oversees the design and development of security solutions and the implementation of privacy and trust controls for customers, with a focus on securing the Internet of Things (IoT). Brian leads efforts that include security engineering for Unmanned Aircraft Systems (UAS) and connected vehicles and development security systems, including high assurance cryptographic key management systems. He has 16 years of information security experience. He serves as chair of the Cloud Security Alliance (CSA) Internet of Things (IoT) Working Group, and as a member of the Federal Communications Commission (FCC) Technological Advisory Council (TAC) Cybersecurity Working Group. Brian also volunteers in support of the Center for Internet Security (CIS) 20 Critical Security Controls Editorial Panel and the Securing Smart Cities (SSC) Initiative


  • Sunil Gupta is a certified ethical hacker. Currently, he teaches 45,000+ students online in 150+ countries. He is a specialist in ethical hacking and cybersecurity.

    His strengths lie in vulnerability assessment, penetration testing, intrusion detection, risk identification, data analysis, reporting, and briefing.

Who this course is for:
  • This course is for IoT product managers, software and systems engineering managers, IT security professionals, IoT developers, pentesters, and security professionals who are willing to learn the unique characteristics and challenges of IoT system security.
Course content
Expand all 53 lectures 04:57:19
+ Fundamentals of IoT Security
22 lectures 02:25:16

This video will give you an overview about the course.

Preview 01:18

The aim of this video is to study about connected and self-driving vehicles.

  • Explore the types of connected vehicles

  • Learn about threats to the connected vehicles

  • Learn what is Security Credential Management System

Case Study: Connected and Self-driving Vehicles
08:59

This video is a case study on Microgrids.

  • Get to know what a Microgrid is

  • Explore the Rise of Cyber Physical Systems

  • Get an understanding on security threats to CPS

Case Study: Microgrids
04:38

This video is a case study of Smart City Drone Systems.

  • Study about Drone system challenges

  • Learn about the threats to drone systems

  • Get a brief understanding of drone system Operational Security Goals

Case Study: Smart City Drone Systems
06:33

The aim of this video is to study about IoT connected components.

  • Learn about the IoT technology stack

  • Make the use of cryptographic hardware

  • Learn about RTOS

IoT Hardware and Software
07:57

The aim of this video is to learn about IoT communication and messaging protocols.

  • Know more about Wireless Sensor Networks

  • Study the various communication protocols

  • Explore Bluetooth communication

IoT Communication and Messaging Protocols
07:32

The aim of this video is to learn about various IoT interfaces and services.

  • Learn the Fog Reference Architecture

  • Study AWS and Azure Cloud Services in brief

IoT Interfaces and Services
07:17

The aim of this video is to discuss in deep about threats, vulnerabilities, and risks.

  • Learn about the pillars of Information Assurance

  • Study about the various threat actors

Preview 06:20

The aim of this video is to study about the Mirai Botnet attack.

  • Learn about the Mirai Botnets attack on Dyn

  • Study about DDoS attack

  • Study about how the Botnet devices are compromised

Case Study: The Mirai Botnet Opens up Pandora's Box
06:59

The aim of this video is to study about various IoT attack vectors.

  • Study about the attack on Lockstate

  • Study about OWSAP testing guidelines

  • Study about various ways your devices can be protected

Today's Attack Vectors
11:33

The aim of this video is to study about the current state of IoT security regulations.

  • Study about the primary focus of Legislation to secure IoT devices

  • Study about the Cybersecurity requirements given by the European Commission

  • Study about the FDA Postmarket CyberSecurity Guidance

Current IoT Security Regulations
05:54

The aim of this video is to learn about the current state of IoT privacy regulations.

  • Study about the EU Article 29 Data Protection Working Party Opinion on the IoT

  • Study about GDPR, privacy and the IoT

  • Study about European ePrivacy Regulation

Current IoT Privacy Regulations
06:37

The aim of this video is to study the concept of IoT Security Architecture.

  • Study about the various components of Security Architecture

  • Study about the IoT Enterprise System

  • Study the concepts of IoT Security Architecture

An Introduction to IoT Security Architectures
07:39

The aim of this video is to study the concept of threat modeling.

  • Study about what is threat modeling

  • Learn about the threat modeling process

  • Define the various threat actors

What is Threat Modeling
07:19

The aim of this video is to identify the various assets that could be included in our smart parking garage system.

  • Study about information assets

  • Study about the asset table

Identifying Assets
03:28

The aim of this video is to study the various technologies used in creating a system architecture.

  • Study about the system architecture

  • Study about Smart Parking System

  • Learn about the parking system process

Creating a System Architecture
04:29

The aim of this video is to study how to document threats to your IoT system.

  • Study the different types of threats

  • Learn about examining threats

  • Learn about documenting threats

Documenting Threats
05:16

The aim of this video is to study how to rate threats.

  • Learn how to examine and assign score to a threat

  • Rate the smart parking threats

  • Take actions based on the types of threats

Rating Threats
05:01

The aim of this video is to examine privacy challenges associated with the IoT.

  • Study the various types of privacy concerns

  • The need for anonymity

  • Study about the DIJ drones

IoT Privacy Concerns
11:08

The aim of this video is to study about ways to embed privacy into the design.

  • Study about the various privacy by Design Principles

  • Analyze privacy impacts

  • Study how to verify your IoT privacy objectives

Privacy by Design (PbD)
05:42

The aim of this video is to study the various activities that should be undertaken when conducting a privacy impact.

  • Study the Privacy Impact Assessment Process

  • Study about map PII elements to security controls

  • Study the various Data Retention Policies

Conducting a Privacy Impact Assessment (PIA)
07:43

The aim of this video is to study about the real world example of Connected Barbie.

  • Study about the various privacy considerations with connected products

  • Classification of collected information

  • Study the use of collected information

Case Study: The Connected Barbie
05:54
Test Your Knowledge
5 questions
+ Hands-On IoT Penetration Testing
31 lectures 02:32:03

This video provides an overview of the entire course.

Preview 01:51

Info about IoT architecture.

  • About IoT devices

  • Architecture components

  • Explanation about architecture

Architecture of IoT
02:31

Info about the IoT pentesting process.

  • About IoT pentesting process

  • Attack surfaces listing

  • Explanation about attack surfaces

IoT Pentesting Overview
02:04

IoT course guidance.

  • Basic course information

  • Course guidance

  • Summary

How to Get the Most out of This Course?
01:21

Explore the installation process of VM.

  • Learn about virtual machines

  • Download a virtual machine

  • Installation of a virtual machine

Preview 04:38

In this video, you will download the OSes.

  • About operating systems

  • Download Windows

  • Download Kali Linux

Download Windows and Kali Linux
06:42

This video will explore the installation of OSes.

  • About the installation process in a virtual machine

  • Windows installation

  • Kali Linux installation

Installation of Kali Linux and Windows in VMware Workstation
04:37

In this video, you will install Logitech camera.

  • Explore Logitech camera

  • Learn about the camera setup

  • Installation of the network

Set Up a Logitech Camera in the Network
01:15

This video will explore system pentesting.

  • About the pentesting process

  • Attack the victim machine

  • Get access to the victim machine

System Pentesting Using Kali Linux
11:05

In this video, you will take access of a Logitech camera.

  • List of cameras in meterpreter

  • Select Logitech camera

  • Take access

Take Access of the Camera
04:07

This video will help you take pictures and videos from camera.

  • Take a picture using camera

  • Record videos

  • Take live camera recording

Take Pictures and Record Videos
06:34

In this video, you will learn about the setup of VyOS gateway.

  • About the VyOS framework

  • Download VyOS

  • VyOS installation

Set Up VyOS Brand Gateway in the Network
04:58

This video will help you set up login credentials.

  • About services

  • Set up an IP address

  • Start services

Set Up Login Credentials of VyOS
05:58

In this video, you will learn about pentesting router services.

  • Start a service

  • Set up login credentials

  • Save settings in VyOS

Pentest Services in the Router
03:08

This video will help you perform brute-force attack.

  • Set up a service

  • Perform a brute-force attack using the Hydra tool

  • Perform a brute-force attack using the Medusa tool

Take Access of Gateway Completely
08:12

In this video, you will set up Google wireless.

  • About Google wireless point

  • Set up external adapter

  • Connect with wireless access point

Set Up a Google IoT Device
05:15

This video will help you learn about wireless tools.

  • Connect wireless adapter

  • About Fern Wifi cracker tool

  • About Wifite tool

Hack Wireless Using Kali Linux
07:16

In this video, you will explore wireless pentesting.

  • About wireless pentesting

  • Attack on wireless using Fern

  • Get access to network

Get Access to the Network
08:02

In this video, you will learn about the process to attack on other IoT devices.

  • About network and devices

  • Process to attack on various IoT devices

  • Explanation about hacking other IoT devices in the network

Hack Other IoT Devices in the Network
01:42

This video will help you learn about attack on Amazon Echo.

  • About Amazon Echo

  • Amazon Echo – Malware attack

  • Amazon Echo – MITM attack

Amazon Echo Pentesting
03:58

This video will help you learn about attack on TP-Link Smart Switch.

  • About TP-Link Smart Switch

  • Smart Switch – Sniffing attack

  • Smart Switch – Data decryption attack

TP-Link Smart Switch Pentesting
02:52

This video will help you Window systems using comodo firewall.

  • About comodo firewall

  • Installation of comodo firewall

  • System scan using comodo firewall

Comodo Firewall Pentesting
04:06

This video will help you scan Mac systems using Private Eye Firewall.

  • About Private Eye Firewall

  • Installation of Firewall

  • System scan process

Private Eye Firewall Pentesting
02:15

In this video, you will explore Android Studio installation.

  • About Android Studio

  • Download Android Studio

  • Android Studio installation

Download and Installation of Android Studio
06:36

In this video, you will explore the setup of Google Nexus phone.

  • About Google Nexus phone

  • Set up Google Nexus in Android Studio

  • Start Android phone

Set Up Google Nexus Android Phone
04:58

This video will help you Install APK in Android phone.

  • About Android APK file

  • Download APK file

  • Installation of APK

Installation of Android APK File
05:56

This video will help you learn how to attack a Google Nexus Android device.

  • Drozer installation

  • Insert Injection queries

  • Get access to Android device

Hack Android Phone and Get Login Credentials
11:57

The process of report writing.

  • About report writing

  • Explanation of the process

IoT Pentesting Report Overview
03:19

The report generation process of MagicTree.

  • About the MagicTree tool

  • Scanning using MagicTree

  • Report generation

Report Generation Using the MagicTree Tool
06:29

The report generation process of Metagoofil.

  • About the Metagoofil tool

  • Metagoofil tool installation process

  • Report generation process

Report Generation Using the Metagoofil Tool
05:28

Summarize a report.

  • List report generation points

  • Explanation of points

  • Summary

Summary of IoT Pentesting Report
02:53
Test Your Knowledge
5 questions