SlideShare uma empresa Scribd logo

Hacking IoT with EXPLIoT Framework

Priyanka Aash
Priyanka Aash

"This workshop is for pentesters, security researchers or someone looking to get into IoT security but is reluctant due to the wide range of technologies involved and plethora of different tools. While it does require a considerable amount of knowledge in the domain, it is not as difficult as you may think. In this workshop we will introduce you to some of the important concepts and EXPLIoT framework in a very simple way that can be used for the various IoT attack vectors. The primary focus of this workshop is to introduce the attendees to the open source IoT Security Testing and Exploitation Framework - EXPLIoT (https://gitlab.com/expliot_framework/expliot) and enable them to use as well as extend it by writing plugins for new IoT based exploits and analysis test cases. It’s a flexible and extendable framework that would help the security community in writing quick IoT test cases and exploits. The objectives of the framework are: 1. Easy to use 2. Extendable 3. Support for hardware, radio and IoT protocol analysis EXPLIoT currently supports the following protocols which can be utilized for writing new plugins/exploits: 1. Radio – BLE , Zigbee 2. Network – MQTT, CoAP, DICOM, MODBUS, MDNS, NMAP, TCP, UDP 3. Hardware – CAN, SPI, I2C, UART, JTAG This talk would give attendees a first-hand view of the functionality, how to use it and how to write plugins to extend the framework."

Tecnologia
1 de 57
Baixar para ler offline
Best Of The World In Security Conference Best Of The World In Security 12-13 November 2020 Hacking IoT with EXPLIoT Framework Asmita Payatu, India IoT Security Consultant @aj_0x00
Best Of The World In Security Conference • IoT Security Consultant at Payatu, India - Embedded Hardware Security - Firmware Reverse Engineering • Trainer/Speaker - Checkpoint CPX360, Nullcon, IDCSS, Hackaday Remoticon Infosec meetups • Email - asmita@payatu.com • Twitter - aj_0x00 About Me
Best Of The World In Security Conference • IoT Attack Surface • EXPLIoT Framework - Architecture, - Executing plugins, - Extending the framework by writing your own plugins • MQTT - Protocol, - Security issues, - Hands-on with plugins, - Write a custom Plugin • Plugin Demos - BLE plugins Demo, - Zigbee Demo - I2C Plugins Demo Agenda
Best Of The World In Security Conference IoT Attack Surface
Best Of The World In Security Conference • Hardware debug ports • Storage • Bus Communication • Encryption • Authentication • Sensor interfaces • Hardware interfaces IoT Attack Surface Device Hardware
Best Of The World In Security Conference • Hardware debug ports • Storage • Bus Communication • Encryption • Authentication • Sensor interfaces • Hardware interfaces IoT Attack Surface Device Hardware
Best Of The World In Security Conference • Authentication • Encryption • Protocol vulnerabilities • Custom IoT protocols • Radio communication and protocols IoT Attack Surface Communication
Best Of The World In Security Conference • Storage • Communication • Authentication • APIs • Encryption • Generic web/cloud vulnerabilities IoT Attack Surface Cloud
Best Of The World In Security Conference • Storage • Communication • Authentication • Hardcoding • Encryption • Generic application vulnerabilities IoT Attack Surface User application
Best Of The World In Security Conference • Open source IoT Security Testing and Exploitation Framework - EXPLIoT • Framework for security testing IoT and IoT infrastructure • Provides a set of plugins (test cases) and extendable • It is developed in python3 • Support for hardware, radio and IoT protocol analysis • Easy to use • Source : https://gitlab.com/expliot_framework/expliot • Documentation - https://expliot.readthedocs.io/en/latest/ EXPLIoT Framework
Best Of The World In Security Conference EXPLIoT Framework - Architecture Source : https://expliot.readthedocs.io/en/latest/development/architecture.html
Best Of The World In Security Conference • Bluetooth LE • CAN • CoAP • Crypto • DICOM • I2C • mDNS • Modbus Currently Supported Plugins • MQTT • nmap • SPI • TCP • UART • UDP • UPNP • Zigbee
Best Of The World In Security Conference • Install EXPLIoT framework • Choose the execution mode - command line mode - Interactive mode Executing Plugins Source : https://expliot.readthedocs.io/en/latest/installation/intro.html https://expliot.readthedocs.io/en/latest/usage/intro.html
Best Of The World In Security Conference Executing Plugins - Command line mode Source : https://expliot.readthedocs.io/en/latest/usage/command-line-mode.html#command-line- mode
Best Of The World In Security Conference Executing Plugins - Command line mode Source : https://expliot.readthedocs.io/en/latest/usage/command-line-mode.html#command-line- mode
Best Of The World In Security Conference Executing Plugins - Command line mode Source : https://expliot.readthedocs.io/en/latest/usage/command-line-mode.html#command-line- mode Plugin name arguments
Best Of The World In Security Conference Executing Plugins - Interactive mode Source : https://expliot.readthedocs.io/en/latest/usage/interactive-mode.html
Best Of The World In Security Conference Executing Plugins - Interactive mode Source : https://expliot.readthedocs.io/en/latest/usage/interactive-mode.html
Best Of The World In Security Conference Executing Plugins - Interactive mode Source : https://expliot.readthedocs.io/en/latest/usage/interactive-mode.html
Best Of The World In Security Conference Executing Plugins - Interactive mode Source : https://expliot.readthedocs.io/en/latest/usage/interactive-mode.html Plugin name arguments
Best Of The World In Security Conference Executing Plugins Detailed Videos : https://www.youtube.com/playlist?list=PLpCYsToyPxH-tGseJ3C4Gk0pCNZ-0pl6w
Best Of The World In Security Conference • Setup the development environment * Don’t miss pre-requirements setup Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/setup.html
Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework Setup.py
Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework Setup.py
Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework Setup.py docs
Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework Setup.py docs expliot
Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework expliot
Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework expliot -> core
Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework expliot /core
Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework expliot -> plugins
Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework expliot /plugins
Best Of The World In Security Conference • Message Queuing Telemetry Transport • Lightweight Messaging protocol • Publish / Subscribe mechanism • Message Broker • TCP Port - 1883 (Plain text) & 8883 (TLS) • Mqtt.org • An ISO Standard - ISO/IEC 20922 http://www.iso.org/iso/catalogue_detail.htm?csnumber=69466 • MQTT 5.0 Spec - https://docs.oasis-open.org/mqtt/mqtt/v5.0/mqtt- v5.0.html MQTT Introduction
Best Of The World In Security Conference • Topics Label for grouping of Application messages, matched against subscriptions to forward the messages. Ex: foo/bar • Topic filters An expression indicating one or more topic names in a Subscription. Use of wild cards. Ex: foo, foo/# • Publish messages under specific topics Publish(topic, message) • Subscribe/Unsubscribe to/from Topic filters MQTT Introduction Source: https://payatu.com/blog/aseem/iot-security---part-10-introduction-to-mqtt-protocol-and-security
Best Of The World In Security Conference MQTT Introduction • Multilevel wildcard - ‘#’ • Singlelevel wildcard – ‘+’ • Topic names beginning with ‘$’ character are used for implementation internal purposes
Best Of The World In Security Conference Node 1, 2, 3 subscribed to different topic filters MQTT Introduction Source: https://payatu.com/blog/aseem/iot-security---part-10-introduction-to-mqtt-protocol-and-security
Best Of The World In Security Conference Node 4 publishes “Hello” on topic ‘a’ MQTT Introduction Source: https://payatu.com/blog/aseem/iot-security---part-10-introduction-to-mqtt-protocol-and-security
Best Of The World In Security Conference Node 2 & 3 receives the published msg but not node one, why? MQTT Introduction Source: https://payatu.com/blog/aseem/iot-security---part-10-introduction-to-mqtt-protocol-and-security
Best Of The World In Security Conference MQTT Introduction Quality of service (QoS) • QoS Levels • QoS 0 – At most once delivery • QoS 1 – At least once delivery • QoS 2 – Exactly once delivery • Messages are delivered based on the defined QoS Level
Best Of The World In Security Conference MQTT Protocol Packet Structure
Best Of The World In Security Conference MQTT Protocol Source: https://payatu.com/blog/aseem/iot-security---part-10-introduction-to-mqtt-protocol-and-security 16 control packets in v5.0
Best Of The World In Security Conference MQTT Security Issues - Attack Possibilities Source: https://payatu.com/blog/aseem/iot-security---part-10-introduction-to-mqtt-protocol-and-security • Fetching unencrypted sensitive data from sniffed packets • DoS attack via duplicating client ID • Insecure/weak authentication : use of client ID or default/guessable credentials • Grab system level messages $SYS/# • Cloning the client • Attacking and manipulating the devices via malicious input
Best Of The World In Security Conference MQTT Plugin • mqtt.generic.crackauth • mqtt.generic.pub • mqtt.generic.sub • mqtt.aws.pub • mqtt.aws.sub
Best Of The World In Security Conference mqttpub Plugin Implementation Source: https://gitlab.com/expliot_framework/expliot https://expliot.readthedocs.io/en/latest/tests/mqtt.html
Best Of The World In Security Conference mqttpub Plugin Implementation Source: https://gitlab.com/expliot_framework/expliot https://expliot.readthedocs.io/en/latest/tests/mqtt.html
Best Of The World In Security Conference mqttpub Plugin Implementation Source: https://gitlab.com/expliot_framework/expliot https://expliot.readthedocs.io/en/latest/tests/mqtt.html Class name MqttPub same as plugin file name mqttpub.py Output format place Initialization Argument parser
Best Of The World In Security Conference mqttpub Plugin Implementation Source: https://gitlab.com/expliot_framework/expliot https://expliot.readthedocs.io/en/latest/tests/mqtt.html Main logic of plugin Exception Handeling
Best Of The World In Security Conference MQTT hands-on labs using plugins Lab 1 : Subscribe and Publish using expliot • Objective – Subscribe to a Topic filter and Publish messages to the same • Steps : - Open Terminal and Run expliot - $ expliot - Inside expliot framework run “ run mqtt,generic.sub -h” for help menu - Again open expliot framework in another terminal - Terminal 1: Subscribe to any topic using “run mqtt.generic.sub -r localhost -t test” - Terminal 2: Publish a message to the topic using “ run mqtt.generic.pub -r localhost -t test -m hello “ - Subscription terminal now received your message which has been published - You will see messages from everyone publishing on the topic test if they are in the same network
Best Of The World In Security Conference MQTT hands-on labs using plugins Lab 2 : Read system level messages • Objective – Read system level messages instead of Application messages and be able to gather any interesting information about the broker. • Hint – Subscribe to the right Topic ;) • Steps : - Use EXPLIoT framework and subscribe to interesting SYS topics - Command: run mqt.generic.sub -r localhost -t “$SYS/#”
Best Of The World In Security Conference MQTT hands-on labs using plugins Lab 3 : MQTT Client DoS • Objective – To kill a legitimate MQTT connection using the same client ID • Steps : - Run expliot framework in two terminal: - Terminal 1: Subscribe to any topic with a unique client id using “run mqtt.generic.sub -r localhost -t foobar -i testfoobar “ - Terminal 2: Send a message with same client id to any topic using “run mqtt.generic.pub -r localhost -t test -i testfoobar -m hello” - Now you can notice that the client which was subscribing to the broker gets disconnected because of the publish message with the same client id - You can use this to DoS a MQTT server and a client and connect to it and send malicious data.
Best Of The World In Security Conference Write a custom plugin – Hands-on • Hands-on writing with any custom plugin for the framework • Before get started, do the set up as : https://expliot.readthedocs.io/en/latest/development/setup.html • For reference of new-plugin setup – https://expliot.readthedocs.io/en/latest/development/new-plugin.html • Coding style & Documentation Link – https://expliot.readthedocs.io/en/latest/development/intro.html https://expliot.readthedocs.io/en/latest/development/documentation.html So, it’s time to write your own plugin 
Best Of The World In Security Conference Plugins Demos Demo 1 : I2C Plugin • Objective – Dump the data from memory using protocol adapter Plugin : run i2c.generic.readeeprom Source : https://expliot.readthedocs.io/en/latest/tests/i2c.html
Best Of The World In Security Conference Plugins Demos Demo 1 : I2C Plugin • Objective – Dump the data from memory using protocol adapter Time for Demo 
Best Of The World In Security Conference Plugins Demos Demo 2 : Zigbee Plugin • ZigBee Network Scan - zbauditor.generic.nwkscan • ZigBee Packet Sniffer - zbauditor.generic.sniffer • ZigBee Packet Replay - zbauditor.generic.replay Source : https://expliot.readthedocs.io/en/latest/tests/zbauditor.html
Best Of The World In Security Conference Plugins Demos Demo 2 : Zigbee Plugin • ZigBee Network Scan - zbauditor.generic.nwkscan • ZigBee Packet Sniffer - zbauditor.generic.sniffer • ZigBee Packet Replay - zbauditor.generic.replay Source : https://expliot.readthedocs.io/en/latest/tests/zbauditor.html Time for Demo 
Best Of The World In Security Conference Plugins Demos Demo 3 : BLE Plugin • Scan - ble.generic.scan • Enumerate - ble.generic.enum • Write - ble.generic.writechar • Fuzz - ble.generic.fuzzchar Source : https://expliot.readthedocs.io/en/latest/tests/bluetooth.html
Best Of The World In Security Conference Plugins Demos Demo 3 : BLE Plugin • Scan - ble.generic.scan • Enumerate - ble.generic.enum • Write - ble.generic.writechar • Fuzz - ble.generic.fuzzchar Source : https://expliot.readthedocs.io/en/latest/tests/bluetooth.html Time for Demo 
Best Of The World In Security Conference Thank You - Questions? Asmita Payatu, India IoT Security Consultant @aj_0x00 asmita@payatu.com

Recomendados

Introduction to Vault
Introduction to VaultIntroduction to Vault
Introduction to VaultKnoldus Inc.
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of ThingsBryan Len
 
이더리움 스마트계약 보안지침 가이드 2. 솔리디티 권고안
이더리움 스마트계약 보안지침 가이드 2. 솔리디티 권고안이더리움 스마트계약 보안지침 가이드 2. 솔리디티 권고안
이더리움 스마트계약 보안지침 가이드 2. 솔리디티 권고안상욱 송
 
The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoTFIDO Alliance
 
HashiCorp Vault configuration as code via HashiCorp Terraform- stories from t...
HashiCorp Vault configuration as code via HashiCorp Terraform- stories from t...HashiCorp Vault configuration as code via HashiCorp Terraform- stories from t...
HashiCorp Vault configuration as code via HashiCorp Terraform- stories from t...Andrey Devyatkin
 
Firewalls, SIP Servers and SBC - What's the Differences?
Firewalls, SIP Servers and SBC - What's the Differences?Firewalls, SIP Servers and SBC - What's the Differences?
Firewalls, SIP Servers and SBC - What's the Differences?Alan Percy
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultJeff Horwitz
 
MTLS - Securing Microservice Architecture with Mutual TLS Authentication
MTLS - Securing Microservice Architecture with Mutual TLS AuthenticationMTLS - Securing Microservice Architecture with Mutual TLS Authentication
MTLS - Securing Microservice Architecture with Mutual TLS AuthenticationLaurentiu Meirosu
 

Recomendados

Introduction to Vault
Introduction to VaultIntroduction to Vault
Introduction to VaultKnoldus Inc.
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of ThingsBryan Len
 
이더리움 스마트계약 보안지침 가이드 2. 솔리디티 권고안
이더리움 스마트계약 보안지침 가이드 2. 솔리디티 권고안이더리움 스마트계약 보안지침 가이드 2. 솔리디티 권고안
이더리움 스마트계약 보안지침 가이드 2. 솔리디티 권고안상욱 송
 
The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoTFIDO Alliance
 
HashiCorp Vault configuration as code via HashiCorp Terraform- stories from t...
HashiCorp Vault configuration as code via HashiCorp Terraform- stories from t...HashiCorp Vault configuration as code via HashiCorp Terraform- stories from t...
HashiCorp Vault configuration as code via HashiCorp Terraform- stories from t...Andrey Devyatkin
 
Firewalls, SIP Servers and SBC - What's the Differences?
Firewalls, SIP Servers and SBC - What's the Differences?Firewalls, SIP Servers and SBC - What's the Differences?
Firewalls, SIP Servers and SBC - What's the Differences?Alan Percy
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultJeff Horwitz
 
MTLS - Securing Microservice Architecture with Mutual TLS Authentication
MTLS - Securing Microservice Architecture with Mutual TLS AuthenticationMTLS - Securing Microservice Architecture with Mutual TLS Authentication
MTLS - Securing Microservice Architecture with Mutual TLS AuthenticationLaurentiu Meirosu
 
IoT Landscape and its Key Trends in Deployment
IoT Landscape and its Key Trends in DeploymentIoT Landscape and its Key Trends in Deployment
IoT Landscape and its Key Trends in DeploymentVincent Lau
 
Container security
Container securityContainer security
Container securityAnthony Chow
 
AWS IoT Webinar
AWS IoT WebinarAWS IoT Webinar
AWS IoT WebinarAmazon Web Services
 
DevSecOps: Key Controls for Modern Security Success
DevSecOps: Key Controls for Modern Security SuccessDevSecOps: Key Controls for Modern Security Success
DevSecOps: Key Controls for Modern Security SuccessPuma Security, LLC
 
ESP8266 and IOT
ESP8266 and IOTESP8266 and IOT
ESP8266 and IOTdega1999
 
Decentalized Crowdfunding with Blockchain Technology
Decentalized Crowdfunding with Blockchain TechnologyDecentalized Crowdfunding with Blockchain Technology
Decentalized Crowdfunding with Blockchain TechnologyBlockchainHub Graz
 
Hyperledger Fabric and Tools
Hyperledger Fabric and ToolsHyperledger Fabric and Tools
Hyperledger Fabric and ToolsRihusoft
 
Intelligent IoT Projects In 7 Days
Intelligent IoT Projects In 7 Days Intelligent IoT Projects In 7 Days
Intelligent IoT Projects In 7 Days Skyline Technologies
 
Apigee Edge: Intro to Microgateway
Apigee Edge: Intro to MicrogatewayApigee Edge: Intro to Microgateway
Apigee Edge: Intro to MicrogatewayApigee | Google Cloud
 
Containerization
ContainerizationContainerization
ContainerizationGowtham Ventrapati
 
Risk Management using ITSG-33
Risk Management using ITSG-33Risk Management using ITSG-33
Risk Management using ITSG-33CTE Solutions Inc.
 
End-to-End CI/CD at scale with Infrastructure-as-Code on AWS
End-to-End CI/CD at scale with Infrastructure-as-Code on AWSEnd-to-End CI/CD at scale with Infrastructure-as-Code on AWS
End-to-End CI/CD at scale with Infrastructure-as-Code on AWSBhuvaneswari Subramani
 
Understanding MicroSERVICE Architecture with Java & Spring Boot
Understanding MicroSERVICE Architecture with Java & Spring BootUnderstanding MicroSERVICE Architecture with Java & Spring Boot
Understanding MicroSERVICE Architecture with Java & Spring BootKashif Ali Siddiqui
 
IoT and Energy
IoT and EnergyIoT and Energy
IoT and EnergyTom Raftery
 
Introduction to AWS WAF and AWS Firewall Manager
Introduction to AWS WAF and AWS Firewall ManagerIntroduction to AWS WAF and AWS Firewall Manager
Introduction to AWS WAF and AWS Firewall ManagerAkesh Patil
 
IoT Security Risks and Challenges
IoT Security Risks and ChallengesIoT Security Risks and Challenges
IoT Security Risks and ChallengesOWASP Delhi
 
Everything Blockchain Presentation - Feb 2022
Everything Blockchain Presentation - Feb 2022Everything Blockchain Presentation - Feb 2022
Everything Blockchain Presentation - Feb 2022RedChip Companies, Inc.
 
Liferay as a Microservice Platform
Liferay as a Microservice PlatformLiferay as a Microservice Platform
Liferay as a Microservice PlatformDaniel Reuther
 
Internet of things using Raspberry Pi
Internet of things using Raspberry PiInternet of things using Raspberry Pi
Internet of things using Raspberry PiYash Gajera
 
Blockchain Applications In Supply Chain, Cybersecurity, Voting, Insurance, Re...
Blockchain Applications In Supply Chain, Cybersecurity, Voting, Insurance, Re...Blockchain Applications In Supply Chain, Cybersecurity, Voting, Insurance, Re...
Blockchain Applications In Supply Chain, Cybersecurity, Voting, Insurance, Re...Simplilearn
 
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE
 
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...ITCamp
 

Mais conteúdo relacionado

Mais procurados

IoT Landscape and its Key Trends in Deployment
IoT Landscape and its Key Trends in DeploymentIoT Landscape and its Key Trends in Deployment
IoT Landscape and its Key Trends in DeploymentVincent Lau
 
Container security
Container securityContainer security
Container securityAnthony Chow
 
DevSecOps: Key Controls for Modern Security Success
DevSecOps: Key Controls for Modern Security SuccessDevSecOps: Key Controls for Modern Security Success
DevSecOps: Key Controls for Modern Security SuccessPuma Security, LLC
 
ESP8266 and IOT
ESP8266 and IOTESP8266 and IOT
ESP8266 and IOTdega1999
 
Decentalized Crowdfunding with Blockchain Technology
Decentalized Crowdfunding with Blockchain TechnologyDecentalized Crowdfunding with Blockchain Technology
Decentalized Crowdfunding with Blockchain TechnologyBlockchainHub Graz
 
Hyperledger Fabric and Tools
Hyperledger Fabric and ToolsHyperledger Fabric and Tools
Hyperledger Fabric and ToolsRihusoft
 
End-to-End CI/CD at scale with Infrastructure-as-Code on AWS
End-to-End CI/CD at scale with Infrastructure-as-Code on AWSEnd-to-End CI/CD at scale with Infrastructure-as-Code on AWS
End-to-End CI/CD at scale with Infrastructure-as-Code on AWSBhuvaneswari Subramani
 
Understanding MicroSERVICE Architecture with Java & Spring Boot
Understanding MicroSERVICE Architecture with Java & Spring BootUnderstanding MicroSERVICE Architecture with Java & Spring Boot
Understanding MicroSERVICE Architecture with Java & Spring BootKashif Ali Siddiqui
 
Introduction to AWS WAF and AWS Firewall Manager
Introduction to AWS WAF and AWS Firewall ManagerIntroduction to AWS WAF and AWS Firewall Manager
Introduction to AWS WAF and AWS Firewall ManagerAkesh Patil
 
IoT Security Risks and Challenges
IoT Security Risks and ChallengesIoT Security Risks and Challenges
IoT Security Risks and ChallengesOWASP Delhi
 
Everything Blockchain Presentation - Feb 2022
Everything Blockchain Presentation - Feb 2022Everything Blockchain Presentation - Feb 2022
Everything Blockchain Presentation - Feb 2022RedChip Companies, Inc.
 
Liferay as a Microservice Platform
Liferay as a Microservice PlatformLiferay as a Microservice Platform
Liferay as a Microservice PlatformDaniel Reuther
 
Internet of things using Raspberry Pi
Internet of things using Raspberry PiInternet of things using Raspberry Pi
Internet of things using Raspberry PiYash Gajera
 
Blockchain Applications In Supply Chain, Cybersecurity, Voting, Insurance, Re...
Blockchain Applications In Supply Chain, Cybersecurity, Voting, Insurance, Re...Blockchain Applications In Supply Chain, Cybersecurity, Voting, Insurance, Re...
Blockchain Applications In Supply Chain, Cybersecurity, Voting, Insurance, Re...Simplilearn
 

Mais procurados (20)

IoT Landscape and its Key Trends in Deployment
IoT Landscape and its Key Trends in DeploymentIoT Landscape and its Key Trends in Deployment
IoT Landscape and its Key Trends in Deployment
 
Container security
Container securityContainer security
Container security
 
AWS IoT Webinar
AWS IoT WebinarAWS IoT Webinar
AWS IoT Webinar
 
DevSecOps: Key Controls for Modern Security Success
DevSecOps: Key Controls for Modern Security SuccessDevSecOps: Key Controls for Modern Security Success
DevSecOps: Key Controls for Modern Security Success
 
ESP8266 and IOT
ESP8266 and IOTESP8266 and IOT
ESP8266 and IOT
 
Decentalized Crowdfunding with Blockchain Technology
Decentalized Crowdfunding with Blockchain TechnologyDecentalized Crowdfunding with Blockchain Technology
Decentalized Crowdfunding with Blockchain Technology
 
Hyperledger Fabric and Tools
Hyperledger Fabric and ToolsHyperledger Fabric and Tools
Hyperledger Fabric and Tools
 
Intelligent IoT Projects In 7 Days
Intelligent IoT Projects In 7 Days Intelligent IoT Projects In 7 Days
Intelligent IoT Projects In 7 Days
 
Apigee Edge: Intro to Microgateway
Apigee Edge: Intro to MicrogatewayApigee Edge: Intro to Microgateway
Apigee Edge: Intro to Microgateway
 
Containerization
ContainerizationContainerization
Containerization
 
Risk Management using ITSG-33
Risk Management using ITSG-33Risk Management using ITSG-33
Risk Management using ITSG-33
 
End-to-End CI/CD at scale with Infrastructure-as-Code on AWS
End-to-End CI/CD at scale with Infrastructure-as-Code on AWSEnd-to-End CI/CD at scale with Infrastructure-as-Code on AWS
End-to-End CI/CD at scale with Infrastructure-as-Code on AWS
 
Understanding MicroSERVICE Architecture with Java & Spring Boot
Understanding MicroSERVICE Architecture with Java & Spring BootUnderstanding MicroSERVICE Architecture with Java & Spring Boot
Understanding MicroSERVICE Architecture with Java & Spring Boot
 
IoT and Energy
IoT and EnergyIoT and Energy
IoT and Energy
 
Introduction to AWS WAF and AWS Firewall Manager
Introduction to AWS WAF and AWS Firewall ManagerIntroduction to AWS WAF and AWS Firewall Manager
Introduction to AWS WAF and AWS Firewall Manager
 
IoT Security Risks and Challenges
IoT Security Risks and ChallengesIoT Security Risks and Challenges
IoT Security Risks and Challenges
 
Everything Blockchain Presentation - Feb 2022
Everything Blockchain Presentation - Feb 2022Everything Blockchain Presentation - Feb 2022
Everything Blockchain Presentation - Feb 2022
 
Liferay as a Microservice Platform
Liferay as a Microservice PlatformLiferay as a Microservice Platform
Liferay as a Microservice Platform
 
Internet of things using Raspberry Pi
Internet of things using Raspberry PiInternet of things using Raspberry Pi
Internet of things using Raspberry Pi
 
Blockchain Applications In Supply Chain, Cybersecurity, Voting, Insurance, Re...
Blockchain Applications In Supply Chain, Cybersecurity, Voting, Insurance, Re...Blockchain Applications In Supply Chain, Cybersecurity, Voting, Insurance, Re...
Blockchain Applications In Supply Chain, Cybersecurity, Voting, Insurance, Re...
 

Semelhante a Hacking IoT with EXPLIoT Framework

FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE
 
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...ITCamp
 
Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent ...
Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent ... Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent ...
Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent ...Furkan Turkal
 
Practical Security with MQTT and Mosquitto
Practical Security with MQTT and MosquittoPractical Security with MQTT and Mosquitto
Practical Security with MQTT and Mosquittonbarendt
 
SUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptxSUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptxVasiliy Fomichev
 
Jump into Squeak - Integrate Squeak projects with Docker & Github
Jump into Squeak - Integrate Squeak projects with Docker & GithubJump into Squeak - Integrate Squeak projects with Docker & Github
Jump into Squeak - Integrate Squeak projects with Docker & Githubhubx
 
Zephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfZephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfibramax
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline SecurityJames Wickett
 
ITCamp 2013 - Alessandro Pilotti - Git crash course for Visual Studio devs
ITCamp 2013 - Alessandro Pilotti - Git crash course for Visual Studio devsITCamp 2013 - Alessandro Pilotti - Git crash course for Visual Studio devs
ITCamp 2013 - Alessandro Pilotti - Git crash course for Visual Studio devsITCamp
 
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)Amazon Web Services
 
Azure IoT Edge: a breakthrough platform and service running cloud intelligenc...
Azure IoT Edge: a breakthrough platform and service running cloud intelligenc...Azure IoT Edge: a breakthrough platform and service running cloud intelligenc...
Azure IoT Edge: a breakthrough platform and service running cloud intelligenc...Microsoft Tech Community
 
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk MunnSupply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk MunnNUS-ISS
 
Docker Runtime Security
Docker Runtime SecurityDocker Runtime Security
Docker Runtime SecuritySysdig
 
Using Tetration for application security and policy enforcement in multi-vend...
Using Tetration for application security and policy enforcement in multi-vend...Using Tetration for application security and policy enforcement in multi-vend...
Using Tetration for application security and policy enforcement in multi-vend...Joel W. King
 
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guideNUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guideNUS-ISS
 
2013 09-02 senzations-bimschas-part4-setting-up-your-own-testbed
2013 09-02 senzations-bimschas-part4-setting-up-your-own-testbed2013 09-02 senzations-bimschas-part4-setting-up-your-own-testbed
2013 09-02 senzations-bimschas-part4-setting-up-your-own-testbedDaniel Bimschas
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container securityVolodymyr Shynkar
 
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試Secview
 
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...Agile Testing Alliance
 

Semelhante a Hacking IoT with EXPLIoT Framework (20)

FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT Devices
 
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
 
Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent ...
Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent ... Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent ...
Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent ...
 
Practical Security with MQTT and Mosquitto
Practical Security with MQTT and MosquittoPractical Security with MQTT and Mosquitto
Practical Security with MQTT and Mosquitto
 
SUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptxSUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptx
 
Jump into Squeak - Integrate Squeak projects with Docker & Github
Jump into Squeak - Integrate Squeak projects with Docker & GithubJump into Squeak - Integrate Squeak projects with Docker & Github
Jump into Squeak - Integrate Squeak projects with Docker & Github
 
Zephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfZephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdf
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
 
ITCamp 2013 - Alessandro Pilotti - Git crash course for Visual Studio devs
ITCamp 2013 - Alessandro Pilotti - Git crash course for Visual Studio devsITCamp 2013 - Alessandro Pilotti - Git crash course for Visual Studio devs
ITCamp 2013 - Alessandro Pilotti - Git crash course for Visual Studio devs
 
Tools for FPGA Development
Tools for FPGA DevelopmentTools for FPGA Development
Tools for FPGA Development
 
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
 
Azure IoT Edge: a breakthrough platform and service running cloud intelligenc...
Azure IoT Edge: a breakthrough platform and service running cloud intelligenc...Azure IoT Edge: a breakthrough platform and service running cloud intelligenc...
Azure IoT Edge: a breakthrough platform and service running cloud intelligenc...
 
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk MunnSupply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
 
Docker Runtime Security
Docker Runtime SecurityDocker Runtime Security
Docker Runtime Security
 
Using Tetration for application security and policy enforcement in multi-vend...
Using Tetration for application security and policy enforcement in multi-vend...Using Tetration for application security and policy enforcement in multi-vend...
Using Tetration for application security and policy enforcement in multi-vend...
 
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guideNUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
 
2013 09-02 senzations-bimschas-part4-setting-up-your-own-testbed
2013 09-02 senzations-bimschas-part4-setting-up-your-own-testbed2013 09-02 senzations-bimschas-part4-setting-up-your-own-testbed
2013 09-02 senzations-bimschas-part4-setting-up-your-own-testbed
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container security
 
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
 
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...
 

Mais de Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

Mais de Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Último

Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 

Último (20)

Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 

Hacking IoT with EXPLIoT Framework

  • 1. Best Of The World In Security Conference Best Of The World In Security 12-13 November 2020 Hacking IoT with EXPLIoT Framework Asmita Payatu, India IoT Security Consultant @aj_0x00
  • 2. Best Of The World In Security Conference • IoT Security Consultant at Payatu, India - Embedded Hardware Security - Firmware Reverse Engineering • Trainer/Speaker - Checkpoint CPX360, Nullcon, IDCSS, Hackaday Remoticon Infosec meetups • Email - asmita@payatu.com • Twitter - aj_0x00 About Me
  • 3. Best Of The World In Security Conference • IoT Attack Surface • EXPLIoT Framework - Architecture, - Executing plugins, - Extending the framework by writing your own plugins • MQTT - Protocol, - Security issues, - Hands-on with plugins, - Write a custom Plugin • Plugin Demos - BLE plugins Demo, - Zigbee Demo - I2C Plugins Demo Agenda
  • 4. Best Of The World In Security Conference IoT Attack Surface
  • 5. Best Of The World In Security Conference • Hardware debug ports • Storage • Bus Communication • Encryption • Authentication • Sensor interfaces • Hardware interfaces IoT Attack Surface Device Hardware
  • 6. Best Of The World In Security Conference • Hardware debug ports • Storage • Bus Communication • Encryption • Authentication • Sensor interfaces • Hardware interfaces IoT Attack Surface Device Hardware
  • 7. Best Of The World In Security Conference • Authentication • Encryption • Protocol vulnerabilities • Custom IoT protocols • Radio communication and protocols IoT Attack Surface Communication
  • 8. Best Of The World In Security Conference • Storage • Communication • Authentication • APIs • Encryption • Generic web/cloud vulnerabilities IoT Attack Surface Cloud
  • 9. Best Of The World In Security Conference • Storage • Communication • Authentication • Hardcoding • Encryption • Generic application vulnerabilities IoT Attack Surface User application
  • 10. Best Of The World In Security Conference • Open source IoT Security Testing and Exploitation Framework - EXPLIoT • Framework for security testing IoT and IoT infrastructure • Provides a set of plugins (test cases) and extendable • It is developed in python3 • Support for hardware, radio and IoT protocol analysis • Easy to use • Source : https://gitlab.com/expliot_framework/expliot • Documentation - https://expliot.readthedocs.io/en/latest/ EXPLIoT Framework
  • 11. Best Of The World In Security Conference EXPLIoT Framework - Architecture Source : https://expliot.readthedocs.io/en/latest/development/architecture.html
  • 12. Best Of The World In Security Conference • Bluetooth LE • CAN • CoAP • Crypto • DICOM • I2C • mDNS • Modbus Currently Supported Plugins • MQTT • nmap • SPI • TCP • UART • UDP • UPNP • Zigbee
  • 13. Best Of The World In Security Conference • Install EXPLIoT framework • Choose the execution mode - command line mode - Interactive mode Executing Plugins Source : https://expliot.readthedocs.io/en/latest/installation/intro.html https://expliot.readthedocs.io/en/latest/usage/intro.html
  • 14. Best Of The World In Security Conference Executing Plugins - Command line mode Source : https://expliot.readthedocs.io/en/latest/usage/command-line-mode.html#command-line- mode
  • 15. Best Of The World In Security Conference Executing Plugins - Command line mode Source : https://expliot.readthedocs.io/en/latest/usage/command-line-mode.html#command-line- mode
  • 16. Best Of The World In Security Conference Executing Plugins - Command line mode Source : https://expliot.readthedocs.io/en/latest/usage/command-line-mode.html#command-line- mode Plugin name arguments
  • 17. Best Of The World In Security Conference Executing Plugins - Interactive mode Source : https://expliot.readthedocs.io/en/latest/usage/interactive-mode.html
  • 18. Best Of The World In Security Conference Executing Plugins - Interactive mode Source : https://expliot.readthedocs.io/en/latest/usage/interactive-mode.html
  • 19. Best Of The World In Security Conference Executing Plugins - Interactive mode Source : https://expliot.readthedocs.io/en/latest/usage/interactive-mode.html
  • 20. Best Of The World In Security Conference Executing Plugins - Interactive mode Source : https://expliot.readthedocs.io/en/latest/usage/interactive-mode.html Plugin name arguments
  • 21. Best Of The World In Security Conference Executing Plugins Detailed Videos : https://www.youtube.com/playlist?list=PLpCYsToyPxH-tGseJ3C4Gk0pCNZ-0pl6w
  • 22. Best Of The World In Security Conference • Setup the development environment * Don’t miss pre-requirements setup Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/setup.html
  • 23. Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework Setup.py
  • 24. Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework Setup.py
  • 25. Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework Setup.py docs
  • 26. Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework Setup.py docs expliot
  • 27. Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework expliot
  • 28. Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework expliot -> core
  • 29. Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework expliot /core
  • 30. Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework expliot -> plugins
  • 31. Best Of The World In Security Conference Extend the framework - Write your own plugins Source: https://expliot.readthedocs.io/en/latest/development/development.html https://gitlab.com/expliot_framework/expliot Development - EXPLIoT Framework expliot /plugins
  • 32. Best Of The World In Security Conference • Message Queuing Telemetry Transport • Lightweight Messaging protocol • Publish / Subscribe mechanism • Message Broker • TCP Port - 1883 (Plain text) & 8883 (TLS) • Mqtt.org • An ISO Standard - ISO/IEC 20922 http://www.iso.org/iso/catalogue_detail.htm?csnumber=69466 • MQTT 5.0 Spec - https://docs.oasis-open.org/mqtt/mqtt/v5.0/mqtt- v5.0.html MQTT Introduction
  • 33. Best Of The World In Security Conference • Topics Label for grouping of Application messages, matched against subscriptions to forward the messages. Ex: foo/bar • Topic filters An expression indicating one or more topic names in a Subscription. Use of wild cards. Ex: foo, foo/# • Publish messages under specific topics Publish(topic, message) • Subscribe/Unsubscribe to/from Topic filters MQTT Introduction Source: https://payatu.com/blog/aseem/iot-security---part-10-introduction-to-mqtt-protocol-and-security
  • 34. Best Of The World In Security Conference MQTT Introduction • Multilevel wildcard - ‘#’ • Singlelevel wildcard – ‘+’ • Topic names beginning with ‘$’ character are used for implementation internal purposes
  • 35. Best Of The World In Security Conference Node 1, 2, 3 subscribed to different topic filters MQTT Introduction Source: https://payatu.com/blog/aseem/iot-security---part-10-introduction-to-mqtt-protocol-and-security
  • 36. Best Of The World In Security Conference Node 4 publishes “Hello” on topic ‘a’ MQTT Introduction Source: https://payatu.com/blog/aseem/iot-security---part-10-introduction-to-mqtt-protocol-and-security
  • 37. Best Of The World In Security Conference Node 2 & 3 receives the published msg but not node one, why? MQTT Introduction Source: https://payatu.com/blog/aseem/iot-security---part-10-introduction-to-mqtt-protocol-and-security
  • 38. Best Of The World In Security Conference MQTT Introduction Quality of service (QoS) • QoS Levels • QoS 0 – At most once delivery • QoS 1 – At least once delivery • QoS 2 – Exactly once delivery • Messages are delivered based on the defined QoS Level
  • 39. Best Of The World In Security Conference MQTT Protocol Packet Structure
  • 40. Best Of The World In Security Conference MQTT Protocol Source: https://payatu.com/blog/aseem/iot-security---part-10-introduction-to-mqtt-protocol-and-security 16 control packets in v5.0
  • 41. Best Of The World In Security Conference MQTT Security Issues - Attack Possibilities Source: https://payatu.com/blog/aseem/iot-security---part-10-introduction-to-mqtt-protocol-and-security • Fetching unencrypted sensitive data from sniffed packets • DoS attack via duplicating client ID • Insecure/weak authentication : use of client ID or default/guessable credentials • Grab system level messages $SYS/# • Cloning the client • Attacking and manipulating the devices via malicious input
  • 42. Best Of The World In Security Conference MQTT Plugin • mqtt.generic.crackauth • mqtt.generic.pub • mqtt.generic.sub • mqtt.aws.pub • mqtt.aws.sub
  • 43. Best Of The World In Security Conference mqttpub Plugin Implementation Source: https://gitlab.com/expliot_framework/expliot https://expliot.readthedocs.io/en/latest/tests/mqtt.html
  • 44. Best Of The World In Security Conference mqttpub Plugin Implementation Source: https://gitlab.com/expliot_framework/expliot https://expliot.readthedocs.io/en/latest/tests/mqtt.html
  • 45. Best Of The World In Security Conference mqttpub Plugin Implementation Source: https://gitlab.com/expliot_framework/expliot https://expliot.readthedocs.io/en/latest/tests/mqtt.html Class name MqttPub same as plugin file name mqttpub.py Output format place Initialization Argument parser
  • 46. Best Of The World In Security Conference mqttpub Plugin Implementation Source: https://gitlab.com/expliot_framework/expliot https://expliot.readthedocs.io/en/latest/tests/mqtt.html Main logic of plugin Exception Handeling
  • 47. Best Of The World In Security Conference MQTT hands-on labs using plugins Lab 1 : Subscribe and Publish using expliot • Objective – Subscribe to a Topic filter and Publish messages to the same • Steps : - Open Terminal and Run expliot - $ expliot - Inside expliot framework run “ run mqtt,generic.sub -h” for help menu - Again open expliot framework in another terminal - Terminal 1: Subscribe to any topic using “run mqtt.generic.sub -r localhost -t test” - Terminal 2: Publish a message to the topic using “ run mqtt.generic.pub -r localhost -t test -m hello “ - Subscription terminal now received your message which has been published - You will see messages from everyone publishing on the topic test if they are in the same network
  • 48. Best Of The World In Security Conference MQTT hands-on labs using plugins Lab 2 : Read system level messages • Objective – Read system level messages instead of Application messages and be able to gather any interesting information about the broker. • Hint – Subscribe to the right Topic ;) • Steps : - Use EXPLIoT framework and subscribe to interesting SYS topics - Command: run mqt.generic.sub -r localhost -t “$SYS/#”
  • 49. Best Of The World In Security Conference MQTT hands-on labs using plugins Lab 3 : MQTT Client DoS • Objective – To kill a legitimate MQTT connection using the same client ID • Steps : - Run expliot framework in two terminal: - Terminal 1: Subscribe to any topic with a unique client id using “run mqtt.generic.sub -r localhost -t foobar -i testfoobar “ - Terminal 2: Send a message with same client id to any topic using “run mqtt.generic.pub -r localhost -t test -i testfoobar -m hello” - Now you can notice that the client which was subscribing to the broker gets disconnected because of the publish message with the same client id - You can use this to DoS a MQTT server and a client and connect to it and send malicious data.
  • 50. Best Of The World In Security Conference Write a custom plugin – Hands-on • Hands-on writing with any custom plugin for the framework • Before get started, do the set up as : https://expliot.readthedocs.io/en/latest/development/setup.html • For reference of new-plugin setup – https://expliot.readthedocs.io/en/latest/development/new-plugin.html • Coding style & Documentation Link – https://expliot.readthedocs.io/en/latest/development/intro.html https://expliot.readthedocs.io/en/latest/development/documentation.html So, it’s time to write your own plugin 
  • 51. Best Of The World In Security Conference Plugins Demos Demo 1 : I2C Plugin • Objective – Dump the data from memory using protocol adapter Plugin : run i2c.generic.readeeprom Source : https://expliot.readthedocs.io/en/latest/tests/i2c.html
  • 52. Best Of The World In Security Conference Plugins Demos Demo 1 : I2C Plugin • Objective – Dump the data from memory using protocol adapter Time for Demo 
  • 53. Best Of The World In Security Conference Plugins Demos Demo 2 : Zigbee Plugin • ZigBee Network Scan - zbauditor.generic.nwkscan • ZigBee Packet Sniffer - zbauditor.generic.sniffer • ZigBee Packet Replay - zbauditor.generic.replay Source : https://expliot.readthedocs.io/en/latest/tests/zbauditor.html
  • 54. Best Of The World In Security Conference Plugins Demos Demo 2 : Zigbee Plugin • ZigBee Network Scan - zbauditor.generic.nwkscan • ZigBee Packet Sniffer - zbauditor.generic.sniffer • ZigBee Packet Replay - zbauditor.generic.replay Source : https://expliot.readthedocs.io/en/latest/tests/zbauditor.html Time for Demo 
  • 55. Best Of The World In Security Conference Plugins Demos Demo 3 : BLE Plugin • Scan - ble.generic.scan • Enumerate - ble.generic.enum • Write - ble.generic.writechar • Fuzz - ble.generic.fuzzchar Source : https://expliot.readthedocs.io/en/latest/tests/bluetooth.html
  • 56. Best Of The World In Security Conference Plugins Demos Demo 3 : BLE Plugin • Scan - ble.generic.scan • Enumerate - ble.generic.enum • Write - ble.generic.writechar • Fuzz - ble.generic.fuzzchar Source : https://expliot.readthedocs.io/en/latest/tests/bluetooth.html Time for Demo 
  • 57. Best Of The World In Security Conference Thank You - Questions? Asmita Payatu, India IoT Security Consultant @aj_0x00 asmita@payatu.com