IoT penetration testing cookbook identify vulnerabilities and secure your smart devices
Over 80 recipes to master IoT security techniques. About This Book Identify vulnerabilities in IoT device architectures and firmware using software and hardware pentesting techniques Understand radio communication analysis with concepts such as sniffing the air and capturing radio signals A recipe b...
Otros Autores: | , |
---|---|
Formato: | Libro electrónico |
Idioma: | Inglés |
Publicado: |
Birmingham, England ; Mumbai, [India] :
Packt Publishing
2017.
|
Edición: | 1st edition |
Materias: | |
Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009630081306719 |
Tabla de Contenidos:
- Cover
- Copyright
- Credits
- About the Authors
- About the Reviewers
- www.PacktPub.com
- Customer Feedback
- Dedication
- Table of Contents
- Preface
- Chapter 1: IoT Penetration Testing
- Introduction
- Defining the IoT ecosystem and penetration testing life cycle
- Penetration testing approaches
- Black box
- White box
- Grey box
- Firmware 101
- Digging deeper into firmware
- Development supply chain of firmware
- Web applications in IoT
- Web communication
- Mobile applications in IoT
- Hybrid
- Native applications
- Device basics
- Hardware inputs
- Introduction to IoT's wireless communications
- Wi-Fi
- ZigBee
- Z-Wave
- Bluetooth
- Setting up an IoT pen testing lab
- Software tool requirements
- Firmware software tools
- Web application software tools
- Mobile application software tools
- Android
- iOS
- Hardware analysis tool requirements
- Hardware tools
- Hardware analysis software
- Radio analysis tool requirements
- Radio analysis hardware
- Radio analysis software
- Chapter 2: IoT Threat Modeling
- Introduction
- Getting familiar with threat modeling concepts
- Getting ready
- How to do it...
- Anatomy of threat modeling an IoT device
- How to do it...
- Step 1 - identifying the assets
- Step 2 - creating an IoT device architecture overview
- Step 3 - decomposing the IoT device
- Step 4 - identifying threats
- Step 5 - documenting threats
- Threat #1
- Threat #2
- Threat #3
- Step 6 - rating the threats
- Threat modeling firmware
- Getting ready
- How to do it...
- Step 1 - identifying the assets
- Steps 2 and 3 - creating an architecture overview and decomposition
- Step 4 - identifying threats
- Step 5 - documenting threats
- Threat #1
- Threat #2
- Threat #3
- Step 6 - rating the threats
- Threat modeling of an IoT web application
- How to do it.
- Step 1 :Creating an architecture overview and decomposition
- Step 2: Identifying threats
- Step 3 :Documenting threats
- Threat #1
- Threat #2
- Threat #3
- Step 4 : Rating the threats
- Threat modeling an IoT mobile application
- How to do it...
- Step 1: Creating an architecture overview and decomposition
- Step 2: Identifying threats
- Step 3: Documenting threats
- Threat #1
- Threat #2
- Threat #3
- Step 4: Rating the threats
- Threat modeling IoT device hardware
- How to do it...
- Step 1: Creating an architecture overview and decomposition
- Step 2: Identifying threats
- Step 3: Documenting threats
- Threat #1
- Threat #2
- Threat #3
- Step 4: Rating the threats
- Threat modeling IoT radio communication
- How to do it...
- Step 1: Creating an architecture overview and decomposition
- Step 2: Identifying threats
- Step 3: Documenting threats
- Threat #1
- Threat #2
- Threat #3
- Step 4: Rating the threats
- Chapter 3: Analyzing and Exploiting Firmware
- Introduction
- Defining firmware analysis methodology
- Obtaining firmware
- Getting ready
- How to do it...
- Downloading from the vendor's website
- Proxying or mirroring traffic during device updates
- Dumping firmware directly from the device
- Googling
- How it works...
- Analyzing firmware
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Analyzing filesystem contents
- Getting ready
- Manual analysis
- Automated tools and scripts
- How to do it...
- How it works...
- There's more...
- See also
- Emulating firmware for dynamic analysis
- Getting ready
- How to do it...
- How it works...
- There's more...
- Getting started with ARM and MIPS
- Getting Ready
- How to do it...
- There's more...
- Exploiting MIPS
- Getting ready
- How to do it...
- How it works...
- There's more.
- Backdooring firmware with firmware-mod-kit (FMK)
- Getting ready
- How to do it...
- How it works...
- Chapter 4: Exploitation of Embedded Web Applications
- Introduction
- Getting started with web app security testing
- How to do it...
- Web penetration testing methodologies
- Choosing your testing tools
- Using Burp Suite
- Getting ready
- How to do it...
- How it works...
- There's more...
- Useful intruder payloads
- See also
- Using OWASP ZAP
- Getting ready
- How to do it...
- There's more...
- Exploiting command injection
- Getting ready
- How to do it...
- See also
- Exploiting XSS
- Getting ready
- How to do it...
- Introduction to using BeEF XSS payloads
- Basic usage of BeEF when hooking a victim
- Proxying traffic through a victim's browser
- There's more...
- See also
- Exploiting CSRF
- Getting ready
- How to do it...
- See also
- Chapter 5: Exploiting IoT Mobile Applications
- Introduction
- Acquiring IoT mobile applications
- How to do it...
- Decompiling Android applications
- Getting ready
- How to do it...
- See also
- Decrypting iOS applications
- Getting ready
- How to do it...
- See also
- Using MobSF for static analysis
- Getting ready
- How to do it...
- Android static analysis
- iOS static analysis
- There's more...
- Analyzing iOS data storage with idb
- Getting ready
- How to do it...
- There's more...
- See also
- Analyzing Android data storage
- Getting ready
- How to do it...
- See also
- Performing dynamic analysis testing
- Getting ready
- How to do it...
- See also
- Chapter 6: IoT Device Hacking
- Introduction
- Hardware exploitation versus software exploitation
- Hardware hacking methodology
- Information gathering and recon
- External and internal analysis of the device
- Identifying communication interfaces.
- Acquiring data using hardware communication techniques
- Software exploitation using hardware exploitation methods
- Hardware reconnaissance techniques
- Opening the device
- Looking at various chips present
- Electronics 101
- Resistor
- Voltage
- Current
- Capacitor
- Transistor
- Memory types
- Serial and parallel communication
- There's more...
- Identifying buses and interfaces
- UART identification
- SPI and I2C identification
- JTAG identification
- There's more...
- Serial interfacing for embedded devices
- Getting ready
- How to do it...
- See also
- NAND glitching
- Getting ready
- How to do it...
- See also
- JTAG debugging and exploitation
- Getting ready
- How to do it...
- See also
- Chapter 7: Radio Hacking
- Introduction
- Getting familiar with SDR
- Key terminologies in radio
- Hands-on with SDR tools
- Getting ready
- How to do it...
- Analyzing FM
- RTL-SDR for GSM analysis
- Working with GNU Radio
- There's more...
- Understanding and exploiting ZigBee
- Getting ready
- How to do it...
- There's more...
- Gaining insight into Z-Wave
- How to do it...
- Understanding and exploiting BLE
- Getting ready
- How to do it...
- There's more...
- Chapter 8: Firmware Security Best Practices
- Introduction
- Preventing memory-corruption vulnerabilities
- Getting ready
- How to do it...
- See also
- Preventing injection attacks
- How to do it...
- See also
- Securing firmware updates
- How to do it...
- Securing sensitive information
- How to do it...
- See also
- Hardening embedded frameworks
- Getting ready
- How to do it...
- Securing third-party code and components
- Getting ready
- How to do it...
- Chapter 9: Mobile Security Best Practices
- Introduction
- Storing data securely
- Getting ready
- How to do it...
- See also
- Implementing authentication controls.
- How to do it...
- See also
- Securing data in transit
- How to do it...
- Android
- iOS
- See also
- Securely using Android and iOS platform components
- How to do it...
- Securing third-party code and components
- How to do it...
- See also
- Employing reverse engineering protections
- How to do it...
- There's more...
- See also
- Chapter 10 : Securing Hardware
- Introduction
- Hardware best practices
- Uncommon screw types
- Antitamper and hardware protection mechanisms
- Side channel attack protections
- Exposed interfaces
- Encrypting communication data and TPM
- Chapter 11: Advanced IoT Exploitation and Security Automation
- Introduction
- Finding ROP gadgets
- Getting ready
- How to do it...
- See also
- Chaining web security vulnerabilities
- How to do it...
- Step 1 - identifying assets and entry points
- Step 2 - finding the weakest link
- Step 3 - reconnaissance
- Android application
- iOS application
- Web application
- Step 4 - identifying vulnerabilities
- Step 5 - Exploitation
- Chaining vulnerabilities
- See also
- Configuring continuous integration testing for firmware
- Getting ready
- How to do it...
- See also
- Configuring continuous integration testing for web applications
- Getting ready
- How to do it...
- See also
- Configuring continuous integration testing for mobile applications
- Getting ready
- How to do it...
- See also
- Index.