IoT Penetration Testing Cookbook

Over 80 recipes to master IoT security techniques.
Preview in Mapt

IoT Penetration Testing Cookbook

Aaron Guzman, Aditya Gupta

Over 80 recipes to master IoT security techniques.
Mapt Subscription
FREE
$29.99/m after trial
eBook
$22.40
RRP $31.99
Save 29%
Print + eBook
$39.99
RRP $39.99
What do I get with a Mapt Pro subscription?
  • Unlimited access to all Packt’s 5,000+ eBooks and Videos
  • Early Access content, Progress Tracking, and Assessments
  • 1 Free eBook or Video to download and keep every month after trial
What do I get with an eBook?
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with Print & eBook?
  • Get a paperback copy of the book delivered to you
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with a Video?
  • Download this Video course in MP4 format
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
$0.00
$22.40
$39.99
$29.99 p/m after trial
RRP $31.99
RRP $39.99
Subscription
eBook
Print + eBook
Start 14 Day Trial

Frequently bought together


IoT Penetration Testing Cookbook Book Cover
IoT Penetration Testing Cookbook
$ 31.99
$ 22.40
Azure IoT Development Cookbook Book Cover
Azure IoT Development Cookbook
$ 31.99
$ 22.40
Buy 2 for $35.00
Save $28.98
Add to Cart

Book Details

ISBN 139781787280571
Paperback452 pages

Book Description

IoT is an upcoming trend in the IT industry today; there are a lot of IoT devices on the market, but there is a minimal understanding of how to safeguard them. If you are a security enthusiast or pentester, this book will help you understand how to exploit and secure IoT devices.

This book follows a recipe-based approach, giving you practical experience in securing upcoming smart devices. It starts with practical recipes on how to analyze IoT device architectures and identify vulnerabilities. Then, it focuses on enhancing your pentesting skill set, teaching you how to exploit a vulnerable IoT device, along with identifying vulnerabilities in IoT device firmware. Next, this book teaches you how to secure embedded devices and exploit smart devices with hardware techniques. Moving forward, this book reveals advanced hardware pentesting techniques, along with software-defined, radio-based IoT pentesting with Zigbee and Z-Wave. Finally, this book also covers how to use new and unique pentesting techniques for different IoT devices, along with smart devices connected to the cloud.

By the end of this book, you will have a fair understanding of how to use different pentesting techniques to exploit and secure various IoT devices.

Table of Contents

Chapter 1: IoT Penetration Testing
Introduction
Defining the IoT ecosystem and penetration testing life cycle
Firmware 101
Web applications in IoT
Mobile applications in IoT
Device basics
Introduction to IoT's wireless communications
Setting up an IoT pen testing lab
Chapter 2: IoT Threat Modeling
Introduction
Getting familiar with threat modeling concepts
Anatomy of threat modeling an IoT device
Threat modeling firmware
Threat modeling of an IoT web application
Threat modeling an IoT mobile application
Threat modeling IoT device hardware
Threat modeling IoT radio communication
Chapter 3: Analyzing and Exploiting Firmware
Introduction
Defining firmware analysis methodology
Obtaining firmware
Analyzing firmware
Analyzing filesystem contents
Emulating firmware for dynamic analysis
Getting started with ARM and MIPS
Exploiting MIPS
Backdooring firmware with firmware-mod-kit (FMK)
Chapter 4: Exploitation of Embedded Web Applications
Introduction
Getting started with web app security testing
Using Burp Suite
Using OWASP ZAP
Exploiting command injection
Exploiting XSS
Exploiting CSRF
Chapter 5: Exploiting IoT Mobile Applications
Introduction
Acquiring IoT mobile applications
Decompiling Android applications
Decrypting iOS applications
Using MobSF for static analysis
Analyzing iOS data storage with idb
Analyzing Android data storage
Performing dynamic analysis testing
Chapter 6: IoT Device Hacking
Introduction
Hardware exploitation versus software exploitation
Hardware hacking methodology
Hardware reconnaissance techniques
Electronics 101
Identifying buses and interfaces
Serial interfacing for embedded devices
NAND glitching
JTAG debugging and exploitation
Chapter 7: Radio Hacking
Introduction
Getting familiar with SDR
Hands-on with SDR tools
Understanding and exploiting ZigBee
Gaining insight into Z-Wave
Understanding and exploiting BLE
Chapter 8: Firmware Security Best Practices
Introduction
Preventing memory-corruption vulnerabilities
Preventing injection attacks
Securing firmware updates
Securing sensitive information
Hardening embedded frameworks
Securing third-party code and components
Chapter 9: Mobile Security Best Practices
Introduction
Storing data securely
Implementing authentication controls
Securing data in transit
Securely using Android and iOS platform components
Securing third-party code and components
Employing reverse engineering protections
Chapter 10: Securing Hardware
Introduction
Hardware best practices
Uncommon screw types
Antitamper and hardware protection mechanisms
Side channel attack protections
Exposed interfaces
Encrypting communication data and TPM
Chapter 11: Advanced IoT Exploitation and Security Automation
Introduction
Finding ROP gadgets
Chaining web security vulnerabilities
Configuring continuous integration testing for firmware
Configuring continuous integration testing for web applications
Configuring continuous integration testing for mobile applications

What You Will Learn

  • Set up an IoT pentesting lab
  • Explore various threat modeling concepts
  • Exhibit the ability to analyze and exploit firmware vulnerabilities
  • Demonstrate the automation of application binary analysis for iOS and Android using MobSF
  • Set up a Burp Suite and use it for web app testing
  • Identify UART and JTAG pinouts, solder headers, and hardware debugging
  • Get solutions to common wireless protocols
  • Explore the mobile security and firmware best practices
  • Master various advanced IoT exploitation techniques and security automation

Authors

Table of Contents

Chapter 1: IoT Penetration Testing
Introduction
Defining the IoT ecosystem and penetration testing life cycle
Firmware 101
Web applications in IoT
Mobile applications in IoT
Device basics
Introduction to IoT's wireless communications
Setting up an IoT pen testing lab
Chapter 2: IoT Threat Modeling
Introduction
Getting familiar with threat modeling concepts
Anatomy of threat modeling an IoT device
Threat modeling firmware
Threat modeling of an IoT web application
Threat modeling an IoT mobile application
Threat modeling IoT device hardware
Threat modeling IoT radio communication
Chapter 3: Analyzing and Exploiting Firmware
Introduction
Defining firmware analysis methodology
Obtaining firmware
Analyzing firmware
Analyzing filesystem contents
Emulating firmware for dynamic analysis
Getting started with ARM and MIPS
Exploiting MIPS
Backdooring firmware with firmware-mod-kit (FMK)
Chapter 4: Exploitation of Embedded Web Applications
Introduction
Getting started with web app security testing
Using Burp Suite
Using OWASP ZAP
Exploiting command injection
Exploiting XSS
Exploiting CSRF
Chapter 5: Exploiting IoT Mobile Applications
Introduction
Acquiring IoT mobile applications
Decompiling Android applications
Decrypting iOS applications
Using MobSF for static analysis
Analyzing iOS data storage with idb
Analyzing Android data storage
Performing dynamic analysis testing
Chapter 6: IoT Device Hacking
Introduction
Hardware exploitation versus software exploitation
Hardware hacking methodology
Hardware reconnaissance techniques
Electronics 101
Identifying buses and interfaces
Serial interfacing for embedded devices
NAND glitching
JTAG debugging and exploitation
Chapter 7: Radio Hacking
Introduction
Getting familiar with SDR
Hands-on with SDR tools
Understanding and exploiting ZigBee
Gaining insight into Z-Wave
Understanding and exploiting BLE
Chapter 8: Firmware Security Best Practices
Introduction
Preventing memory-corruption vulnerabilities
Preventing injection attacks
Securing firmware updates
Securing sensitive information
Hardening embedded frameworks
Securing third-party code and components
Chapter 9: Mobile Security Best Practices
Introduction
Storing data securely
Implementing authentication controls
Securing data in transit
Securely using Android and iOS platform components
Securing third-party code and components
Employing reverse engineering protections
Chapter 10: Securing Hardware
Introduction
Hardware best practices
Uncommon screw types
Antitamper and hardware protection mechanisms
Side channel attack protections
Exposed interfaces
Encrypting communication data and TPM
Chapter 11: Advanced IoT Exploitation and Security Automation
Introduction
Finding ROP gadgets
Chaining web security vulnerabilities
Configuring continuous integration testing for firmware
Configuring continuous integration testing for web applications
Configuring continuous integration testing for mobile applications

Book Details

ISBN 139781787280571
Paperback452 pages
Read More

Read More Reviews

Recommended for You

Azure IoT Development Cookbook Book Cover
Azure IoT Development Cookbook
$ 31.99
$ 22.40
Fundamentals of IoT Security [Video] Book Cover
Fundamentals of IoT Security [Video]
$ 124.99
$ 106.25
Kali Linux Wireless Penetration Testing Cookbook Book Cover
Kali Linux Wireless Penetration Testing Cookbook
$ 31.99
$ 22.40
Python Penetration Testing Cookbook Book Cover
Python Penetration Testing Cookbook
$ 27.99
$ 19.60
Intelligent IoT Projects in 7 Days Book Cover
Intelligent IoT Projects in 7 Days
$ 31.99
$ 22.40
IoT Projects with Bluetooth Low Energy Book Cover
IoT Projects with Bluetooth Low Energy
$ 27.99
$ 19.60