Hands-On IoT Penetration Testing [Video]

2 (1 reviews total)
By Sunil Gupta
    Advance your knowledge in tech with a Packt subscription

  • Instant online access to over 7,500+ books and videos
  • Constantly updated with 100+ new titles each month
  • Breadth and depth in over 1,000+ technologies

About this video

Pentesting is much like taking a battering ram to the door of a fortress. You keep pounding away but try to find a secret backdoor to enter through. But what happens if pieces of the network are outside the fortress? The solution to this problem is IOT pentesting.
This course begins with the IoT device architecture to help you understand the most common vulnerabilities. You'll explore networks, sniffing out vulnerabilities while also ensuring that the hardware devices and the software running on them are free of any security loopholes.
Moving on, you will learn how to perform pentesting on advanced IoT Devices including Amazon Eco, Logitech Cameras, the Google Nexus phone, Vyos Gateways, TP-Link Smart Switches, and firewalls. By the end of the course, you will be able to create IoT pentesting reports. After completion of the course, you will be able to penetrate even the most densely populated IoT networks.

Style and Approach

To satisfy market demands, this course is designed to enhance the skills of professionals working in IoT Pentesting. We realize the importance of the student's time and goals and emphasized on the practicality of the subject

Publication date:
November 2018
Publisher
Packt
Duration
2 hours 32 minutes
ISBN
9781789614923

About the Author

  • Sunil Gupta

    Sunil Gupta is an experienced computer programmer and cybersecurity expert and consults in Information Technology with a focus on cybersecurity. He is an invited speaker for, and a member of, many key organizations. Sunil has helped many organizations around the Globe, including Barclays Bank; Aviation College Qatar (QATAR); Ethiopian Airlines; Telecom Authority Tanzania; NCB Bank (Saudi Arabia); Accenture (India); Afghan Wireless (Afghanistan); and many more. Currently, he teaches online over 60,000 students in more than 170 countries and some of his best work has been published by major publishing houses. Some of his best courses include: End-to-End Penetration Testing with Kali Linux and Threat and Vulnerability Assessment for Enterprises. His cybersecurity certifications include SSCP Certification (Systems Security Certified Practitioner), Bug Bounty Program Certification, and more. https://www.linkedin.com/in/sunilguptaethicalhacker/

    Browse publications by this author

Latest Reviews

(1 reviews total)
The sections appeared to be fundamentally flawed and not joined up from a IoT testing and reporting perspective. Many of the steps and sections are just randomly merged of various Kali Linux hacking tools that sort of covers some of the areas of IoT and pen-testing but no real IoT examples or IoT pen-testing - which is very disappointing. A very basic introduction at best for a novice but for $5 it's probably worth the price anything more is a rip off. Section 3.2 is based on a Windows 7 EUD running a custom created binary to avoid Windows Defender and then exploiting in later sections to view the pictures/record video etc. It wasn't pen testing or actually "attacking" the PC as per description - it didn't use an Man-in-the-Middle attacks or Phishing examples just ran this copied binary on the Windows Endpoint and it was 'hacked'. Section 4.4 Could include some examples of common IoT default passwords or dictionaries e.g. Mirai rather than generate some themselves. Take Access then so what? Doesn't explain next steps or give real world examples how/what you could do and it is supposed be about IoT pen-testing. Section 5.1 Set up Google IoT device should be renamed how to use an external USB wifi adapter and wireless hacking tools - nothing to do setting up or using / hacking a Google IoT. The use of wireless tools is probably the best section next to Android Studio usage (some parts). Section 6.1 is totally rubbish, should be renamed "how to google these products and install them" before *you* research these - there is no pen testing or actual demonstration or practical scanning, enumeration and/or exploitation for these besides how to google search and install some random (non-enterprise firewall). Section 7.4 Could include a whole number of techniques and doesn't even mention OWASP or other tools/techniques besides a CLI Drozer, no MITM or exploitation, is the data encrypted at rest etc. The reporting sections are a waste of time, here is Magictree do a nmap scan of his PC and then what? Metagoofil for report writing (?) steps like this and use of Shodan would've been better used and explained earlier before so-called testing. It seems there is a lack of formalised approach and they could have done so much more on this topic. The sections on wireless pen-testing with actual examples/tools and demonstrations are the most useful likewise use of Android Studio but overall - it appears poorly developed and cobbled together and not worth your time.
Hands-On IoT Penetration Testing [Video]
Unlock this video and the full library for FREE
Start free trial