Exploiting IIoT (Industrial IoT) Workshop
The IoT field growing fast and there is no security aspect implemented, due to the high demand for automation in M2M communication, this IoT concept took a position in the industrial sector for better and faster work. Due to the fact of security aspect which is not taking place during production, all IoT communications, and wireless coms are vulnerable today such as industrial IoT gateways.
“Exploiting IIoT (Industrial IoT)” is a suite of testing methodologies for IIoT devices that offers a hands-on experience to find vulnerabilities in wireless protocols, M2M communication protocols, sensors etc. The same methods can apply to Home Automation devices, healthcare devices etc.
We will provide comprehensive slides along with testing methodologies and Virtual Image OS, which will used during the course materials. The “Exploiting IIoT (Industrial IoT)” course is aimed at security professionals who want to enhance their skills and move to/ specialize in IoT security. The course is structured for beginner to intermediate-level attendees who do not have any experience in IoT, reversing, or hardware.
In this workshop, we will cover some protocols that generally find the IIOT industries such as:
Canbus – This protocol comes in many domains of industries such as Automotive with respect to ECU, Telematics devices in IoT, and couplers in the ICS domain. So we will cover basic attacks associated with this protocol in detail, If time permits can cover more advanced attacks as well.
- Introduction and Protocol Overview
- Reconnaissance (Active and Passive)
- Sniffing and Eavesdropping
- Replay Attack
Modbus – Modbus also comes in many domains of industries such as ICS with respect to PLC and IIoT with respect to Modbus gateway. So we will cover attacks associated with these protocols in detail as follows,
- Introduction and Protocol Overview
- Reconnaissance
- Sniffing and Eavesdropping
- Modbus Flooding
- Modifying Coil and register values of PLC
BLE: Bluetooth Low energy comes in many domains of industries like the above 2 protocols. The domain of industries such as IoT with respect to BLE tracker, IoMT with respect to health care devices. So we will cover attacks associated with these protocols in detail as follows,
- Introduction and Protocol Overview
- Reconnaissance (Active and Passive) with HCI tools
- GATT service Enumeration
- Sniffing GATT protocol communication
- Reversing GATT protocol communication
- Read and write on GATT protocol Above workshop is hands-on, we will bring target devices as well as hardware tools for attacking purposes.
About the Speaker
Arun Mane is the Founder and CEO of Amynasec Labs company which specializes in Vehicle/IOT/ICS and he is also a Hardware, IOT, and ICS Security Researcher. His areas of interest are Hardware Security, SCADA, Automotive security, Fault Injection, RF protocols, and Firmware Reverse Engineering. He also has experience in performing Security Audits (iso 62443, iso 21434, Nist frameworks) for both Government and private clients. He has presented a talk at nullcon 2016,2017,2018 Goa, GNUnify 2017, Defcamp 2017, 2018,2019 Romania, Hacktivity 2019 Budapest, Rootcon 2020 Philippines, BsidesDelhi 2017, c0c0n x 2017,2019, BSides Ahmedabad 2021, EFY 2018, x33fcon2018,2019,2021, BlackHat USA 2018, Defcon USA 2018, OWASP Seasides 2019 Goa. Also, Trainer for Practical Industrial Control Systems (ICS) hacking training, delivered in x33fcon2018,2019, HIP 2018, and also delivered training for IoT hacking in HITB 2017, HIP 2017, BlackHat Asia 2018, and private clients in London, Australia, Sweden, Netherlands etc. Currently giving training on Exploiting IIOT, Reversing, and exploiting Vehicles. He is an active member of the null open community.