John Moor

Managing Director, IoT Security Foundation

We may earn commissions for purchases made via this page

Book Recommendations:

Recommended by John Moor

This book is everything you would want to learn from the subject masters—it is an authoritative and a precious resource that both IoT security researchers and developers will want keep close by. I recommend this book for anyone interested in making IoT more secure. (from Amazon)

Practical IoT Hacking: The Definitive Guide to Attacking the Internet of Things book cover

Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, Beau Woods(you?)

Written by all-star security experts, Practical IoT Hacking is a quick-start conceptual guide to testing and exploiting IoT systems and devices. Drawing from the real-life exploits of five highly regarded IoT security researchers, Practical IoT Hacking teaches you how to test IoT systems, devices, and protocols to mitigate risk. The book begins by walking you through common threats and a threat modeling framework. You’ll develop a security testing methodology, discover the art of passive reconnaissance, and assess security on all layers of an IoT system. Next, you’ll perform VLAN hopping, crack MQTT authentication, abuse UPnP, develop an mDNS poisoner, and craft WS-Discovery attacks. You’ll tackle both hardware hacking and radio hacking, with in-depth coverage of attacks against embedded IoT devices and RFID systems. You’ll also learn how to: Write a DICOM service scanner as an NSE moduleHack a microcontroller through the UART and SWD interfacesReverse engineer firmware and analyze mobile companion appsDevelop an NFC fuzzer using Proxmark3Hack a smart home by jamming wireless alarms, playing back IP camera feeds, and controlling a smart treadmill The tools and devices you’ll use are affordable and readily available, so you can easily practice what you learn. Whether you’re a security researcher, IT team member, or hacking hobbyist, you’ll find Practical IoT Hacking indispensable in your efforts to hack all the things REQUIREMENTS: Basic knowledge of Linux command line, TCP/IP, and programming