John Moor
Managing Director, IoT Security Foundation
Book Recommendations:
Recommended by John Moor
“This book is everything you would want to learn from the subject masters—it is an authoritative and a precious resource that both IoT security researchers and developers will want keep close by. I recommend this book for anyone interested in making IoT more secure.” (from Amazon)
Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, Beau Woods(you?)
Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, Beau Woods(you?)
Written by all-star security experts, Practical IoT Hacking is a quick-start conceptual guide to testing and exploiting IoT systems and devices. Drawing from the real-life exploits of five highly regarded IoT security researchers, Practical IoT Hacking teaches you how to test IoT systems, devices, and protocols to mitigate risk. The book begins by walking you through common threats and a threat modeling framework. You’ll develop a security testing methodology, discover the art of passive reconnaissance, and assess security on all layers of an IoT system. Next, you’ll perform VLAN hopping, crack MQTT authentication, abuse UPnP, develop an mDNS poisoner, and craft WS-Discovery attacks. You’ll tackle both hardware hacking and radio hacking, with in-depth coverage of attacks against embedded IoT devices and RFID systems. You’ll also learn how to: Write a DICOM service scanner as an NSE moduleHack a microcontroller through the UART and SWD interfacesReverse engineer firmware and analyze mobile companion appsDevelop an NFC fuzzer using Proxmark3Hack a smart home by jamming wireless alarms, playing back IP camera feeds, and controlling a smart treadmill The tools and devices you’ll use are affordable and readily available, so you can easily practice what you learn. Whether you’re a security researcher, IT team member, or hacking hobbyist, you’ll find Practical IoT Hacking indispensable in your efforts to hack all the things REQUIREMENTS: Basic knowledge of Linux command line, TCP/IP, and programming