Cyber Security Consultant
Penetration Testing (VAPT)
Network security monitoring
Banking Security
Healthcare security
soc 2.0
cloud security
advanced threat protection

Who are we?

Hackers Associate is an official platform that provides advanced cybersecurity training with complete hands-on, VAPT services to private & government organization, events & workshops. Being the only organization in India that provides 80+ Cyber Security Training Certifications, we ensure quality education with the pillars of practical instances and real-life case studies.

+91 8181818857
Join LinkedIn
Join Discord

Offensive IoT Hacking and Security Training (IoTHS)

Inquire Now
In Person (5 Days)
Online (14 Days)
This training program will cover both Offensive and Defensive Security of IoT devices. These training modules are carefully selected to provide the most thorough training available. It will start with the fundamentals of IoT using various industries as examples and learn about typical components and technology used. It will also cover popular security architecture applied to IoT systems as well as security rules & standards.

Course Author:

Harshad Shah- Founder, CISO & CEO at Hacker Associate
Harshad Shah
Founder and CEO
Hacker Associate has introduced IoT Security and Hacking to keep up with changing trends and the need of the hour. Learning IoT is more difficult than you might think. Firmware, Embedded Devices, Serial Communication Protocols, Software Defined Radio, Bluetooth Low Energy (BLE), and ZigBee must all be learned. This course is designed with all of these considerations in mind to emphasize the importance of incorporating security into IoT devices and solutions.
This practical training program will cover threats to IoT systems, attack vectors, common security design loopholes, IoT hardware vulnerabilities, OWASP IoT top 10, APIs, security protocols and other backend services will be covered as well. Moving forward it will cover how to integrate current security services to protect an IoT service, how to put security system design into practice. Learn to deploy cryptographic solutions, identify and access management solutions, key management, and create policies and strategies for securing IoT devices. This IoT security course is hands-on practical training to provide learners with a comprehensive experiential and practical learning experience. As we believe that practical knowledge impacts more on the participants.

Devices to be used:

WiFi Pineapple
Raspberry Pi
Open Sniffer
HackRf One
BB Black
Alfa Card

IoTHS Highlights

Reversing Firmware & Firmware Analysis
Exploiting Real World Devices
OWASP IoT Top 10
Hardware Hacking
Software Defined Radio Hacking
30+ Devices during Training
Design your Own IoT Gadgets
Bluetooth Hacking & Sniffing
Wireless Regulatory Testing
Exploiting Zigbee Over-the-Air key provisioning
Application Testing (Mobile + Desktop)
IoT API Attacks
RFID Cloning
ARM Based Exploitation
Hardening Industrial IoT Network Devices

IoTHS Course Structure

This training program is structured into four sections to ensure that you grasp each one completely. It has been deliberately developed to provide you the most thorough training possible.

We'll start with offensive IoT internals, identifying attack surfaces, and creating a pen test mindset, then move on to Firmware RE, electronics internals, Embedded Device Hacking, and eventually exploiting BLE and ZigBee communication protocols, all through hands-on labs and exercises. The offensive training will assist you in determining how to choose a security solution that meets your needs rather than vice versa.

Then we'll move on to IoT security. There are a few things to remember when it comes to security. You must establish trust in the IoT by using eSIMs, IAM systems, and certificates to create trusted identities. You'll also need to decide what kind of encryption you'll employ for data while it travels and rests on devices and in the cloud.

Section- 1 (IoT Penetration Testing)

Deep dive into embedded/IoT firmware, starting with the fundamentals: understanding the multistage boot process, the kernel and root filesystems, how to build them with a custom toolchain, and how they can be compromised by the user and kernel-mode backdoors/rootkits. Learn what's entailed in using DIY open-source technologies to improve your security. Will it, in the end, assist you in having a secure solution for your IoT product? How will you secure data transmission and storage, and how will you handle such a large number of encryption keys? We'll be utilizing the newest 4.15.x kernel on an ARM architecture board for this session.

Section- 2 (ZigBee)

Zigbee and IEEE 802.15.4 authentication and cryptographic controls.
Weaknesses in Zigbee key provisioning and management mechanisms.
Tools for eavesdropping on and manipulating Zigbee networks.
Exploiting Zigbee Over-the-Air key provisioning.
Implementing Security services such as cryptographic key establishment, key transport, frame protection, and device management.

Section- 3 (BLE)

Bluetooth pairing techniques and vulnerabilities.
Attacking Bluetooth pairing for PIN and key recovery.
Techniques for identifying non-discoverable Bluetooth devices.
Recognizing BLE Frequency-Hopping RF patterns.
Security analysis of BLE pairing options just works, OOP, passkey, and numeric comparison.
Analysis of expensive and inexpensive BLE packet capture tools for Windows, Linux, and Android devices.
Practical exploitation of BLE services & the overview of key risk management measures to secure BLE devices.

Section- 4 (Wireless Regulatory Testing)

Introduction to Wireless communication Regulatory testing and standards like ETSI 300 328, FCC Part 15 Sub C.
Basics of 2.4GHz regulatory requirements for Bluetooth, Zigbee, Wi-Fi, and test procedures for global and India markets.
Basics of 5GHz regulatory requirements for WiFi and test procedure for global and Indian markets.
Basics of LTE-M and NB-IoT Regulatory requirements and testing for global and India markets.
Information Security – for details of what it means Major CS standards and Implementation guidelines – for understanding more practically.
Training on standards like IEC 62443 can help –.
Overview Energy Efficient Security solution for IoT Devices.
TLS and certificate managements.
Wireless Intrusion Prevention System (WIPS).
Bluetooth, BLE, DECT, and ZigBee Security and Attacks.
Cellular and Mobile Network Security and Attacks: GSM, CDMA, UMTS/HSPA+, LTE, LTE-A Pro, and 5G.
Wireless Security Strategies and Implementation.
Wireless Risk Mitigation.

Exploiting in Real Time

IoTHS Syllabus

Module 1:
Introduction to IoT
Module 2:
Understanding components, devices, protocol used
Module 3:
Security Policies & Standards
Module 4:
Factors impacting IoT
Module 5:
Understand the architecture, components, and applications of convergent enterprise and industrial IoT
Module 6:
Defining the Security Requirements for Industrial IoT Networks
Module 7:
Introduction to Offensive IoT Exploitation
Module 8:
Vulnerabilities in the Internet of Things
Module 9:
Vulnerabilities in Industrial IoT Networks are being exploited
Module 10:
Database SQL Injection
Module 1:
Defining the Security Process for Industrial IoT Networks
Module 12:
Hardening Industrial IoT Network Devices
Module 13:
Industrial IoT Networks: Implementing Network Infrastructure Security
Module 14:
Packets Injections & simulation of Packet loss (with Wireshark)
Module 15:
BDBA and BDH analysis
Module 16:
Identification of threats from Defenses tool or similar tools
Module 17:
Fuzzing and flooding - how to check memory leaks
Module 18:
Attack surface analysis
Module 19:
Integration or system level Cyber Security testing
Module 20:
Analyzing firmware
Module 21:
Infiltrating Firmware
Module 22:
Emulation of firmware using FAT
Module 23:
Web Application Security for IoT devices
Module 24:
Creating BurpSuite Lab for IoT devices
Module 25:
Conventional Attacks & vectors
Module 26:
Command line exploitation
Module 27:
Analyzing Smart Plugs
Module 28:
Controlling Smart devices bypassing encryption
Module 29:
ARM Overview
Module 30:
Buffer overflow on ARM
Module 31:
Exploit writing on ARM
Module 32:
Using radare2 for MIPS binary analysis
Module 33:
Exploitation using GDB remote debugging on MIPS
Module 34:
Embedded Product Penetration Testing

Communication Port Interfaces
- RS 485 Communication Port
- RJ 45 Ethernet IP Port

Communication Protocols Interfaces
- Modbus Communication
- BACnet
- DNP3
- Ethernet IP
- FTP / FTPs
- IPV6
Module 35:
Introduction to UART
Module 36:
Serial interfacing over UART
Module 37:
NAND glitching attack
Module 38:
Building secure IoT system
Module 39:
Port Scanning Result analysis
Module 40:
Identify Top priority risk and Solutions
Module 41:
OWASP IoT Top 10 ( Exploit and Secure)

- Weak, guessable, or hardcoded passwords
- Insecure network services
- Insecure ecosystem interfaces
- Lack of secure update mechanism
- Use of insecure or outdated components
- Insufficient privacy protection
- Insecure data transfer and storage
- Lack of device management
- Insecure default settings
- Lack of physical hardening
Module 42:
Building Trusted identities, data and connectivity
Module 43:
Ensuring Privacy and Confidentiality
Module 44:
Web Server/ Application Interface
Module 45:
Feature based Penetration Testing

- Profile based
Module 46:
OWASP TOP 10 for Web Application Security

- Injection
- Broken Authentication
- Broken Authentication
- XML External Entities
- Broken Access Control
- Security Misconfiguration
- Cross-Site Scripting (XSS)
- Insecure Deserialization
- Using Components With Known Vulnerabilities
- Insufficient Logging And Monitoring
Module 47:
Security Management of IoT
Module 48:
Threat Monitoring and Mitigations (Secure design changes verification)
Module 49:
Device Security
Module 50:
Protect Data traffic and Storage
Module 51:
Integrate cryptographic modules in IoT systems
Module 52:
SDLC (Software Development Life Cycle)
Module 53:
Embedded Product – Secure Development Practices and Source Code Review
Module 54:
Secure Coding Practices WRT

- User Access Management,
- Device IP management
Module 55:
Explore Cloud Security in your IoT system
Module 56:
Conclusion and Discussion

Who can attend this training program?

IoT Security Enthusiasts
Security Professionals and Penetration Testers
Embedded Developers


Harshad Shah (Founder & CEO)

Globally recognized as the "Penetration Tester" and "Computer Forensics Investigator." Being a member of the International Council of Hacker Association in the United States of America(USA), he is here for substantially improving the ability of cybersecurity in India as well as global and to defend its critical cybercrimes. Renowned International Hacking Conference Speaker and hold 50+ Certification in Penetration Testing include SANS, Offensive Security, RedHat, EC-Council, ISC2, ISACA, etc. He is also working with Government agencies like Army, Air Force, Navy, and other Intelligence Defense.

Course Pricing

All prices in Indian rupee and US dollars.
IoTHS training + courseware + exam certification
50,000 + 18% (GST) = 59,000 INR | 800 USD

Explore and Secure IoT Devices at Industry Level

Inquire Now
Visit Us
Follow Me
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram