A 3-to-5 days hands-on training
IoT/Embedded Security Training
Hands-on practice with thorough explanations, presentations, demos, small standalone exercises during the training.
Hands-on training for Team Leads, Embedded / Backend / Frontend Developers, System / Penetration Testers and Security / IoT / Embedded Consultants
Essential Topics Covered
At the end of the training you’ll be able to do the following:
Analyze the details of CVE/vulnerabilities through a critical-thinking process; categorize them according to CWEs; evaluate their severity and risk by computing their CVSS scores.
Understand what fuzzing (for security) is, how to use the tools and find actual vulnerabilities using fuzzing frameworks.
Understand how to use Wireshark to sniff on insecure communication protocols (e.g., clear-text username/passwords) to prove that protocol hardening is necessary for a given solution.
Learn how PKI (Public Key Infrastructure) and SSL/TLS work and how to leverage them in hardening an (IoT) communication protocol which may come insecure by default.
Learn what emulation is, how to emulate the firmware and find real vulnerabilities in real-world firmwares provided as examples.
Understand what is an embedded firmware, how to unpack firmware images and how to discover vulnerabilities in your own firmware or the ones from your favorite vendor.
Start using static and dynamic security analysis tools on your own projects, as well real-world examples provided during the training.
Learn how easy it is to find a buffer overflow vulnerability and how easy it is for an attacker to exploit such a vulnerability should it exist in your own project.
Target Audience
Security Consultants
that act as developers/ (penetration-)testers, or need to provide solutions for IoT and embedded devices that also must be secure
Developers
that design partial or full solutions for IoT and embedded devices and need a security angle to the problem
(Penetration) Testers
that perform testing of own products or products of their customers and need more expertise “security testing” for IoT and embedded devices
Team Leaders
managing said talent who want to understand the IoT/embedded security big picture (with its challenges and requirements) to better manage their teams and secure the products/solutions they are managing
Objectives
At the end of the training, you will be able to:
Understand and master the top 10 security issues for IoT solutions; map them to real-world use cases and your own projects.
Use PKI/SSL/TLS for protocol security hardening.
Configure and end-to-end secured IoT communication protocol such as MQTT.
Use fuzzing tools to speed-up the discovery of bugs and vulnerabilities.
Use emulation to emulate IoT/embedded devices for finding vulnerabilities in their firmware.
Use protocols sniffers for protocol security analysis.
Understand stack-based overflows, how to find them and exploit them.
Get comprehensive training for your team
Whether your team is just getting started or they are seasoned pros, custom Microsoft Azure training courses can help them obtain the knowledge and skills they need to be successful and confident.
Meet the Trainer
Andrei Costin
Independent security researcher
Dr. Andrei Costin is an Assistant Professor within the Cyber Security Group which is part of the Information Technology Faculty at the University of Jyvaskyla (Finland). He earned his Ph.D. degree at EURECOM/TelecomParisTech (France), where he developed internationally recognized research and expertise in the field of security of embedded and IoT devices and firmwares.
Andrei presented his research at more than 40 international computer security events including BlackHat, CCC, HITB and Usenix Security. His work was featured in numerous digital media publications, including respected media outlets such as Forbes, Wired, and TV France3.
During his career, he found and demonstrated multiple serious vulnerabilities within a wide range of embedded devices such as printers/MFPs, CCTV systems, pyrotechnic devices, and avionics/air-traffic control systems. For his responsible disclosure and discovered CVEs, Andrei was acknowledged in various security bulletins and “Hall of Fame” boards, including ones by the leading companies such as HP, Xerox, Google, and Microsoft.
Currently, Andrei develops cutting edge research and techniques related to embedded and IoT security and also guides towards success new generations of cyber security experts as part of his teaching for the master and bachelor programs at the University of Jyvaskyla.
Testimonials
“
Experienced hands-on and interesting courses.
Scrob Alexandru
Software Engineering Associate
“
Real-life examples, practical knowledge, learning by doing.
Anna Deák
Software Engineering Associate/Scrum Master
“
I got the opportunity to see how a software solution is usually attacked and what are the steps to increase it’s security.
János Puskás
Software Engineering Consultant
Prerequisites
The participants shouls have at least:
Familiarity with fundamental Computer Science terms
Familiarity with VM environments (VirtualBox, Vmware)
Familiarity with Linux environments
Basic development skills
Basic command-line skills
Basic understanding of ISO OSI model
Familiarity with troubleshooting, debugging
Hardware installation requirements:
Minimal 40 GB HDD free space
Minimal 4 GB RAM
Laptops CPU to support x86 32-bit VM images in VirtualBox
WiFi/LAN switch/router to provide connectivity for the laptops and development boards
NOTE: the more performing laptop specs, the better
Software installation requirements:
VirtualBox 5.x (latest)
SSH client (openssh-client or PuTTY)
SCP client (scp or WinSCP)
Download and unzip on the laptops the provided VM image(s)
When involving development boards (e.g., Raspberry Pi):
Cables and connectivity (e.g., HDMI monitors, USB keyboard/mouse, USB debug cables)
NOTE: varies based on boards, decided based on training needs
This training comes with an option that is highly recommended:
The use of development boards to demonstrate some of the main topics of the training. The nature and configuration of these boards may vary depending on the final agenda, but the usual setups involve a number of Raspberry Pi boards.
Get comprehensive training for your team
Whether your team is just getting started or they are seasoned pros, custom Microsoft Azure training courses can help them obtain the knowledge and skills they need to be successful and confident.