Embedded Device Security Assessments For The Rest Of Us
The Internet of Things has grown large enough to affect us all in a variety of ways (both positively and negatively!). Whether you are a penetration tester or working in IT security for your organization, you've encountered an embedded device (or 10) that likely contains vulnerabilities. The challenges we all face is how to assess the security of these devices accurately, efficiently, and thoroughly. If you've wondered how much damage attackers can do with devices such as printers, wireless routers, thermostats, TVs, and even Wi-Fi-enabled treadmills, look no further than this course. If you've wondered just how to test "The Internet of Things" for security without crashing the device and uncover its hidden secrets, this course will satisfy your curiosity. The goal of this course is to enable you to uncover embedded system's vulnerabilities as part of your duties as a security professional.
You Will Learn:
- Popular methods of firmware layout, how firmware is built, and customizing firmware for common embedded systems platforms
- How to uncover common firmware vulnerabilities in popular embedded systems quickly and safely and integrate these methods into your testing methodology
- Effectively assess the risk of embedded systems in the course of your penetration testing and/or duties as an IT security professional
- Defend against attacks against embedded systems in your environment and create actionable and reasonable recommendations to clients and/or management on how to appropriately secure embedded systems
- Engage embedded systems vendors in the processes of embedded device security, from development, implementation to end user awareness
|HST.1: Understanding Embedded Systems & Firmware|
The first day of this course will take a look at the embedded systems landscape, the different types of devices, various industries which use them, and some common embedded hardware and software platforms. While there are several different types of embedded systems, there are certain commonalities that are important to point out. Firmware layout will be covered in-depth, allowing you to understand the popular ways in which firmware is constructed, such that you can apply that knowledge to all different types of devices. We will also run labs to analyze firmware components and run firmware in emulation mode; setting you up to do some further analysis.
CPE/CMU Credits: 6
Module 1: What is an embedded system?
Module 2: What is firmware?
Module 3: Analyzing Firmware Offline
|HST.2: Attacking & Securing Embedded Systems|
Day 2 of this course will focus on more in-depth means of vulnerability identification. We will review some of the common file system types and extract them from firmware. Mounting the file system is the first step, as once mounted you will learn ways in which to discover more vulnerabilities and information about the device. Building on your skills learned in this course we will extract and run binaries from the firmware. Web applications will also be covered, allowing the students to learn and develop attacks specific to web applications running on embedded systems. The day will come to a close with a discussion of defensive techniques organizations and vendors can implement to apply more security to embedded systems.
CPE/CMU Credits: 6
Analyzing Firmware: More In-Depth
Web Applications & Embedded Systems
Defensive Recommendations for Embedded Systems Security
VMware Player or VMware Workstation is required for the class. If you plan to use a Macintosh, please make sure you bring VMware Fusion.
The course includes a VMware image file of a guest Linux system that is larger than 2 GB. Therefore, you need a file system with the ability to read and write files that are larger than 2 GB, such as NTFS on a Windows machine.
IMPORTANT NOTE: You will also be required to disable your anti-virus (or any other host-based protection) tools temporarily for some exercises, so make sure you have the anti-virus administrator permissions to do so. DO NOT plan on just killing your anti-virus service or processes because most anti-virus tools still function even when their associated services and processes have been terminated. For many enterprise-managed clients, disabling your anti-virus tool may require a different password than the Administrator account password. Please bring that administrator password for your anti-virus tool.
Enterprise VPN clients may interfere with the network configuration required to participate in the class. If your system has an enterprise VPN client installed, you may need to uninstall it for the exercises in class.
You will use VMware to run a Linux operating system simultaneously when performing exercises in class. You must have either the free VMware Player 3 or later or the commercial VMware Workstation 6 or later installed on your system prior to coming to class.
Alternatively, if you want a more flexible and configurable tool, you can download a free 30-day trial copy of VMware Workstation. VMware will send you a time- limited license number for VMware Workstation if you register for the trial at their Web site. No license number is required for VMware Player.
We will give you a USB full of attack tools to experiment with during the class and take home for later analysis. We will also provide a Linux image with all of our tools pre-installed that runs within VMware Player or VMware Workstation.
You do not need to bring a Linux system if you plan to use our Linux image in VMware. However, you are required to bring VMware Workstation or VMware Player. The class does not support VirtualPC or other non-VMware virtualization products.
Mandatory Laptop Hardware Requirements
During the workshop, you will be required to connect to a network with your classmates (which could be one of the most hostile networks on planet Earth!) Your laptop might be attacked, despite our script warnings that students refrain from this activity. Do not have any sensitive data stored on the system. SANS and/or SANS instructors are not responsible for your system if someone in the class attacks it in the workshop.
By bringing the right equipment and preparing in advance, you can maximize what you'll see and learn as well as have a lot of fun.
If you have additional questions about the laptop specifications, please contact firstname.lastname@example.org.
|Who Should Attend|
|What You Will Receive|
|You Will Be Able To|
|What To Take Next?|
Courses that Lead-in
Courses that are Pre-reqs
Course that are good follow-ups
- http://wiki.pauldotcom.com/wiki/index.php/EmbeddedDevices (Collection of resources, tips, tricks, papers and presentations)
- http://www.amazon.com/Linksys-WRT54G-Ultimate-Hacking-Asadoorian/dp/1597491667 (Linksys WRT54G Ultimate Hacking)
Take your learning beyond the classroom. Explore our site network for additional resources related to this course's subject matter.
*CPE/CMU credits not offered for the SelfStudy delivery method