Module duration: 4 hours
Penetration testing is a manual activity performed by a security expert in order to evaluate the target security. The goal is to find previously unknown vulnerabilities, both in software and hardware. We present the main tasks covered during a penetration testing activity. Specifically, leveraging a vulnerable IoT device, we discuss the methodology and present several practical tools used for analysing a sample IoT device with an embedded Linux operating system.
The aim of this module is to guide the participants step by step into the work of a penetration tester, presenting which are his goals and the tools that he uses.
In this module, the participants follow step by step the work of a penetration tester, with all the questions asking himself and the corrispective answers. In particular, it covers:
• IoT penetration testing overview: its goals, how to perform a penetration test, and which is the output
• Practical hands-on demo: IoTGoat
This module is intended for everyone who wants to understand how penetration testers work, which are the tools that he needs and the goals that he reaches. This can be also addressed to inexperienced testers that want to improve their working technique.