PenTest: Security of Things - Pentestmag

PenTest: Security of Things

PenTest Security of Things 13 2017.pdf

Dear Readers, 

We would like to present you with our newest issue, that will focus on IoT security and pentesting. We hope that you will find many interesting articles inside the magazine and that you will have time to read them all.

This issue will starts with a practical tutorial where you can learn how to make your own botnet using Python and we will learn MQTT protocol to control devices related to automation. You will be introduced to firmware dumping and analysis, and be able to see why are IP Cameras still insecure. In the third tutorial we will highlight what can go wrong with IoT architecture and show a small demo. We also spoke with Aseem Jakhar who will show you his Expliot framework, that can be used on IoT systems for analysis. Moreover we prepared a few articles that will cover topics like Internet of Dangerous Things, and Industrial Internet of Things, based on real-life examples. You can also read a short story about a hacked pacemaker, and see what are the risks and challenges that the IoT field faces.

Last but not least, we present you with an article about using your Raspberry Pi as a Security Box using SweetSecurity open source project.

We would also want to thank you for all your support. We appreciate it a lot. If you like this publication you can share it and tell your friends about it! every comment means a lot to us.

Enjoy your reading,
PenTest Magazine's Editorial Team

If want to buy this magazine click here

Want to download free preview? Click Here 

Table of contents

Python for IOT: Make your own botnet and have fun with the MQTT protocol
by Adrian Rodriguez Garcia

In this article, we will introduce the world of Internet Of Things using Python, specifically, the device control from Microsoft Window and Android systems. Additionally, we will learn MQTT protocol to control devices related to automation. The topics addressed are as follows: Main attacks of 2017, build a botnet by indirect attack, build a botnet by direct attack, MQTT Protocol.

IoT Security Essentials 101
by Veerababu Penugonda

This article is going to explain about the current situation in IoT security, basic IoT Pentesting and firmware analysis, and insecure IoT devices, like an IP Camera. This is about educational purpose only.

IoT Penetration Testing
by Khaled Sakr
In this article, we will try as much as we can to highlight what can go wrong in IoT architecture, figure out our attack surfaces and show a small demo, so brace yourself.

The journey of Expliot
by Aseem Jakhar

Expliot (pronounced expl-IoT) is an open-source internet of things security testing, analysis and exploitation framework developed to automate security testing of IoT specific features including IoT protocols, hardware interfaces, radio communication, etc. I have recently released a beta version of the framework that includes a few test cases that can be used on IoT systems for analysis.

How IoT is becoming IoDT (Internet of Dangerous Things) for mankind
by Mohan Sekar and Rahul Jayachandran

This article talks about how technology brilliance can become risky or even life threatening to mankind if not secured properly.

Industrial Internet of Things/Industrial Control Systems Security
by Aditya Srivastava

With this article we’ll see how the Industrial Internet of Things began, what attacks it experienced. We’ll discuss the architecture of ICS in detail and problems that result in vulnerabilities and certain attack scenarios and, finally, we’ll discuss mitigation strategies that are possible and can be implemented in the near future.

Pwned: the story of heartbreak
by Veronica Schmitt

The increase of pace in the technology field has left the race for manufacturers to increase the security in medical devices. There is the theoretically possibility that your heart can be pwned. Pacemakers have become part of the internet of things. We are putting our hearts on display. In this article we explore the vulnerabilities of these devices.

Iot Security Risks & Challenges
by Ankit Giri

In this article I will highlight risks and challenges that the IoT branch faces, from hardware, web applications to insecure cloud and network in IoT devices.

Use Your Pi as a Security Box
by Mauricio Harley

This time, I bring you SweetSecurity, a very nice open source project intended to facilitate the installation of some neat tools whose purpose is to help administrators better manage their security environments. You’re going to use your Raspberry Pi as the security station! Cool, isn’t it? So, let’s get started and see what it can give us.

PenTest Security of Things 13 2017.pdf

July 23, 2021
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023