We would like to present you with our newest issue, that will focus on IoT security and pentesting. We hope that you will find many interesting articles inside the magazine and that you will have time to read them all.
This issue will starts with a practical tutorial where you can learn how to make your own botnet using Python and we will learn MQTT protocol to control devices related to automation. You will be introduced to firmware dumping and analysis, and be able to see why are IP Cameras still insecure. In the third tutorial we will highlight what can go wrong with IoT architecture and show a small demo. We also spoke with Aseem Jakhar who will show you his Expliot framework, that can be used on IoT systems for analysis. Moreover we prepared a few articles that will cover topics like Internet of Dangerous Things, and Industrial Internet of Things, based on real-life examples. You can also read a short story about a hacked pacemaker, and see what are the risks and challenges that the IoT field faces.
Last but not least, we present you with an article about using your Raspberry Pi as a Security Box using SweetSecurity open source project.
We would also want to thank you for all your support. We appreciate it a lot. If you like this publication you can share it and tell your friends about it! every comment means a lot to us.
Enjoy your reading,
PenTest Magazine’s Editorial Team
Table of contents
Python for IOT: Make your own botnet and have fun with the MQTT protocol
by Adrian Rodriguez Garcia
In this article, we will introduce the world of Internet Of Things using Python, specifically, the device control from Microsoft Window and Android systems. Additionally, we will learn MQTT protocol to control devices related to automation. The topics addressed are as follows: Main attacks of 2017, build a botnet by indirect attack, build a botnet by direct attack, MQTT Protocol.
IoT Security Essentials 101
by Veerababu Penugonda
This article is going to explain about the current situation in IoT security, basic IoT Pentesting and firmware analysis, and insecure IoT devices, like an IP Camera. This is about educational purpose only.
IoT Penetration Testing
by Khaled Sakr
In this article, we will try as much as we can to highlight what can go wrong in IoT architecture, figure out our attack surfaces and show a small demo, so brace yourself.
The journey of Expliot
by Aseem Jakhar
Expliot (pronounced expl-IoT) is an open-source internet of things security testing, analysis and exploitation framework developed to automate security testing of IoT specific features including IoT protocols, hardware interfaces, radio communication, etc. I have recently released a beta version of the framework that includes a few test cases that can be used on IoT systems for analysis.
How IoT is becoming IoDT (Internet of Dangerous Things) for mankind
by Mohan Sekar and Rahul Jayachandran
This article talks about how technology brilliance can become risky or even life threatening to mankind if not secured properly.
Industrial Internet of Things/Industrial Control Systems Security
by Aditya Srivastava
With this article we’ll see how the Industrial Internet of Things began, what attacks it experienced. We’ll discuss the architecture of ICS in detail and problems that result in vulnerabilities and certain attack scenarios and, finally, we’ll discuss mitigation strategies that are possible and can be implemented in the near future.
Pwned: the story of heartbreak
by Veronica Schmitt
The increase of pace in the technology field has left the race for manufacturers to increase the security in medical devices. There is the theoretically possibility that your heart can be pwned. Pacemakers have become part of the internet of things. We are putting our hearts on display. In this article we explore the vulnerabilities of these devices.
Iot Security Risks & Challenges
by Ankit Giri
In this article I will highlight risks and challenges that the IoT branch faces, from hardware, web applications to insecure cloud and network in IoT devices.
Use Your Pi as a Security Box
by Mauricio Harley
This time, I bring you SweetSecurity, a very nice open source project intended to facilitate the installation of some neat tools whose purpose is to help administrators better manage their security environments. You’re going to use your Raspberry Pi as the security station! Cool, isn’t it? So, let’s get started and see what it can give us.