A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


I don't give one IoTA: Introducing the Internet of Things Attack Methodology. - Larry Pesce Derbycon 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

I don't give one IoTA: Introducing the Internet of Things Attack Methodology.
Larry Pesce
Derbycon 2016

Attacking and assessing IoT can easily miss the forest for the trees. However we need to be comprehensive in our methodology and not end up down a rabbit hole; we need to know how the wind affects each tree, but also the forest as a whole. We even need to make sure we consider the trailer park adjacent to the forest, which may not be quite as resilient to a tornado. We're here to pass along a methodology for testing all of the components of any end-to end IoT solution; from end user hardware, proprietary and standards-based RF (Zigbee, Zwave, BLE/Bluetooth and all sorts of modulation), Wi-Fi, network protocols, mobile device applications (Android and iOS), internet-connected servers, web applications and databases. Come learn how to build a testing lab, investigate some testing tools, and how to apply to a real world test.

Larry Pesce is employed at InGuardians as the Director of Research. His history with hardware hacking began with the family TV when he was a kid, rebuilding it after it caught on fire. Both times. Later, as a web developer for a university in the early days of the Internet, he managed some of the first 3 Layer Switching Networks in the world. His core specialties include hardware and wireless hacking, architectural review, and traditional pentesting, often in the financial and energy sectors and healthcare. and IoT. In 2006, he co-founded the multiple international award-winning security podcast, "Paul's Security Weekly", which he continues to co-host. Alongside inspiring 150,000 downloads a month, Larry?s independent research for the show has led to interviews with the New York times with MythBuster?s Adam Savage, hacking internet-connected marital aids on stage at DEFCON, and having his RFID implant cloned on stage at Shmoocon. When not hard at work, Larry enjoys long walks on the beach weighed down by his ham radio, (callsign KB1TNF), and thinking of ways to survive the pending zombie apocalypse.


Back to Derbycon 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast