Expl-iot: IoT Security Testing Framework
Action | Key |
---|---|
Play / Pause | K or space |
Mute / Unmute | M |
Toggle fullscreen mode | F |
Select next subtitles | C |
Select next audio track | A |
Show slide in full page or toggle automatic source change | V |
Seek 5s backward | left arrow |
Seek 5s forward | right arrow |
Seek 10s backward | shift + left arrow or J |
Seek 10s forward | shift + right arrow or L |
Seek 60s backward | control + left arrow |
Seek 60s forward | control + right arrow |
Decrease volume | shift + down arrow |
Increase volume | shift + up arrow |
Decrease playback rate | < |
Increase playback rate | > |
Seek to end | end |
Seek to beginning | beginning |
Share this media
Download links
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamWhen subscribed to notifications, an email will be sent to you for all added annotations.
Your user account has no email address.
Information on this media
After working on IoT security testing for a few years, we realized that there is a lot of time spent on learning and setting up different tools including hardware, radio and software. As the IoT technology is new there is no standard software to test most of the components and the tools available are either not mature yet or do only specific job. With this problem at hand we envisioned a software that would allow developers and researchers to automate most of the IoT security testing steps. We began our journey with writing a flexible and extendable framework that would help the community and us in writing quick IoT test cases and exploits. The objectives of the framework are:
- Easy of use
- Extendable
- Support for hardware, radio and IoT protocol analysis
We released the beta version (in ruby) of Expl-iot in 2017. Once we started implementing hardware and radio functionality, we realized that ruby does not have much support for hardware and radio analysis which led us to deprecate it and re-write it in python to support more functionality. We are currently working on the python3 version and will release it in a month or two. The new beta release is envisioned to have support for UART(serial), ZigBee, BLE, MQTT, CoAP (next version will have support for JTAG, I2C and SPI) and few miscellaneous test cases. This talk would give attendees a first-hand view of the functionality, how to use it and how to write plugins to extend the framework.
Aseem Jakhar
Aseem is the Director R&D at Payatu Software Labs LLP, a boutique security testing organization with specialization in IoT, embedded, mobile and cloud security. He is a speaker and trainer at international security conferences like Blackhat, Hack in Paris, Brucon, Hack in the box, Defcon, Zer0con, PHDays to name a few. He is also an open source developer and has written various open source security projects including - Indroid/Jugaad - Runtime Thread injection toolkit for Arm/x86, Dexfuzzer - A dumb fuzzer for dex files, DIVA Android - Damn Insecure and Vulnerable App for Android and Expliot framework. Sources: - Expliot (Ruby) - DIVA Android - Indroid - Jugaad - Dexfuzzer
Other media in the channel "2018"
- 115 views, 6 this year, 1 this monthGlassfish from (IN)Secure adminJuly 6th, 2018
- 161 views, 2 this yearShadow on the Wall - Risks and Flaws with ShadowsocksJuly 6th, 2018
- 57 views, 1 this yearOpen Hardware for (software) offensive securityJuly 6th, 2018
- 48 viewsFreedom Fighting Mode - Open Source Hacking HarnessJuly 6th, 2018
- 23 viewsIo(M)T Security: A year in reviewJuly 6th, 2018
- 46 views, 1 this yearIoT Honeypot, new types of attacksJuly 6th, 2018