Talk With an Expert
Talk With an Expert

SEC556: IoT Penetration Testing

SEC556Offensive Operations
  • 3 Days (Instructor-Led)
  • 18 Hours (Self-Paced)
Course authored by:Larry Pesce & James Leyte-Vidal
Course authored by:Larry Pesce & James Leyte-Vidal
  • 18 CPEs

    Apply your credits to renew your certifications

  • Virtual Live Instruction or Self-Paced

    Train from anywhere. Attend a live instructor-led course remotely or train on your time over 4 months.

  • 13 Hands-On Lab(s)

    Apply what you learn with hands-on exercises and labs

Jump to:

SEC556 equips security professionals with comprehensive skills to identify, assess, and exploit IoT device security mechanisms across diverse technological ecosystems.

Featured Quote

This course is perfect to learn essential contents of IoT pen testing.
Junya FujitaHitachi

Course Overview

SEC556 is an IoT hacking course that facilitates examining the entire IoT ecosystem, helping you build the vital skills needed to identify, assess, and exploit basic and complex security mechanisms in IoT devices. This course gives you tools, hands-on techniques, and a strategic framework for comprehensively evaluating IoT device security, exploring vulnerabilities across network layers, firmware, hardware, and application interfaces.

What You’ll Learn

  • Assess IoT network controls comprehensively
  • Investigate hardware interaction points
  • Uncover firmware vulnerabilities
  • Analyze wireless technology weaknesses
  • Manipulate Bluetooth Low Energy devices
  • Reverse-engineer unknown radio protocols
  • Automate security testing methodologies

Business Takeaways

  • Faster detection of real threats
  • Maximized ROI on existing tools
  • Develops In-house threat detection expertise
  • Defensive coverage against modern tactics
  • Operational confidence and retention
  • Alignment with security goals and audit requirements

Meet Your Authors

  • Slide 1 of 2
    Larry Pesce
    Larry Pesce

    Larry Pesce

    Senior Instructor

    Larry has revolutionized embedded device security with decades of hands-on offensive research, co-authoring SANS's flagship wireless and IoT penetration testing courses, and pioneering SBOM exploitation techniques for supply chain defense strategies.

    Read more about Larry Pesce
  • Slide 2 of 2
    James Leyte-Vidal
    James Leyte-Vidal

    James Leyte-Vidal

    Principal Instructor

    James Leyte-Vidal, GSE #209, has shaped offensive cybersecurity through decades of frontline innovation, authoring Ethical Password Cracking and leading Fortune 100 InfoSec teams to elevate global cyber defense.

    Read more about James Leyte-Vidal
Slide 1 of 0

Course Syllabus

Explore the course syllabus below to view the full range of topics covered in SEC556: IoT Penetration Testing.

Section 1Introduction to IoT Network Traffic and Web Services

This section introduces IoT security challenges, focusing on testing methodologies applicable across diverse implementations. Students explore network reconnaissance, web application vulnerabilities, and API interaction techniques. The curriculum emphasizes practical strategies for identifying and exploiting IoT network and web-based vulnerabilities.

Topics covered

  • Course methodology introduction
  • IoT testing framework
  • Network discovery techniques
  • Web service reconnaissance
  • Vulnerability exploitation strategies

Labs

  • Wireshark network analysis
  • IoT device network scanning
  • Web portal vulnerability assessment
  • API interaction and exploitation
  • Command injection techniques

Section 2Exploiting IoT Hardware Interfaces and Analyzing Firmware

Students will learn advanced hardware testing techniques, including device deconstruction, communication interface analysis, and firmware recovery. The section covers destructive and non-destructive testing methodologies, focusing on identifying hardware vulnerabilities and extracting critical system information.

Topics covered

  • Hardware testing fundamentals
  • Device disassembly techniques
  • Communication port identification
  • Firmware analysis methodologies
  • Filesystem exploitation

Labs

  • Device specification analysis
  • Serial and SPI communication sniffing
  • Firmware recovery techniques
  • Filesystem exploration
  • Hardware component identification

Section 3Exploiting Wireless IoT: WiFi, BLE, Zigbee, LoRA, and SDR

This section explores wireless technologies prevalent in IoT ecosystems, providing comprehensive techniques for traffic capture, network access, and device compromise. Students will gain expertise in analyzing standard and proprietary wireless communication protocols.

Topics covered

  • WiFi security assessment
  • Bluetooth Low Energy vulnerabilities
  • Zigbee protocol analysis
  • LoRA communication techniques
  • Software-Defined Radio exploration

Labs

  • WiFi network cracking
  • Bluetooth Low Energy interaction
  • Zigbee traffic analysis
  • Wireless replay attacks

Things You Need To Know

Relevant Job Roles

Vulnerability Analysis (OPM 541)

NICE: Protection and Defense

Responsible for assessing systems and networks to identify deviations from acceptable configurations, enclave policy, or local policy. Measure effectiveness of defense-in-depth architecture against known vulnerabilities.

Explore learning path

Application Pen Tester

Offensive Operations

Application penetration testers probe the security integrity of a company’s applications and defenses by evaluating the attack surface of all in-scope vulnerable web-based services, clientside applications, servers-side processes, and more. Mimicking a malicious attacker, app pen testers work to bypass security barriers in order to gain access to sensitive information or enter a company’s internal systems through techniques such as pivoting or lateral movement.

Explore learning path

Cyber Operations Planner (DCWF 332)

DoD 8140: Cyber Effects

Coordinates cyber operations plans, working with analysts and operators to support targeting and synchronization of actions in cyberspace.

Explore learning path

Red Teamer

Offensive Operations

In this role you will be challenged to look at problems and situations from the perspective of an adversary. The focus is on making the Blue Team better by testing and measuring the organization’s detection and response policies, procedures, and technologies. This role includes performing adversary emulation, a type of Red Team exercise where the Red Team emulates how an adversary operates, following the same tactics, techniques, and procedures (TTPs), with a specific objective similar to those of realistic threats or adversaries. It can also include creating custom implants and C2 frameworks to evade detection.

Explore learning path

Systems Testing and Evaluation (OPM 671)

NICE: Design and Development

Responsible for planning, preparing, and executing system tests; evaluating test results against specifications and requirements; and reporting test results and findings.

Explore learning path

Course Schedule & Pricing

Looking for Group Purchasing Options?Contact Us

OnDemand Bundle

When purchasing a live, instructor-led course, add 4 months of online access. View price in the info icons below.

SANS Skills Quest by NetWars Core Edition

Add 6 months of hands-on skills practice. Add to your cart when purchasing your course.

  • Location & instructor

    Virtual (OnDemand)

    Instructed by
    Date & Time
    OnDemand (Anytime)Self-Paced, 4 months access
    Course price
    5,250ドル USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Virtual (live)

    Instructed by
    Date & Time
    Fetching schedule..View event details
    Course price
    5,250ドル USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Virtual (live)

    Instructed by
    Date & Time
    Fetching schedule..View event details
    Course price
    5,250ドル USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Virtual (live)

    Instructed by
    Date & Time
    Fetching schedule..View event details
    Course price
    4,935ドル EUR*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Virtual (live)

    Date & Time
    Fetching schedule..View event details
    Course price
    4,935ドル EUR*Prices exclude applicable local taxes
    Registration Options
Showing 5 of 5

Learn Alongside Leading Cybersecurity Professionals From Around The World

  • Slide 1 of 2
    I really liked the firmware dumping hardware-based stuff, followed by the Bluetooth BLE and SDR exercises. I had not done this before and it was taught well enough that I could go out into the field and do them again.
    Caleb JarenMicrosoft
  • Slide 2 of 2
    The labs work well for bringing concepts home and making them real. The work done to scale/virtualize them and make them repeatable is amazing.
    Lee NeelyLawrence Livermore National Laboratory
Slide 1 of 0

Benefits of Learning with SANS

Instructor teaching to a class

Get feedback from the world’s best cybersecurity experts and instructors

OnDemand Mobile App

Choose how you want to learn - online, on demand, or at our live in-person training events

Resources

Get access to our range of industry-leading courses and resources

AltStyle によって変換されたページ (->オリジナル) /