Today I attended a webinar hosted by EH.net: Basics of IoT Hacking  for the Career Pen Tester with guest Jacob Holcomb of Independent  Security Evaluators (ISE).  A key takeaway for me was to watch how the  binwalk tool can be used to extract and review IOT firmware packages.

IoT is not only a hot buzzword, but the sheer number of devices  shows that it’s living up to the hype. The benefits can be a game  changer for any organization. But at the pace with which the technology  is being adopted, we as security professionals know all too well what  happens when speed to market is the highest priority. As Trinity said,  “You have been down there, Neo. You know that road. You know exactly  where it ends. And I know that’s not where you want to be.” On the other  hand, this gives us a huge opportunity in the field of IoT security  research and bug hunting.
IoT devices are beautiful not only because of their capabilities in  such a small package, but also because they are a wonderful merging of  several technologies. But with each new added feature, the attack  surface gets that much bigger. And anywhere there’s a way in for an  attacker, there’s alsoIndependent Security Evaluators (ISE)Independent  Security Evaluators (ISE) a paying gig for a security professional…  before, during and after a product is released.
Join the experts from Independent Security Evaluators (ISE), the  people that bring you IoT Village at DEF CON, DerbyCon, RSA and many  others, as they guide you through the inner workings of this great field  of ethical hacking with a live demo, discussing career paths, and  additional resources to keep you educated in this rapidly changing  industry. From those in the maker movement to InfoSec professionals, IoT  hacking isn’t just a fun skill, but a lucrative one! Agenda for “Basics of IoT Hacking for the Career Pen Tester”:
Intro by Don Donzal, EH-Net Editor-in-Chief     Presentation by Jacob Holcomb, Principal Security Analyst @ ISE         About Jake & ISE         Understand the process of finding vulnerabilities within IoT devices.         Common classes of vulnerabilities which plague IoT devices & How to exploit them         Attack Vectors             Hardware / Firmware             Applications (i.e., Native, WebApps)             Network (i.e., Ethernet, Wireless)             Cloud         Building Your Skillset         Live Demo         Career Opportunities             Secure Software Developer             Network Penetration Tester             Security Analyst or Bug Hunter     Q&A     Post Game on EH-Net in the “IoT Group“
Jacob Holcomb (AKA Gimppy) is the principal researcher on several  pieces of ISE research, including the landmark publication SOHOpelessly  Broken, which discovered over 50 new 0-day vulnerabilities in network  routers and served as the foundation for the first-ever router hacking  contest at DEFCON. He is skilled in penetration testing, application  security, network security, and exploit research and development. A  highly regarded speaker, he has presented at security conferences such  as BlackHat USA, BlackHat Europe, DEFCON, DerbyCon, BSidesDC, and many  others. In addition to projects at work, coding, and his favorite  pastime of EIP hunting, Jacob loves to hack his way through the  interwebz and has responsibly disclosed dozens of 0-day vulnerabilities  in commercial products and services.