Documente Academic
Documente Profesional
Documente Cultură
for bug
bounties
Aditya GUPTA
Hello!
I am Aditya Gupta
I hack IoT devices for a living.
× Run Attify - pentesting IoT devices for × Have pentested over 150+ IoT devices so far
companies ranging from Startups to
Fortune 100s × Found “critical” vulnerabilities in close to 95% of
them
× Author of books - “Learning
Pentesting for Android Devices” and × Developed the “Offensive IoT Exploitation”
“IoT Hacker's Handbook” training course
× Easiest targets
× Be prepared!
× Less competition as of now
× Don’t just focus on one small part, rather look at the entire
solution
× Consists of 5 phases
× Attack Surface Mapping
× Hacking Firmware
× Quick demo?
× Find out JTAG interface
× Run
openocd -c “telnet_port 4444” -f badge.cfg -f target-chip.cfg
xx Smart home Password to decrypt JTAG & SPI giving full BLE replay, ZigBee
system fw and update URLs firmware access replay