In-depth offensive IoT exploitation training

IoT or the Internet of Things is one of the most upcoming trends in technology as of now. Many new devices are coming up every single month. "Offensive IoT Exploitation" is a brand new and unique course which offers IT professionals the ability to assess and exploit the security of these smart devices. The training will cover different varieties of IoT devices, assessing their attack surfaces and writing exploits for them. The class will be hands-on giving attendees the ability to try things themselves rather than just watching the slides.


After the class, the attendees will be able to:

  • Extract and analyze device firmwares
  • Debug and Disassemble binaries
  • Exploit UART, SPI, I2C and JTAGs
  • JTAG debugging, exploitation
  • Dump firmware through various techniques
  • Debug hardware and software
  • Analyze security of MQTT, CoAP and M2MXML protocols
  • Attack cloud and mobile component of an IoT device
  • Sniff, Replay, MITM and Attack Radio communications
  • BLE and Zigbee exploitation
  • ARM and MIPS Reversing
  • Conventional and Un-conventional attack techniques
  • Side Channel Attacks (Clock, Vcc glitching, breaking crypto)
  • Write exploits for the platforms and more.

All the above mentioned topics are taught with an extremely hands-on lab based practical sessions.


  • IoT devices
  • Attify's IoT pentesting VM
  • Printed Lab reference material and handouts
  • 600+ slides (PDF Copy)
  • Hardware Hacking Kit to use during the training


  • IoT Security Enthusiasts
  • Security Professionals and Penetration Testers
  • Embedded Developers


Aditya Gupta is the founder and principal consultant of Attify, an IoT and mobile penetration testing and training firm, and a leading IoT security expert and evangelist. He has done a lot of in-depth research on mobile application security and IoT device exploitation.

He is the author of many popular books such as "Learning Pentesting for Android Devices" and upcoming books on IoT Exploitation. He has discovered serious web application security flaws in websites such as Google, Facebook, PayPal, Apple, Microsoft, Adobe and many more.

In his previous roles, he has worked on mobile security, application security, network penetration testing, developing automated internal tools to prevent fraud, finding and exploiting vulnerabilities and soon. He is a frequent speaker and trainer at numerous international security conferences.