Packt+ | Advance your knowledge in tech

0

All Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

IoT Penetration Testing Cookbook

You're reading from IoT Penetration Testing Cookbook Identify vulnerabilities and secure your smart devices

Product type Paperback

Published in Nov 2017

Publisher Packt

ISBN-13 9781787280571

Length 452 pages

Edition 1st Edition

Languages

Python

Tools

Burp Suite

Concepts

Penetration Testing

Table of Contents (19) Chapters

Title Page

Credits

About the Authors

About the Reviewers

www.PacktPub.com

Customer Feedback

Dedication

Preface

1. IoT Penetration Testing FREE CHAPTER

2. IoT Threat Modeling

3. Analyzing and Exploiting Firmware

4. Exploitation of Embedded Web Applications

5. Exploiting IoT Mobile Applications

6. IoT Device Hacking

7. Radio Hacking

8. Firmware Security Best Practices

9. Mobile Security Best Practices

10. Securing Hardware

11. Advanced IoT Exploitation and Security Automation

Exploiting command injection

In embedded systems, OS command injection is a vulnerability most commonly via a web interface or debug page left from development firmware builds in order to execute arbitrary operating system commands. The user supplies operating system commands within a web service parameter through a web interface in order to execute OS commands. A parameter that is dynamic and not properly sanitized is subject to this vulnerability being exploited. With the ability to execute OS commands, an attacker can upload malicious firmware, change configuration settings, gain persistent access to the device, obtain passwords, attacker other devices in a network, or even lock out legitimate users from the device. In this recipe, we will demonstrate how to exploit command injection to gain shell access to a device.

Getting ready

For this recipe, we will use tcpdump, Burp Suite, and a vulnerable IHOMECAM ICAM-608 IP camera. Tcpdump is included in most *Nix operating systems but Wireshark...

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $15.99/month. Cancel anytime

Other recommended products

Related to this chapter

Practical Security Automation and Testing

Practical Security Automation and Testing

Security automation is the automatic handling of software security assessments tasks. This book helps you to build your security automation framework to scan for vulnerabilities without human intervention.

Feb 2019 8h 32m

Hands-On Security in DevOps

Hands-On Security in DevOps

Hands-On Security in DevOps explores how the techniques of DevOps and Security should be applied together to make cloud services safer. By the end of this book, readers will be ready to build security controls at all layers, monitor and respond to attacks on cloud services, and add security organization-wide through risk management and training.

Jul 2018 11h 52m

Burp Suite Cookbook

Burp Suite Cookbook

The purpose of the Burp Suite Cookbook is to provide web application penetration testers with hands-on examples of how to use Burp Suite to perform web assessments. The book gives detailed screenshots demonstrating how to perform various attacks in Burp including Cross-site Scripting (XSS), SQL Injection, Cross-site Request Forgery, XML External Entity (XXE), and many more.

Sep 2018 11h 56m

Practical Internet of Things Security

Practical Internet of Things Security

This book will take you on a journey that begins with understanding the IoT and how it can be applied in various industries, goes on to describe the security challenges associated with the IoT, and then provides a set of guidelines to architecting and deploying a secure IoT in your enterprise. The book showcases how the IoT is implemented in early-adopting industries and describes how lessons can be learned and shared across diverse industries to support a secure IoT.

Nov 2018 12h 44m

Network Vulnerability Assessment

Network Vulnerability Assessment

Being able to identify security loopholes has become critical to many businesses. That's where learning network security assessment becomes very important. This book will not only show you how to find out the system vulnerabilities but also help you build a network security threat model.

Aug 2018 8h 28m

Hands-On Application Penetration Testing with Burp Suite

Hands-On Application Penetration Testing with Burp Suite

Using Burp Suite, you can quickly build proof of concepts, extract data via an exploit, attack multiple end points in an application and even begin to script complex multi stage attacks. This book will provide a hands-on coverage on how you can get started with executing an application penetration test and be sure of the results.

Feb 2019 12h 12m

Kali Linux Web Penetration Testing Cookbook

Kali Linux Web Penetration Testing Cookbook

Kali Linux is the most popular open-source penetration toolkit used for effective web penetration testing. This book will teach you, in the form of step-by-step recipes, how to detect a wide array of vulnerabilities, exploit them to analyze their consequences, and ultimately buffer attackable surfaces so applications are more secure.

Aug 2018 13h 28m

Practical Hardware Pentesting

Practical Hardware Pentesting

Hardware security has become a major concern in recent times making it crucial for companies and end users to focus on protecting hardware. If you're a security practitioner who is more familiar with software and binary hacking or someone looking to repurpose devices, this book will demonstrate how to approach hardware hacking of embedded devices.

Apr 2021 12h 44m

Advanced Infrastructure Penetration Testing

Advanced Infrastructure Penetration Testing

This book is a hands-on experience and a comprehensive understanding of advanced penetration testing techniques and vulnerability assessment and management. It takes you far beyond common techniques to compromising complex network devices , modern operating systems and help you secure high security environments.

Feb 2018 13h 12m

Learning Android Forensics

Learning Android Forensics

This book will introduce you to Android forensics helping you to set up a forensic environment, handle mobile evidence, analyze how and where common applications store their data. You will also learn to identify malware on a device, and how to analyze it.

Dec 2018 10h 56m

Bug Bounty Hunting Essentials

Bug Bounty Hunting Essentials

Bug Bounty hunting is a new method which companies use to test their applications. There is no dedicated methodology in place right now to help researchers upskill themselves and become bug bounty hunters, that is why there is ambiguity as to what the field is about, the book solves that problem. The book allows readers to train themselves as bug bounty hunters to excel in the field of application security.

Hands-On Bug Hunting for Penetration Testers

Hands-On Bug Hunting for Penetration Testers

Bug bounties have quickly become a critical part of the security economy. This book shows you how technical professionals with an interest in security can begin productively—and profitably—participating in bug bounty programs.

Sep 2018 8h 20m

Personalised recommendations for you

Based on your interests and search pattern

Cloud Security Handbook

Cloud Security Handbook

This book provides complete coverage of every cloud security aspect—from initial design to ongoing maintenance. Packed with best practices, it helps you smoothly transition to the public cloud, while keeping your environments secure and compliant.

Apr 2025 16h 4m

CompTIA CySA+ (CS0-003) Certification Guide

CompTIA CySA+ (CS0-003) Certification Guide

Prepare for CompTIA CySA+ (CS0-003) exam with this study guide—covering security ops, incident response, and vulnerability management in depth to level up your cybersecurity career. Includes exam-style questions, 2 practice tests, and flashcards.

Apr 2025 24h 44m

Cyber Security Kill Chain - Tactics and Strategies

Cyber Security Kill Chain - Tactics and Strategies

Learn how the cyber kill chain, a structured model that outlines the stages of a cyberattack, guides you through understanding threat actor behaviors and bolstering their ability to defend against evolving cyber threats.

May 2025 10h 16m