You're reading from Practical Hardware Pentesting A guide to attacking embedded systems and protecting them against the most common hardware attacks

Product type Paperback

Published in Apr 2021

Publisher Packt

ISBN-13 9781789619133

Length 382 pages

Edition 1st Edition

Tools

Embedded Systems

Concepts

Embedded Systems

Author (1):

Jean-Georges Valle

View More author details

Table of Contents (20) Chapters

Preface

1. Section 1: Getting to Know the Hardware

2. Chapter 1: Setting Up Your Pentesting Lab and Ensuring Lab Safety FREE CHAPTER

3. Chapter 2: Understanding Your Target

4. Chapter 3: Identifying the Components of Your Target

5. Chapter 4: Approaching and Planning the Test

6. Section 2: Attacking the Hardware

7. Chapter 5: Our Main Attack Platform

8. Chapter 6: Sniffing and Attacking the Most Common Protocols

9. Chapter 7: Extracting and Manipulating Onboard Storage

10. Chapter 8: Attacking Wi-Fi, Bluetooth, and BLE

11. Chapter 9: Software-Defined Radio Attacks

12. Section 3: Attacking the Software

13. Chapter 10: Accessing the Debug Interfaces

14. Chapter 11: Static Reverse Engineering and Analysis

15. Chapter 12: Dynamic Reverse Engineering

16. Chapter 13: Scoring and Reporting Your Vulnerabilities

17. Chapter 14: Wrapping It Up – Mitigations and Good Practices

18. Assessments

19. Other Books You May Enjoy

Chapter 1: Setting Up Your Pentesting Lab and Ensuring Lab Safety

Embedded systems, in the broadest definition of the term, are all around us in our everyday lives (examples being our phones, our routers, our watches, our microwaves, and more). They all have a small computer inside them and take care of very critical aspects of our lives, and also collect and protect data that is very critical to us. Sadly, the embedded system industry is lagging behind the usual computing industry in terms of security. In the last 10 years, we have seen examples of how this lack of security in these kinds of systems can lead to very tangible impacts on the real world (for example, the Mirai botnet; the Stuxnet virus; a wave of attacks against routers; some countries stealing other countries' drones by spoofing the Global Positioning System (GPS); and so on). This is why it is very important to train more and more people on how to find problems in these kinds of systems, not only because the problems are already here but also because there will be more and more such systems, and their ever-growing number will manage more and more crucial aspects of our lives (think about autonomous vehicles; drone delivery; robots to assist the elderly; and so on).

Helping you start with assessing the security of these kinds of systems is the first goal of this book. The second goal of this book is that you have fun while you learn because testing these kinds of systems is going to be interesting, and I take great pleasure in making the learning process enjoyable for you. You may ask yourself: How is it going to be fun for me? For me, it is because you are messing with the most trusted part of the system: the hardware. Not only you are messing with the most fundamental elements of the system, but you also are in direct contact with it; you will be soldering, drilling, scrapping, and touching the system to pop a shell! You will not only code to compromise your target system, but (hopefully rarely) the blood, sweat, and tears will not be figurative!

In this chapter, you will learn how to set up your lab, from a simple, low investment suitable for learning at home up to a professional testing environment. This chapter will get you up to speed on how to invest your money efficiently to achieve results and, most importantly, how not to kill yourself on the job.

The following topics will be covered in this chapter:

The basic things you will need to get started
The different types of (common) tools available for your labs, what to get, and at which point
The approach to acquiring test equipment, and the difference between a company and a home lab
Basic items you will want in a lab, what they are, what are their uses, and the approach to setting up a lab
Examples of ramping up your lab: basic, medium, and professional labs