Penetration Testing

IoT Product Penetration Testing Onsite Anywhere Across the USA 6+

Months Job Description:

Perform OSINT against the target device, such as reviewing the vendor website or FCC filing information Analyze network services listening on the system Identify external I/O ports on the device (USB, Ethernet, etc.) Safe device disassembly, and familiar with tamper-evident controls Identify internal I/O ports on the device (UART, JTAG, etc. on the PCB) Identify internal chips on the PCB (CPU, RAM, flash memory, radios, etc.) Interface with low-level communications (UART, JTAG, SPI, I2C, etc.) Acquire/extract and analyze firmware packages Identify hard-coded credentials on the system Understanding of Secure Boot and firmware signing Analyze the device boot sequence, interrupt the boot process, and change boot parameters or boot external media Conduct network Man-in-the-Middle attacks to analyze inbound/outbound communications SSL validation attacks (improper certificate validation, etc.) Analyze and attack 802.11 WiFi and BLE communications Privilege escalation techniques on the device OS Chain vulnerabilities together to show impact of a compromised device to the client Document the findings observed, attack scenarios performed, and associated risks Consultant must have their own tools/hardware for these skills; we do not have any extras that we can loan out These skills would be bonus, but not required: Familiar with modern DMA attacks (via PCI, M.2, etc.) Experience with TPM and attacks against Full Disk Encryption Familiar with reverse engineering of embedded binaries Familiar with WebApp API testing Familiar with ZigBee wireless communications and attacks Experience interfacing with CAN-BUS networks Ability to solder, analyze UART and JTAG lines, and repair removed functionality (UART, JTAG, etc.) Ability to remove ICs from the PCB and interface with them directly (CPU, flash memory, etc.)