The course will focus on finding security vulnerabilities in the Internet of Things online devices using Shodan. This workshop will be especially useful for those who want to learn more about OSINT, cybersecurity, and technology in general.
Why THIS course?
This course will give you practical, hands-on exposure to vulnerability hunting specific to IoT as well as some digital intelligence gathering techniques. Focused on the topics of OSINT and IoT, it’s quick and can be done in an hour - but you will be able to put your new knowledge to the test in the real world right after you finish. If you were looking for a self-contained tutorial on OSINT, Shodan, IoT, or all of the above, this is the perfect course for you!
Why take it NOW?
Both OSINT and IoT security are now trending in the cybersecurity space. IoT is a growing field and more and more tech is appearing on the market, thus increasing the potential surface of attack against people who simply keep those devices at home. At the same time, OSINT skills supplementing reconnaissance are fast becoming one of the most essential tools for any pentester.
Who is this course for?
- Those interested in cybersecurity in general
- Pentesters looking to improve their OSINT skills with Shodan
- OSINT practitioners wanting to learn more about IoT searches
- Privacy enthusiasts looking to hide their devices from OSINT searches
What skills will you gain?
- Search for IoT devices on Shodan using various methods
- Identify vulnerable IoT devices
- Search for exploits for IoT
- Use Shodan through GUI and CLI
- Perform OSINT tasks
- Search for ICS devices on Shodan
- Hide your devices from Shodan searches
What will you learn about?
- How to use Shodan for searching IoT device landscape
- The current state of IoT devices detectable by Shodan
- Various privacy and OSINT techniques on Shodan
- Proxy and VPN impact on Shodan results
What tools will you use?
- Linux, Kali will do great but is not necessary (for CLI)
COURSE IS SELF-PACED, AVAILABLE ON DEMAND
DURATION: 1 hour
CPE POINTS: On completion you get a certificate granting you 1 CPE point.
- Accessible even after you finish the course
- No preset deadlines
- Materials are video, labs, and text
- All videos captioned
What should you know before you join?
- Basic knowledge of computing and Internet navigation
- Basics understanding of the IoT technology
What will you need?
- A Shodan account
Topics discussed in this course:
- Shodan interface
- Shodan results export options
- Searching for IoT devices by location - Shodan Maps
- Shodan Exploits section
- Searching with image files (e.g. static login pages)
- Shodan internals - searching for VNC banners
- Search filters with practical examples
- Refining searches for best results
- IoT practical search examples
- Searching for ICS devices in Shodan
- Understanding proxy and VPN impact on Shodan for privacy and security
- Shodan GUI vs CLI
- Defending from Shodan
- Shodan hands-on tips and tricks
Practical exercises and knowledge checks are included in the course, all participants must pass them to receive a certificate.
Your instructor: Maciej Makowski
Maciej Makowski - information security specialist with a strong background in criminal investigations and online safety. Spent nearly 13 years working as a police officer and cyber crime detective in An Garda Siochana, Ireland’s National Police and Security Service. Graduate of University College Dublin, also received professional qualification in data protection from the Law Society of Ireland. Experienced Axiom, Encase and FTK digital investigator, certified Cellebrite forensic mobile examiner. Author of osintme.com, a blog on open source intelligence and digital privacy.
If you have questions, feel free to contact our course coordinator Marta at [email protected]