Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training
Can't find what you are looking for?

Let us help.

Contact us
Resources
SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

CISO Network

Engage, challenge, and network with fellow CISOs in this exclusive community of security leaders

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations
Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk with an expert
Talk with an expert

SEC556: IoT Penetration Testing

SEC556Offensive Operations
  • 3 Days (Instructor-Led)
  • 18 Hours (Self-Paced)
Course created by:
Larry PesceJames Leyte-Vidal
Larry Pesce & James Leyte-Vidal
Register NowCourse Preview
SEC556: IoT Penetration Testing
Course created by:
Larry PesceJames Leyte-Vidal
Larry Pesce & James Leyte-Vidal
Register NowCourse Preview
  • 18 CPEs

    Apply your credits to renew your certifications

  • Virtual Live Instruction or Self-Paced

    Train from anywhere. Attend a live instructor-led course remotely or train on your time over 4 months.

  • Intermediate Skill Level

    Course material is geared for cyber security professionals with hands-on experience

  • 13 Hands-On Lab(s)

    Apply what you learn with hands-on exercises and labs

Jump to:

SEC556 equips security professionals with comprehensive skills to identify, assess, and exploit IoT device security mechanisms across diverse technological ecosystems.

Featured Quote

This course is perfect to learn essential contents of IoT pen testing.
Junya FujitaHitachi

Course Overview

SEC556 is an IoT hacking course that facilitates examining the entire IoT ecosystem, helping you build the vital skills needed to identify, assess, and exploit basic and complex security mechanisms in IoT devices. This course gives you tools, hands-on techniques, and a strategic framework for comprehensively evaluating IoT device security, exploring vulnerabilities across network layers, firmware, hardware, and application interfaces.

What You’ll Learn

  • Assess IoT network controls comprehensively
  • Investigate hardware interaction points
  • Uncover firmware vulnerabilities
  • Analyze wireless technology weaknesses
  • Manipulate Bluetooth Low Energy devices
  • Reverse-engineer unknown radio protocols
  • Automate security testing methodologies

Business Takeaways

  • Faster detection of real threats
  • Maximized ROI on existing tools
  • Develops In-house threat detection expertise
  • Defensive coverage against modern tactics
  • Operational confidence and retention
  • Alignment with security goals and audit requirements

Meet Your Authors

Slide 1 of 0

Course Syllabus

Explore the course syllabus below to view the full range of topics covered in SEC556: IoT Penetration Testing.

Section 1Introduction to IoT Network Traffic and Web Services

This section introduces IoT security challenges, focusing on testing methodologies applicable across diverse implementations. Students explore network reconnaissance, web application vulnerabilities, and API interaction techniques. The curriculum emphasizes practical strategies for identifying and exploiting IoT network and web-based vulnerabilities.

Topics covered

  • Course methodology introduction
  • IoT testing framework
  • Network discovery techniques
  • Web service reconnaissance
  • Vulnerability exploitation strategies

Labs

  • Wireshark network analysis
  • IoT device network scanning
  • Web portal vulnerability assessment
  • API interaction and exploitation
  • Command injection techniques

Section 2Exploiting IoT Hardware Interfaces and Analyzing Firmware

Students will learn advanced hardware testing techniques, including device deconstruction, communication interface analysis, and firmware recovery. The section covers destructive and non-destructive testing methodologies, focusing on identifying hardware vulnerabilities and extracting critical system information.

Topics covered

  • Hardware testing fundamentals
  • Device disassembly techniques
  • Communication port identification
  • Firmware analysis methodologies
  • Filesystem exploitation

Labs

  • Device specification analysis
  • Serial and SPI communication sniffing
  • Firmware recovery techniques
  • Filesystem exploration
  • Hardware component identification

Section 3Exploiting Wireless IoT: WiFi, BLE, Zigbee, LoRA, and SDR

This section explores wireless technologies prevalent in IoT ecosystems, providing comprehensive techniques for traffic capture, network access, and device compromise. Students will gain expertise in analyzing standard and proprietary wireless communication protocols.

Topics covered

  • WiFi security assessment
  • Bluetooth Low Energy vulnerabilities
  • Zigbee protocol analysis
  • LoRA communication techniques
  • Software-Defined Radio exploration

Labs

  • WiFi network cracking
  • Bluetooth Low Energy interaction
  • Zigbee traffic analysis
  • Wireless replay attacks

Things You Need To Know

Relevant Job Roles

Vulnerability Analysis (OPM 541)

NICE: Protection and Defense

Responsible for assessing systems and networks to identify deviations from acceptable configurations, enclave policy, or local policy. Measure effectiveness of defense-in-depth architecture against known vulnerabilities.

Explore learning path

Application Pen Tester

Offensive Operations

Application penetration testers probe the security integrity of a company’s applications and defenses by evaluating the attack surface of all in-scope vulnerable web-based services, clientside applications, servers-side processes, and more. Mimicking a malicious attacker, app pen testers work to bypass security barriers in order to gain access to sensitive information or enter a company’s internal systems through techniques such as pivoting or lateral movement.

Explore learning path

Red Teamer

Offensive Operations

In this role you will be challenged to look at problems and situations from the perspective of an adversary. The focus is on making the Blue Team better by testing and measuring the organization’s detection and response policies, procedures, and technologies. This role includes performing adversary emulation, a type of Red Team exercise where the Red Team emulates how an adversary operates, following the same tactics, techniques, and procedures (TTPs), with a specific objective similar to those of realistic threats or adversaries. It can also include creating custom implants and C2 frameworks to evade detection.

Explore learning path

Systems Testing and Evaluation (OPM 671)

NICE: Design and Development

Responsible for planning, preparing, and executing system tests; evaluating test results against specifications and requirements; and reporting test results and findings.

Explore learning path

Course Schedule & Pricing

Looking for Group Purchasing Options?Contact Us

OnDemand Bundle

When purchasing a live, instructor-led course, add 4 months of online access. View price in the info icons below.

SANS Skills Quest by NetWars Core Edition

Add 6 months of hands-on skills practice.  Add to your cart when purchasing your course.

Filter by:
  • Location & instructor

    Virtual (OnDemand)

    Instructed by Larry Pesce
    Date & Time
    OnDemand (Anytime)Self-Paced, 4 months access
    Course price
    $5,250 USD*Prices exclude applicable local taxes
    Enrollment options
    Self-Paced
  • Location & instructor

    Virtual (live)

    Instructed by Larry Pesce
    Date & Time
    Fetching schedule..View event details
    Course price
    $5,250 USD*Prices exclude applicable local taxes
    Enrollment options
    Virtual
  • Location & instructor

    Virtual (live)

    Instructed by Larry Pesce
    Date & Time
    Fetching schedule..View event details
    Course price
    $5,250 USD*Prices exclude applicable local taxes
    Enrollment options
    Virtual
Showing 3 of 3

Learn Alongside Leading Cybersecurity Professionals From Around The World

Slide 1 of 0

Benefits of Learning with SANS

Instructor teaching class with code in the background

Get feedback from the world’s best cybersecurity experts and instructors

Learning via laptop

Choose how you want to learn - online, on demand, or at our live in-person training events

Learning via laptop

Get access to our range of industry-leading courses and resources