CTD’s approach to IoT, Smart Devices pentest includes Hardware, Software and Server assessment
Reverse engineering firmware binaries
Bypass obfuscation techniques in use
Debugging binaries to gain sensitive info
Android, Cloud and Web vulnerability testing
Input Validation: SQL Injection, Malicious Input acceptance, Command Injection
Buffer Overflow, File Upload, Business logic validations, Error handling/ Info Leakage, Session management, Log tampering
Data storage vulnerabilities
Identify potential for denial of service (DOS) attacks
Vulnerabilities specific to web servers: Directory Traversal, Command injection, Remote code execution, SQL injection, Sensitive file exposure, Web server miss configuration exploitation
API/Webservices testing: authorization, IDOR, Injections and exploits, API business logic bypas like skipping payments, API missconfigurations
Radio communication reversing for proprietary protocols
Exfiltration of Sensitive data from memory: applications store username, tokens, passwords, encryption keys, unscripted sensitive data.
UART, JTAG, SWD ports exploitation
Flash memory chips to detect a possibility to dump firmware.
Logic bugs sniffing and bus tampering
External peripheral devices: headphones, antennas etc.
Contact our offensive security experts today to discuss your requirements