IoT Penetration Testing

Uncover vulnerabilities in your Smart Devices and fix them quickly

industry 4.0 penetration testing

Internet connected devices can expose entire infrastructure to external and internal cyber threats.

Secure them now.

Our Methodology

CTD’s approach to IoT, Smart Devices pentest includes Hardware, Software and Server assessment

Firmware Reverse Engineering

Reverse engineering firmware binaries

Binary exploitation

Encryption analysis 

Bypass obfuscation techniques in use

Debugging binaries to gain sensitive info

Application Pentesting

Android, Cloud and Web vulnerability testing

Input Validation: SQL Injection, Malicious Input acceptance, Command Injection

Buffer Overflow, File Upload, Business logic validations, Error handling/ Info Leakage, Session management, Log tampering

Data storage vulnerabilities

Server side Testing

Identify potential for denial of service (DOS) attacks

Vulnerabilities specific to web servers: Directory Traversal, Command injection, Remote code execution, SQL injection, Sensitive file exposure, Web server miss configuration exploitation

API/Webservices testing: authorization, IDOR, Injections and exploits, API business logic bypas like skipping payments, API missconfigurations

Radio communication reversing for proprietary protocols 

iot penetration testing server side
server side iot penetration testing

Hardware based exploitation

Exfiltration of Sensitive data from memory: applications store username, tokens, passwords, encryption keys, unscripted sensitive data. 

UART, JTAG, SWD ports exploitation

Flash memory chips to detect a possibility to dump firmware.

Logic bugs sniffing and bus tampering

External peripheral devices: headphones, antennas etc.

smart things penetration testing
iot devices pentest connected

How it works

Contact us

Call us or write us an email with your requirements

Scoping

Establish what needs to be tested and the right approach

Attacking

We attack your devices to discover vulnerabilities

Reporting

We will present all the findings and solutions to fix them

iot penetration testing

Industries that we cover

Industry 4.0

Industrial Control Systems

Smart Home Automation

Medical / Healthcare

Automotive

Enterprise IoT

Certified Ethical Hackers

Highly Technical. Effective Communication. Trust

Andrei Pusoiu
Danie Ciobanu Co-Founder CEH Certified Cyber Security Engineer
Daniel Ciobanu
Alexandru Armean
Veronica Mihaiu OSCP Certified Cyber Security Engineer
Veronica Mihaiu
Razvan Furdui OSCP Certified Cyber Security Engineer
Razvan Furdui
Offensive Security OSCP Certification
Certified Ethical Hacker Certification
CISM Certification Security Manager Alexandru Armean
certified penetration tester GIAC GPEN
We are a security consulting company, founded by senior penetration testers and security managers, offering certified Cyber Security Services of highest quality possible, for clients in EMEA and Middle East
Cyber Threat Defense Logo

Who recommends us

The team is very professional, even going the extra mile caring for customer needs and all the details of the collaboration. This attention to detail both for the human factor and the technical expertise motivated me to have the ongoing project and wish to maintain this for the foreseeable future.​
Catalin Priscornita testimonial picture for Cyber Threat Defense
Catalin Priscornita
CEO, Blitz.ro
Cyber Threat Defense has been a valuable partner in securing our software. Their outside the box perspective has pointed us attack scenarios that we are now paying more attention to.
I recommend CTD. They will certainly improve the level of security in your company.
Andrei Andreias testimonial picture for Cyber Threat Defense
Adrian Andreias
CEO, hosterion.com

How can we help?

Contact our offensive security experts today to discuss your requirements

    Razvan Furdui OSCP Certified Cyber Security Engineer

    info@ctdefense.com
    +40 770 348 361

    Care to be Cyber Aware!
    Cyber Threat Defense Logo