c0c0n 2026

c0c0n is a 19 years old platform that is aimed at providing opportunities to showcase, educate, understand and spread awareness on Information Security, data protection, and privacy...

Venue & Date

Contact Us

Hack the IoT

c0c0n 3-Day Professional Training

Hack the IoT

Objective

The immense power of connected and embedded systems comes with equally significant responsibility — hardware security. As innovation in embedded design, microcontrollers, and smart devices accelerates at an unprecedented pace, security often struggles to keep up. When vulnerabilities exist at the hardware level, the consequences can extend far beyond data breaches — affecting safety, reliability, and even human lives. Ignoring hardware security is no longer an option.

“Practical IoT Hacking” is a specialized course designed to provide security professionals with a deep and practical understanding of IoT/Embedded systems and their inherent weaknesses. This training goes beyond theory, offering extensive hands-on labs that enable participants to identify, analyze, exploit, and remediate hardware, firmware and protocol-level vulnerabilities on real devices — not simulations.

The course explores the hardware, firmware, and radio protocol attack surface across modern IoT/embedded systems used in various domains. Participants will gain ground-up knowledge of widely used hardware protocols and interfaces, understand internal working, and examine real-world attack scenarios targeting UART, JTAG, SPI, I²C, bootloaders, memory components, and more.

In addition to on-bus protocol-level attacks, the training covers hardware exploitation techniques using Fault injection attacks. The training will cover the fundamentals of Fault injection attacks, parameters in FI attacks, and using the voltage glitching attack to bypass the authentication. The training also includes firmware extraction, memory dumping, firmware binary analysis, and debugging interface abuse. Attendees will also work with essential open-source tools and hardware components that form the foundation of a hardware security toolkit.

Throughout the course, we use purpose-built lab setups created specifically for hardware penetration testing, along with custom in-house vulnerable boards designed to provide realistic attack scenarios and practical learning experiences.

This course is intended for security professionals who want to deepen their expertise and specialize in embedded security. If you are ready to move beyond software and explore the lower layer, this journey is for you.

Course Content

Day 1
Introduction
  • Introduction to IoT - IoT Architecture and IoT Attack Surfaces
  • IoT Hardware Overview
  • Identifying the Attack Surfaces
Attacking Hardware Protocols
  • Attacking UART - Introduction, Identifying UART, Accessing UART Lab
  • Attacking JTAG Debug port - Introduction to JTAG, Identifying the JTAG port, Firmware Extraction from the Microcontroller, Run-time patching the firmware
  • Attacking I2C Protocol - Introduction to I2C Protocol, Interfacing with I2C-based flash chips, Data extraction and patching from/to the I2C Flash chips, Sniffing the I2C communication
  • Attacking SPI Protocol - Introduction to SPI protocol, Interfacing with SPI protocol Lab, Firmware/Data extraction and patching from/to the SPI flash chips, Sniffing the SPI communication
Day 2
Fault Injection Attack
  • Introduction to Fault Injection
  • Understanding Voltage and Clock Glitching
  • Voltage/Clock Glitching – Typical setup required for FI attacks and Parameters to control
  • Live Demo - Bypassing authentication using voltage glitching
Attacking BLE
  • Introduction and Protocol Overview
  • Reconnaissance (Active and Passive) with HCI tools
  • Enumeration of BLE Services and Characteristics
  • Sniffing BLE communication
  • Reversing GATT protocol communication
  • Read and write on the GATT protocol
  • Fuzzing Characteristic values
  • Walkthrough of recent BLE 5.x attacks
Day 3
Firmware
  • Introduction
  • Types of firmware
  • Bare-Metal Firmware Introduction
Introduction to Static Analysis
  • Firmware Extraction/Modification
  • Credential Search
  • Reverse Engineering using Ghidra
  • Instruction Set Identification
Dynamic Analysis
  • User space binary emulation
Pre-requisite

  • Basic knowledge of Hardware components, memory types, and IC packages
  • Basic Linux commands and Assembly instructions for at least one controller architecture
  • Patience to learn at a snail's pace

Who Should Attend

  • Penetration testers tasked with auditing IoT Hardware
  • Government officials from defensive or offensive units
  • Red team members are tasked with compromising the hardware devices
  • Embedded security enthusiasts
  • Anyone interested in IoT security

Participant's Requirements

  • Laptop with at least 50 GB of free space (Windows or Linux)
  • 8+ GB minimum RAM (4+GB for the VM)
  • External USB access (min. 2 USB ports)
  • Administrative privileges on the system
  • Virtualization software - Latest VirtualBox

What to expect

  • An IoT learning kit during the training for each participant.
  • This course will give you directions to start testing the hardware security of embedded devices
  • Getting familiar with IoT Security
  • Bypassing security using advanced hardware attacks

What Not to Expect

Becoming a hardware/IoT hacker overnight. Use the knowledge gained in the training to start pen-testing IoT devices and sharpen your skills

Trainer(s)

Hemant Sonkar

Hemant Sonkar

Lead Security Consultant
Payatu Security Consulting Pvt Ltd

Pugal Selvan

Pugal Selvan

Security Consultant
Payatu Security Consulting Pvt Ltd

Shubham Thorat

Shubham Thorat

Security Consultant
Payatu Security Consulting Pvt Ltd

Training Information

  • Duration 3 Day Training
  • Dates 11th Oct, 2026 to 13th Oct, 2026
  • Time 09:30 IST - 17:30 IST
  • Venue Grand Hyatt, Bolgatty, Kochi, Kerala

Trainings

Oct 6–8 Pre-Conference
T1
Hook, Line, and Sinker: Exploring the Phishing Abyss
T2
Applied Infrastructure Security Assessment
T3
Creating Custom Tooling for Offensive Security after 2025 - Beyond Autopilot Pentesting
T4
Operational Open Source Intelligence (OSINT), From Online Data to Real-World Impact.
T5
AI Security Engineering Masterclass
T6
Practical AI Security: Attacking and Defending LLMs, Agents and MCP
T7
Practical Fuzzing: A Hands-On Learning Experience for Uncovering Vulnerabilities on Linux
T8
Attacking and Defending GitHub CI CD Pipelines
T9
Threat Tradecraft: Infrastructure Hunting & Malware Analysis
T10
Telecom Network Exploitation: Pentesting Across 4G/5G Stacks
T11
Hacking Android, iOS and IoT apps by Example - 2026 Edition
T12
Multi-Cloud Security (AWS, Azure, GCP) - AI Edition
T13
Red Team: Identity Exploitation & Nation-State Implant Tradecraft
T20
Invite Only (For Law Enforcement)
Oct 11–13 Post-Conference
T14
Hack the IoT
T15
Automotive Security in Practice: Exploitation, Risk Assessment & CAN IDS!
T16
HuntOps: From Telemetry to Adversary Detection
T17
HackTheWeb: Pentest Smarter with AI
T18
Weaponizing Defense: Attacking Windows 11 Kiosks Using Enterprise Hardening Solutions
T19
The Art of Finding Bugs: Advanced Techniques in Vulnerability & 0-Day Research

Register Now