It is found that Javascript is disabled in your browser.
Please enable Javascript, or you cannot get access to Registration page.



Workshop 12 - Practical Exploitation of Internet of Things (IoT) Networks and Ecosystems

Speakers: Mr. Sumanth Naropanth and Ms. Eliza Chelleng


HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong
Date: 18 - 19 Sep 2018 (2 days)


09:30 - 17:00
Non-member Fee
HK$7,000 (Early Bird: HK$6,800)
Member Fee for Organizer/Supporting Organization HK$6,800 (Early Bird: HK$6,600)

Medium of Instruction


Nature & Objectives

This workshop offers a holistic, hands-on approach to IoT security. Students will learn to analyze the architecture of IoT market products (Industrial IoT, wearables, etc.) from a security perspective, and using specialized hardware & software tools, perform their own hands-on vulnerability assessments of IoT platforms. Defensive security best practices to proactively identify such vulnerabilities, as well as methodologies to plan and execute end-to-end Security Development Lifecycle (SDL) for IoT products will also be taught.

Each student will receive a Microchip’s RZUSBStick Starter Kit, which includes a transceiver commonly used in IoT networks, including IEEE 802.15.4, ZigBee and 6LoWPAN, valued at over HK$350.

Course Outline

  1. Introduction to Internet of Things
  2. Deep-dive into commonly deployed IoT architectures
  3. Need for security in IoT and wearable products
  4. IoT ecosystem and security paradigms for hardware, mobile and cloud
  5. Commonly used communication protocols and standards
  6. Security considerations and features in these communication protocols
  7. Hands-on Exercise 1: Hacking an IoT Wireless Sensor Network
  8. Hands-on Exercise 2: Eavesdropping on an Activity Tracker
  9. Walkthrough Exercise 3: Breaking Bluetooth adaptations on Android and iOS
  10. Hands-on Exercise 4: Amazon Web Services (AWS) IoT Core & MQTT Security
  11. Secure by design: Code-level exercises to address vulnerabilities exploited in the hands-on hacking exercises
  12. Next-generation Security Development Lifecycle for IoT platforms
  13. Privacy topics

Who Should Attend

Security researchers and penetration testers interested in Internet of Things (IoT) and wearables; Security architects; Anyone who would like to learn about threats to next-generation computing platforms in the IoT space. The hands-on exercises require basic familiarity with Linux operating system, understanding of programming languages (to perform simple changes to source code provided), and network communication protocols.

Requirement for Participant

Each participant is required to create one free AWS account prior to the workshop, and which is used for Hands-on Exercise 4.


Mr. Sumanth Naropanth
Chief Executive Officer (CEO)
Deep Armor Technologies Private Limited

Mr. Sumanth Naropanth | Information Security Summit 2018 | align=

Sumanth Naropanth is a technical expert in security research, vulnerability assessments, security architecture & design, and incident response. He has held several security leadership positions, has developed detailed frameworks for Security Development Lifecycle (SDL) for large corporations, and has managed global teams that executed those SDL activities. Sumanth is the founder and CEO of Deep Armor. He previously worked for Sun Microsystems, Palm/HP and Intel. He and his team have published their research at well-known security conferences, including Black Hat Asia, Black Hat Europe, FIRST, PacSec, AppSec, Troopers, Nuit du Hack, Shakacon and so on. Sumanth has a Masters degree in Computer Science (Security) from Columbia University.

Ms. Eliza Chelleng
Senior Security Analyst
Deep Armor Technologies Private Limited

Ms. Eliza Chelleng | Information Security Summit 2018 | align=

Eliza is a senior security analyst at Deep Armor. She has over four years of security consulting experience, primarily in IoT/Wearables, Mobile Solutions, Cloud Computing and Web Application penetration testing. She led Security Development Lifecycle (SDL) activities for multiple projects at Intel, and reported numerous vulnerabilities in pre-market products. Her research and exploitation techniques on Bluetooth and BLE weaknesses on wearables and mobile platforms has been presented at several prestigious security conferences. She has spoken about her work at the Nuit du Hack Conference in Paris. Eliza is trained in Network Pentesting by the SANS Institute. Eliza has a Master degree in Computer Science

Copyright © 2019 Hong Kong Productivity Council. All Rights Reserved.