IoT Security Bootcamp GOA Edition
Training Overview
IoT Security Bootcamp is an intensive, three-day hands-on training at CSA XCON 2026, designed to provide participants with a practical, attacker-focused understanding of Internet of Things (IoT) security.
IoT devices are everywhere, from consumer electronics to industrial control systems, yet they remain one of the most under-secured attack surfaces in modern environments. This bootcamp demystifies IoT security by taking participants through real devices, real firmware, real hardware interfaces, and real wireless protocols.
The training follows a learning-by-hacking methodology, enabling participants to evaluate IoT architectures, identify vulnerabilities, and exploit weaknesses across firmware, hardware, and wireless layers.
About the Training at CSA XCON 2026
This bootcamp emphasizes practical skills over theory, ensuring participants walk away ready to test real IoT products.
Key highlights include:
- Linux-based firmware analysis and exploitation
- Hardware hacking and debugging interfaces
- BLE and wireless protocol attacks
- Use of modern tooling and AI-assisted analysis
- Full end-to-end compromise of a real IoT device
This training aligns perfectly with CSA XCON’s mission to deliver applied, real-world cybersecurity education.
What You Will Learn
IoT Foundations & Threat Modeling
- IoT security concepts and architectures
- Identifying IoT attack surfaces
- IT vs IoT penetration testing methodologies
- Regulatory overview: Cyber Resilience Act (CRA) & ETSI IoT security standards
Wireless Security: Bluetooth & BLE
- Bluetooth Classic and BLE fundamentals
- BLE sniffing and packet analysis
- Man-in-the-Middle (MiTM) and proxy attacks
- Exploiting insecure wireless implementations
Firmware Security (Linux-Based IoT)
- Firmware structures and components
- Dumping, extracting, and analyzing firmware
- Manual and AI-assisted firmware analysis
- Emulating full or partial firmware environments
- Injecting backdoors and rebuilding firmware images
Hardware Hacking & Debugging
- Electronics fundamentals (Electronics 101)
- Serial and debug interfaces: UART, SPI, I2C & JTAG
- Extracting firmware and data from EEPROM chips
- JTAG exploitation and debugging attacks
Full Device Compromise
- Hands-on hacking of a real IoT device
- Applying all learned TTPs: Firmware exploitation, Hardware attacks & Wireless interception
- End-to-end IoT penetration testing workflow
Training Experience & Expectations
- Extremely hands-on, lab-driven sessions
- Real devices not simulations
- Progressive learning from basics to exploitation
- Focus on attacker mindset and methodology
Participants leave with a clear roadmap to continue IoT penetration testing independently.
Who Should Attend
This training is ideal for:
- Penetration testers auditing IoT hardware
- Bug bounty hunters targeting IoT products
- Red team operators
- Government security professionals
- Embedded security enthusiasts
- IoT developers and testers
- Anyone interested in IoT security
Skill Level
Beginner to Intermediate
Participant Requirements
Participants should bring:
- Laptop (Linux recommended; Windows/macOS supported): 8GB RAM minimum (16GB recommended), 50GB free disk space & Virtualization enabled
- Android smartphone (Android 7+)
- USB-A hub (optional but recommended)
- Administrative access to the laptop
Basic Linux knowledge is helpful but not required.
What Participants Will Receive
Each participant will receive:
- Training slides and materials
- Practical IoT Hacking Lab Manual (PDF)
- Dedicated IoT device for hands-on attacks
- Clear post-training learning direction
What This Training Is
What to expect:
- Hands-on labs
- Reverse engineering
- Real-world IoT hacking skills
What not to expect:
- Becoming an expert overnight
This bootcamp provides a strong foundation for continued IoT security learning and research.