Introducing an IoT Testing Certification for Beginners
TCM Security’s Practical IoT Pentest Associate (PIPA) is a unique IoT testing certification that requires exam takers to perform hands-on testing of IoT firmware to identify vulnerabilities and write a comprehensive report detailing their findings. Due to its unique nature (I’m not aware of any similar certifications on the market) and its recent release, some aspiring IoT testers have expressed that they aren’t entirely sure what to expect from the exam. In this blog I’ll outline some details about what you will and won’t encounter in the exam, the virtual environment and how to prepare for the exam. As the creator of the certification, I’m here to give you the inside scoop and a few helpful tips.
What Is, And Isn’t, In The PIPA Exam
In order to keep the exam affordable and accessible, all aspects of the exam are performed virtually in the cloud environment provided and there is no physical hardware component to the exam. Exam takers have two days to perform a static analysis of a device’s firmware, using logic analyzer captures, a block diagram and functional description of the device, and a copy of the firmware itself. In order to pass the exam, you must identify a specific number of findings in the testing materials provided and present them in a professional report. In addition to the testing materials, a detailed Exam Guide and Rules of Engagement (RoE) document are provided.
My first tip is to read these documents fully and carefully. While there are no tricks, they contain very important details about what types of vulnerabilities to look for, what you don’t need to look for, and what your report should include to score full points.
PIPA Exam Environment
As previously mentioned, the exam is performed entirely inside of the virtual environment provided by TCM Security. When you begin the exam, you’ll be provided with an OpenVPN configuration file that you can use to connect to the exam environment, which consists of one Linux virtual machine accessed via a web browser GUI. The VM contains the firmware, logic analyzer samples, design documentation, and all of the necessary tools to analyze the firmware. This includes Ghidra, Cyberchef, Pulseview, Binwalk, Hashcat, and other common Linux binaries and utilities used for firmware and forensic analysis. The entirety of the exam, with the exception of writing your report, is intended to be performed inside the provided exam environment.
Study Tips For The PIPA Exam
As with all TCM Security certifications, everything you need to know to pass the exam is included in the course material, which for this exam is the Beginner’s Guide to IoT and Hardware Hacking. I specifically wrote the firmware for this exam with intentional vulnerabilities that can be found by following the methodology shown in the course. The best resource to pass the exam is following along with the course material and completing all of the firmware analysis and reverse engineering exercises yourself, especially the course capstone challenge.
If you’re like me, and prefer to further test your skills and knowledge, there are a couple of additional resources I’d recommend. The first one is to analyze and reverse engineer the “Dumb Thing” firmware I created to teach about finding vulnerabilities in IoT devices. The TCM All-Access-Pass provides detailed lessons and video recordings for setting up and analyzing this firmware in the June 27th and July 11th 2024 live workshops. The steps are also detailed in the free blog series “Getting Started with IoT and Hardware Hacking”. The second resource is the OWASP IoT GOAT project, this is another firmware written for learning IoT hacking.
Tips For Writing Your Report
The Practical IoT Pentest Associate is a practical exam intended to simulate a real world security audit of IoT firmware, and as such, is graded based on the submitted report. Points are awarded both for overall quality of the report and for correctly reporting on the relevant findings in the firmware and associated materials. After completing the exam, you will have another two days to write the report. This report is similar to the deliverable presented to a customer at the end of a security audit or penetration test.
The report should include enough detail so that the reader, such as a developer, can fully understand the scope of the finding and identify the impacted systems or portions of the firmware. A generic example that would only score partial points would be if you identified a vulnerability in a function from a custom library in the firmware. In order to receive full points, you would need to trace this function to the binary that calls it and explain how a user could exploit it. Most of the findings award partial marks for the steps taken, so make sure you show all of your work, even if you can’t completely finalize a finding or vulnerability. I also suggest including lots of screenshots to demonstrate the steps taken to identify the finding. A sample report template is provided for you to use in the appendix of the Exam Guide.
Conclusion
As a quick summary here are my main tips for preparing for and passing the PIPA exam.
- Make sure you understand and have practiced the methodology taught in the included course work, especially doing the actual steps on your own and not just watching along.
- Thoroughly read the Exam Guide and RoE. There are lots of very useful details and instructions included in it.
- When writing your report, include enough detail for each finding so a reader can fully understand its impact and the scope of all impacted systems, files, libraries, binaries, scripts etc. Consult the exam guide for more details about what to include in your report.
- Take a shot at analyzing the “Dumb Thing” firmware by following along with the free blog or the past Academy Live Workshops that cover it.
Purchase the Practical IoT Pentest Associate exam voucher today. The voucher does not expire and includes lifetime access to the 13+ hours of the Beginner’s Guide to IoT and Hardware Hacking course from TCM Security Academy, as well as one free retake. Good luck on your IoT hacking journey!
About the Author: Andrew Bellini
My name is Andrew Bellini and I sometimes go as DigitalAndrew on social media. I’m an electrical engineer by trade with a bachelor’s degree in electrical engineering and am a licensed Professional Engineer (P. Eng) in Ontario, Canada. While my background and the majority of my career has been in electrical engineering, I am also an avid and passionate ethical hacker.
I am the instructor of our Beginner’s Guide to IoT and Hardware Hacking course and I also created the Practical IoT Pentest Associate (PIPA) certification.
In addition to my love for all things ethical hacking, cybersecurity, CTFs and tech I also am a dad, play guitar and am passionate about the outdoors and fishing.
About TCM Security
TCM Security is a veteran-owned, cybersecurity services and education company founded in Charlotte, NC. Our services division has the mission of protecting people, sensitive data, and systems. With decades of combined experience, thousands of hours of practice, and core values from our time in service, we use our skill set to secure your environment. The TCM Security Academy is an educational platform dedicated to providing affordable, top-notch cybersecurity training to our individual students and corporate clients including both self-paced and instructor-led online courses as well as custom training solutions. We also provide several vendor-agnostic, practical hands-on certification exams to ensure proven job-ready skills to prospective employers.
Pentest Services: https://tcm-sec.com/our-services/
Follow Us: Blog | LinkedIn | YouTube | Twitter | Facebook | Instagram
Contact Us: sales@tcm-sec.com
See How We Can Secure Your Assets
Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.