Attacking Real-World IoT and Embedded Devices

Instructor:  Patrick Ventuzelo
Dates:  June 15 to 18 2026
Capacity:  25

In this training, participants will learn to reverse, emulate, and fuzz real-world IoT and embedded devices commonly found in modern homes and small businesses. We focus on attacking widely-deployed targets, many of which were previously featured at Pwn2Own, using software-driven techniques, public firmware images, and real-world exploitation workflows.

Unlike traditional hardware-centric IoT trainings, our approach emphasizes firmware analysis, network interaction, emulation, and vulnerability discovery via fuzzing and reversing. Participants will work on actual devices from vendors like Home Assistant, Philips Hue, Linksys, Draytek, Netgear, Synology, Wyze, and more.

What You'll Learn

• Reverse engineering and emulating firmware from real consumer devices
• Extracting and analyzing firmware from online sources
• Network interface and API attack surface analysis
• Emulation with QEMU and tools like Firmadyne, FirmAE
• Coverage-guided and grammar-based fuzzing for embedded software
• Practical vulnerabilities: from debug interfaces to insecure web UIs
• How vendors fail — and how to responsibly disclose bugs

Course Outline

Day 1 – Home Automation Under Siege

Focus: Smart hubs and IoT ecosystems

• Introduction to IoT security testing methodology
• Target 1: Green Home Assistant (open ecosystem, complex plugins)
• Target 2: Philips Hue Bridge (firmware from internet)
• Firmware unpacking & static analysis
• Light protocol fuzzing and attack scenarios
• Emulating open-source targets and exploring plugin attack vectors

Day 2 – Routers in the Crosshairs

Focus: Consumer routers and gateway devices

• Targets: Linksys, Draytek, Netgear (firmware-based analysis)
• Firmware emulation and dynamic interaction
• Debug interface discovery (UART, Telnet, HTTP)
• Reverse engineering custom web interfaces
• Auth bypass and command injection
• Basic coverage-guided fuzzing of CGI/web components

Day 3 – Hacked at First Sight: IP Cameras

Focus: Surveillance and video devices

• Targets: Wyze Cam, Synology TC500
• Network services reverse engineering
• Streaming protocol fuzzing
• Exploiting weak authentication and default credentials
• Using mitmproxy and custom interceptors
• Teardown demo for one device (minimal hardware)

Day 4 – Printers & Forgotten Peripherals

Focus: Often-overlooked devices with juicy bugs

• Targets: HP / Brother / Epson printers
• Firmware collection and reverse engineering
• USB/network-based attack surfaces
• Exploiting outdated firmware components
• Bonus: CVE walk-throughs of past Pwn2Own printer bugs
• Final exercise: Pick your own target and begin analysis

BIO

Patrick Ventuzelo is a senior security researcher, CEO & founder of Fuzzinglabs. After working for the French Ministry of Defense, he specialized in fuzzing, vulnerability research, and reverse engineering. Over the years, Patrick has created multiple fuzzers, found hundreds of bugs, and published various blog posts/videos/tools on topics like Rust, Go, Blockchain, WebAssembly, and Browser security. Patrick is a regular speaker and trainer at various security conferences around the globe, including BlackHat USA, OffensiveCon, REcon, RingZer0, PoC, ToorCon, hack.lu, NorthSec, SSTIC, and others.

To Register

Click here to register.