DEF CON Safe Mode Demo Labs - Jakub Botwicz - Cotopaxi

Cotopaxi is a set of tools for security testing of Internet of Things devices using specific network IoT/IIoT/M2M protocols (e.g. AMQP, CoAP, MQTT, DTLS, mDNS, QUIC). These tools will be used by penetration testers and/or security researchers to identify IoT services and verify security vulnerabilities or misconfigurations. Based on recent publications, including a report from Trend Micro (https://www.trendmicro.com/vinfo/us/...tion-protocols), new IoT protocols are widely used both in public networks and in industrial environments. Unfortunately, in most cases those servers are not configured properly or use outdated components. Currently available tools used for security testing, like nmap or OpenVAS, do not support all new IoT protocols (e.g. AMQP, CoAP, MQTT, DTLS, mDNS, QUIC). So possibilities to test IoT products and discover such devices in tested networks are limited. We are working to fill this gap with Cotopaxi toolkit.