Arun Mane is the founder and director of AmynaSec Labs. He is a security speaker and trainer who has presented at many conferences including Defcon, Blackhat, Nullcon, and HITB. His areas of expertise include security testing of IoT devices, connected vehicles, medical devices, and industrial control systems. Some common issues he finds include devices being publicly accessible, having backdoors, hardcoded credentials, and crypto or web application management problems. His testing methodology involves assessing web and mobile applications, embedded device communications, hardware testing through reverse engineering, and analyzing communication protocols and stored data.

1. By Arun Mane
a.K.a r00tkill3r

2. § ./../Arun Mane
§ Founder and director of AmynaSec
Labs
§ Security (Hardware,Vehicle, ICS,IoT )
§ Speaker and Trainer –
Defcon,Blackhat,
Nullcon,HITB,HIP,Defcon….many
§ Reachable on twitter @rootkill3r
§ armane@amynasec.io
2

3. 3
• IoT Devices
• Connected CAR/Vehicle devices – FMS,ECU etc
• Medical Devices
• Industrial Control System – PLC, RTU, IED, Sensors etc
• Telco Devices

4. 4
• Publicly accessible i.e on public IP address
• Backdoor access management
• Hardcoded credentials
• Crypto issues
• Web application management issues
• Etc

5. 5
• Web application/Cloud Security Testing
• Mobile application testing
• External communication testing with respect to embedded device (BLE,Wifi,Zigbee,LoRA etc.)
• Hardware Testing

6. 6
• PCB reverse engineering (Interface or test pad identification etc)
• Component identification
• Analyzing Datasheet
• Communication interception between IC’s (SPI,I2C etc)
• Data Dump from storage
• Data analysis of dumped data
• Fault injection
• Side channel analysis.

7. 7

8. 8

9. 9

10. 10

11. 11

12. 12

13. 13

14. 14

15. 15

16. 16

17. 17

18. 18

19. Questions ?
19