2018-11-05 13:00:04 +05:30
# IoT Pentesting 101 && IoT security 101 
2018-05-27 10:20:43 +05:30
2018-12-13 12:03:00 +05:30
## Approach Methodology
2018-05-27 10:20:43 +05:30
1. Network
2. Web (Front & Backend and Web services)
3. Mobile App(Android & iOS)
2018-05-28 12:37:24 +05:30
4. Wireless Connectivity
5. Firmware Pentesting(Hardware or IoT device OS)
6. Hardware Level Approach
2019-02-23 00:18:58 +03:00
7. Storage Areas
2018-05-27 10:20:43 +05:30
2018-12-13 12:03:00 +05:30
## To seen Hacked devices
1. https://blog.exploitee.rs/2018/10/
2. https://www.exploitee.rs/
3. https://forum.exploitee.rs/
2019-02-13 10:16:00 +00:00
4. [Your Lenovo Watch X Is Watching You & Sharing What It Learns ](https://www.checkmarx.com/blog/lenovo-watch-watching-you/ )
5. [Your Smart Scale is Leaking More than Your Weight: Privacy Issues in IoT ](https://www.checkmarx.com/blog/smart-scale-privacy-issues-iot/ )
6. [Smart Bulb Offers Light, Color, Music, and… Data Exfiltration? ](https://www.checkmarx.com/blog/smart-bulb-exfiltration/ )
2018-05-27 10:20:43 +05:30
## Contents
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
2018-06-15 13:46:08 +05:30
### Telegram group for IoT Security
- https://t.me/iotsecurity1011
2018-05-27 10:39:07 +05:30
### Books
2018-05-27 11:14:56 +05:30
- [Android Hacker's Handbook ](https://www.amazon.in/Android-Hackers-Handbook-MISL-WILEY-Joshua/dp/812654922X )
- [Hacking the Xbox ](https://www.nostarch.com/xboxfree )
- [Car hacker's handbook ](http://opengarages.org/handbook )
- [IoT Penetration Testing Cookbook ](https://www.packtpub.com/networking-and-servers/iot-penetration-testing-cookbook )
- [Abusing the Internet of Things ](https://www.amazon.in/Abusing-Internet-Things-Blackouts-Freakouts-ebook/dp/B013VQ7N36 )
- [Hardware Hacking: Have Fun while Voiding your Warranty ](https://www.elsevier.com/books/hardware-hacking/grand/978-1-932266-83-2 )
- [Linksys WRT54G Ultimate Hacking ](https://www.amazon.com/Linksys-WRT54G-Ultimate-Hacking-Asadoorian/dp/1597491667 )
2018-05-28 12:37:24 +05:30
- [Linux Binary Analysis ](https://www.packtpub.com/networking-and-servers/learning-linux-binary-analysis )
- [Firmware ](https://www.amazon.com/Firmware-Handbook-Embedded-Technology/dp/075067606X )
2018-05-28 09:58:53 +05:30
### Blogs for iotpentest
2018-05-28 10:00:34 +05:30
1. http://iotpentest.com/
2018-05-28 12:56:39 +05:30
2. https://blog.attify.com
2018-05-28 09:58:53 +05:30
3. https://payatu.com/blog/
4. http://jcjc-dev.com/
5. https://w00tsec.blogspot.in/
6. http://www.devttys0.com/
2018-05-28 12:37:24 +05:30
7. https://www.rtl-sdr.com/
8. https://keenlab.tencent.com/en/
2018-06-04 20:20:33 +05:30
9. https://courk.cc/
2018-06-05 13:11:39 +05:30
10. https://iotsecuritywiki.com/
2018-07-30 13:07:10 +05:30
11. https://cybergibbons.com/
2018-07-31 10:43:28 +05:30
12. http://firmware.re/
2018-10-02 18:49:05 +05:30
13. https://iotmyway.wordpress.com/
2018-11-28 13:14:29 +05:30
14. http://blog.k3170makan.com/
2018-12-11 08:55:44 +05:30
15. https://blog.tclaverie.eu/
2019-02-16 00:28:35 +03:00
16. http://blog.besimaltinok.com/category/iot-pentest/
2019-03-05 07:55:35 +05:30
17. https://ctrlu.net/
2018-06-05 13:11:39 +05:30
2018-12-04 17:20:03 +05:30
### Search Engines for IoT Devices
2018-12-04 17:25:08 +05:30
1. [Shodan ](https://www.shodan.io/ )
2. [FOFA ](https://fofa.so/?locale=en )
3. [Censys ](https://censys.io/ )
4. [Zoomeye ](https://www.zoomeye.org/about )
5. [ONYPHE ](https://www.onyphe.io/ )
2018-12-04 17:20:03 +05:30
2018-06-15 12:58:52 +05:30
### CTF For IoT's And Embeddded
1. https://github.com/hackgnar/ble_ctf
2. https://www.microcorruption.com/
2018-07-31 10:47:27 +05:30
3. https://github.com/Riscure/Rhme-2016
4. https://github.com/Riscure/Rhme-2017
2019-03-10 12:16:56 +05:30
5. https://blog.exploitlab.net/2018/01/dvar-damn-vulnerable-arm-router.html
2018-06-15 12:58:52 +05:30
2019-02-08 22:52:12 +05:30
### YouTube Channels for IoT Pentesting
2018-07-26 11:44:07 +05:30
1. [Liveoverflow ](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w )
2. [Binary Adventure ](https://www.youtube.com/channel/UCSLlgiYtOXZnYPba_W4bHqQ )
3. [EEVBlog ](https://www.youtube.com/user/EEVblog )
4. [JackkTutorials ](https://www.youtube.com/channel/UC64x_rKHxY113KMWmprLBPA )
2018-07-31 10:52:59 +05:30
5. [Craig Smith ](https://www.youtube.com/channel/UCxC8G4Oeed4N0-GVeDdFoSA )
2019-02-08 22:52:12 +05:30
6. [veerababu [Mr-IoT]](https://www.youtube.com/channel/UCe2mJv2FPRFhYJ7dvNdYR4Q)
2019-02-21 15:24:30 +05:30
7. [Besim ALTINOK - IoT - Hardware - Wireless ](https://www.youtube.com/channel/UCnIV7A3kDL4JXJEljpW6TRQ/playlists )
2018-07-26 11:44:07 +05:30
2018-05-28 09:58:53 +05:30
### IoT security vulnerabilites checking guides
2018-05-27 12:04:09 +05:30
2019-01-28 11:46:18 +05:30
- [Reflecting upon OWASP TOP-10 IoT Vulnerabilities ](https://embedi.org/blog/reflecting-upon-owasp-top-10-iot-vulnerabilities/ )
2018-05-27 12:04:09 +05:30
2018-05-27 10:20:43 +05:30
2018-05-28 09:58:53 +05:30
### Exploitation Tools & OS
2018-06-23 11:12:02 +05:30
- [Expliot - IoT Exploitation framework - by Aseemjakhar ](https://gitlab.com/expliot_framework/expliot )
2018-05-28 09:58:53 +05:30
- [AttifyOS - IoT Pentest OS - by Aditya Gupta ](https://github.com/adi0x90/attifyos )
- [Ubutnu Best Host Linux for IoT's - Use LTS ](https://www.ubuntu.com/ )
- [A Small, Scalable Open Source RTOS for IoT Embedded Devices ](https://www.zephyrproject.org/ )
2018-05-29 13:51:43 +05:30
- [Skywave Linux- Software Defined Radio for Global Online Listening ](https://skywavelinux.com/ )
2018-06-05 13:05:14 +05:30
- [Routersploit (Exploitation Framework for Embedded Devices) ](https://github.com/threat9/routersploit )
2019-02-06 16:14:23 +05:30
- [IoTSecFuzz (comprehensive testing for IoT device) ](https://gitlab.com/invuls/iot-projects/iotsecfuzz )
2018-05-28 12:37:24 +05:30
### Reverse Enginnering Tools
- [IDA Pro ](https://www.youtube.com/watch?v=fgMl0Uqiey8 )
- [GDB ](https://www.youtube.com/watch?v=fgMl0Uqiey8 )
- [Radare2 ](https://radare.gitbooks.io/radare2book/content/ )
2018-05-27 11:14:56 +05:30
### Introduction
2018-05-27 10:56:52 +05:30
2018-05-27 12:04:56 +05:30
- [Introduction to IoT ](https://en.wikipedia.org/wiki/Internet_of_things )
- [IoT Architecture ](https://www.c-sharpcorner.com/UploadFile/f88748/internet-of-things-part-2/ )
2018-05-27 11:14:56 +05:30
- [IoT attack surface ](https://www.owasp.org/index.php/IoT_Attack_Surface_Areas )
2018-05-28 12:37:24 +05:30
- [IoT Protocols Overview ](https://www.postscapes.com/internet-of-things-protocols/ )
### IoT Protocols Pentesting
#### MQTT
- [Introduction ](https://www.hivemq.com/blog/mqtt-essentials-part-1-introducing-mqtt )
- [Hacking the IoT with MQTT ](https://morphuslabs.com/hacking-the-iot-with-mqtt-8edaf0d07b9b )
- [thoughts about using IoT MQTT for V2V and Connected Car from CES 2014 ](https://mobilebit.wordpress.com/tag/mqtt/ )
- [Nmap ](https://nmap.org/nsedoc/lib/mqtt.html )
- [The Seven Best MQTT Client Tools ](https://www.hivemq.com/blog/seven-best-mqtt-client-tools )
2018-05-28 15:31:54 +05:30
- [A Guide to MQTT by Hacking a Doorbell to send Push Notifications ](https://youtu.be/J_BAXVSVPVI )
2018-05-28 12:37:24 +05:30
#### CoAP
- [Introduction ](http://coap.technology/ )
- [CoAP client Tools ](http://coap.technology/tools.html )
- [CoAP Pentest Tools ](https://bitbucket.org/aseemjakhar/expliot_framework )
- [Nmap ](https://nmap.org/nsedoc/lib/coap.html )
#### Automobile
CanBus
- [Introduction and protocol Overview ](https://www.youtube.com/watch?v=FqLDpHsxvf8 )
- [PENTESTING VEHICLES WITH CANTOOLZ ](https://www.blackhat.com/docs/eu-16/materials/eu-16-Sintsov-Pen-Testing-Vehicles-With-Cantoolz.pdf )
- [Building a Car Hacking Development Workbench: Part1 ](https://blog.rapid7.com/2017/07/11/building-a-car-hacking-development-workbench-part-1/ )
2018-07-27 16:16:03 +05:30
- [CANToolz - Black-box CAN network analysis framework ](https://github.com/CANToolz/CANToolz )
2018-05-28 12:37:24 +05:30
#### Radio IoT Protocols Overview
- [Understanding Radio ](https://www.taitradioacademy.com/lessons/introduction-to-radio-communications-principals/ )
- [Signal Processing]()
- [Software Defined Radio ](https://www.allaboutcircuits.com/technical-articles/introduction-to-software-defined-radio/ )
- [Gnuradio ](https://wiki.gnuradio.org/index.php/Guided_Tutorial_GRC#Tutorial:_GNU_Radio_Companion )
- [Creating a flow graph ](https://blog.didierstevens.com/2017/09/19/quickpost-creating-a-simple-flow-graph-with-gnu-radio-companion/ )
- [Analysing radio signals ](https://www.rtl-sdr.com/analyzing-433-mhz-transmitters-rtl-sdr/ )
- [Recording specific radio signal ](https://www.rtl-sdr.com/freqwatch-rtl-sdr-frequency-scanner-recorder/ )
- [Replay Attacks ](https://www.rtl-sdr.com/tutorial-replay-attacks-with-an-rtl-sdr-raspberry-pi-and-rpitx/ )
2018-06-01 12:01:04 +05:30
#### Base transceiver station (BTS)
- [what is base tranceiver station ](https://en.wikipedia.org/wiki/Base_transceiver_station )
- [How to Build Your Own Rogue GSM BTS ](https://www.evilsocket.net/2016/03/31/how-to-build-your-own-rogue-gsm-bts-for-fun-and-profit/ )
2018-06-07 20:16:37 +05:30
#### GSM & SS7 Pentesting
- [Introduction to GSM Security ](http://www.pentestingexperts.com/introduction-to-gsm-security/ )
- [GSM Security 2 ](https://www.ehacking.net/2011/02/gsm-security-2.html )
- [vulnerabilities in GSM security with USRP B200 ](https://ieeexplore.ieee.org/document/7581461/ )
- [Security Testing 4G (LTE) Networks ](https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-44con-lte-presentation-2012-09-11.pdf )
- [Case Study of SS7/SIGTRAN Assessment ](https://nullcon.net/website/archives/pdf/goa-2017/case-study-of-SS7-sigtran.pdf )
- [Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP ](https://github.com/SigPloiter/SigPloit )
- [ss7MAPer – ](https://n0where.net/ss7-pentesting-toolkit-ss7maper )
- [Introduction to SIGTRAN and SIGTRAN Licensing ](https://www.youtube.com/watch?v=XUY6pyoRKsg )
- [SS7 Network Architecture ](https://youtu.be/pg47dDUL1T0 )
- [Introduction to SS7 Signaling ](https://www.patton.com/whitepapers/Intro_to_SS7_Tutorial.pdf )
2018-06-06 12:27:19 +05:30
#### Zigbee & Zwave
2018-05-28 12:49:01 +05:30
- [Introduction and protocol Overview ](http://www.informit.com/articles/article.aspx?p=1409785 )
- [Hacking Zigbee Devices with Attify Zigbee Framework ](https://blog.attify.com/hack-iot-devices-zigbee-sniffing-exploitation/ )
- [Hands-on with RZUSBstick ](https://uk.rs-online.com/web/p/radio-frequency-development-kits/6962415/ )
2018-06-06 12:27:19 +05:30
- [ZigBee & Z-Wave Security Brief ](http://www.riverloopsecurity.com/blog/2018/05/zigbee-zwave-part1/ )
2018-05-28 12:37:24 +05:30
2018-05-28 15:21:19 +05:30
#### BLE
2018-05-28 15:23:32 +05:30
- [Traffic Engineering in a Bluetooth Piconet ](http://www.diva-portal.org/smash/get/diva2:833159/FULLTEXT01.pdf )
- [BLE Characteristics ](https://devzone.nordicsemi.com/tutorials/b/bluetooth-low-energy/posts/ble-characteristics-a-beginners-tutorial0 )
2018-05-28 15:24:30 +05:30
Reconnaissance (Active and Passive) with HCI Tools
2018-05-28 12:49:01 +05:30
- [btproxy ](https://github.com/conorpp/btproxy )
- [hcitool & bluez ](https://www.pcsuggest.com/linux-bluetooth-setup-hcitool-bluez )
- [Testing With GATT Tool ](https://www.jaredwolff.com/blog/get-started-with-bluetooth-low-energy/ )
2018-05-28 12:37:24 +05:30
- [Cracking encryption ](https://github.com/mikeryan/crackle )
2019-02-13 10:16:00 +00:00
- [bettercap ](https://github.com/bettercap/bettercap )
2019-02-13 10:18:58 +00:00
2019-02-13 10:16:00 +00:00
##### BLE Sniffing/MiTM
2019-02-13 10:18:58 +00:00
- [BtleJuice Bluetooth Smart Man-in-the-Middle framework ](https://github.com/DigitalSecurity/btlejuice )
- [gattacker ](https://github.com/securing/gattacker )
- [BTLEjack Bluetooth Low Energy Swiss army knife ](https://github.com/virtualabs/btlejack )
2018-05-28 12:37:24 +05:30
#### Mobile security (Android & iOS)
2018-05-28 12:49:01 +05:30
- [Android ](https://www.packtpub.com/hardware-and-creative/learning-pentesting-android-devices )
2018-07-07 14:12:40 +05:30
- [Android Pentest Video Course ](https://www.youtube.com/watch?v=zHknRia3I6s&list=PLWPirh4EWFpESLreb04c4eZoCvJQJrC6H )
2018-05-28 12:49:01 +05:30
- [IOS Pentesting ](https://web.securityinnovation.com/hubfs/iOS%20Hacking%20Guide.pdf? )
2018-05-28 12:37:24 +05:30
2018-05-28 15:21:19 +05:30
#### ARM
- [Azeria Labs ](https://azeria-labs.com/ )
2018-06-04 20:17:06 +05:30
- [ARM EXPLOITATION FOR IoT ](https://www.exploit-db.com/docs/english/43906-arm-exploitation-for-iot.pdf )
2018-05-28 12:37:24 +05:30
#### Firmware Pentest
2018-11-28 13:17:03 +05:30
- [Firmware analysis and reversing ](https://www.owasp.org/index.php/IoT_Firmware_Analysis )
2018-05-28 12:49:01 +05:30
- [Firmware emulation with QEMU ](https://www.youtube.com/watch?v=G0NNBloGIvs )
2018-05-28 13:00:55 +05:30
- [Dumping Firmware using Buspirate ](http://iotpentest.com/tag/pulling-firmware/ )
2019-03-02 19:32:26 +05:30
- [Reversing ESP8266 Firmware ](https://boredpentester.com/reversing-esp8266-firmware-part-1/ )
2018-11-13 13:18:00 +05:30
#### Firmware to pentest
- [Download From here ](https://firmware.center/ )
2018-05-28 09:58:53 +05:30
2018-05-28 12:37:24 +05:30
### IoT hardware Overview
2018-05-28 12:49:01 +05:30
- [IoT Hardware Guide ](https://www.postscapes.com/internet-of-things-hardware/ )
2018-05-28 13:00:55 +05:30
2018-09-25 13:11:34 +05:30
#### Hardware Gadgets to pentest
2018-05-28 12:49:01 +05:30
- [Bus Pirate ](https://www.sparkfun.com/products/12942 )
- [EEPROM readers ](https://www.ebay.com/bhp/eeprom-reader )
- [Jtagulator / Jtagenum ](https://www.adafruit.com/product/1550 )
- [Logic Analyzer ](https://www.saleae.com/ )
2018-05-29 13:42:30 +05:30
- [The Shikra ](https://int3.cc/products/the-shikra )
2018-05-29 13:41:18 +05:30
- [FaceDancer21 (USB Emulator/USB Fuzzer) ](https://int3.cc/products/facedancer21 )
- [RfCat ](https://int3.cc/products/rfcat )
- [IoT Exploitation Learning Kit ](https://www.attify.com/attify-store/iot-exploitation-learning-kit )
- [Hak5Gear- Hak5FieldKits ](https://hakshop.com/ )
- [Ultra-Mini Bluetooth CSR 4.0 USB Dongle Adapter ](https://www.ebay.in/itm/Ultra-Mini-Bluetooth-CSR-4-0-USB-Dongle-Adapter-Black-Golden-with-2-yr-wrnty-/332302813975 )
- [Attify Badge - UART, JTAG, SPI, I2C (w/ headers) ](https://www.attify-store.com/products/attify-badge-assess-security-of-iot-devices )
2019-02-13 10:16:00 +00:00
- [Ubertooth ](https://github.com/greatscottgadgets/ubertooth/wiki/Ubertooth-One )
2018-05-28 12:37:24 +05:30
#### Attacking Hardware Interfaces
2018-05-28 12:49:01 +05:30
- [Serial Terminal Basics ](https://learn.sparkfun.com/tutorials/terminal-basics/all )
- [Reverse Engineering Serial Ports ](http://www.devttys0.com/2012/11/reverse-engineering-serial-ports/ )
2019-03-02 19:28:16 +05:30
- [REVERSE ENGINEERING ARCHITECTURE AND PINOUT OF CUSTOM ASICS ](https://sec-consult.com/en/blog/2019/02/reverse-engineering-architecture-pinout-plc/ )
2018-05-28 12:37:24 +05:30
#### UART
2018-05-28 12:49:01 +05:30
- [Identifying UART interface ](https://www.mikroe.com/blog/uart-serial-communication )
- [onewire-over-uart ](https://github.com/dword1511/onewire-over-uart )
- [Accessing sensor via UART ](http://home.wlu.edu/~levys/courses/csci250s2017/SensorsSignalsSerialSockets.pdf )
2019-02-13 10:16:00 +00:00
- [Using UART to connect to a chinese IP cam ](https://www.davidsopas.com/using-uart-to-connect-to-a-chinese-ip-cam/ )
2019-03-02 19:28:16 +05:30
- [A journey into IoT – ](https://techblog.mediaservice.net/2019/03/a-journey-into-iot-hardware-hacking-uart/ )
2019-02-13 10:16:00 +00:00
2018-05-28 12:37:24 +05:30
#### JTAG
2018-05-28 12:49:01 +05:30
- [Identifying JTAG interface ](https://blog.senr.io/blog/jtag-explained )
2018-05-28 12:53:37 +05:30
- [NAND Glitching Attack ](http://www.brettlischalk.com/posts/nand-glitching-wink-hub-for-root )
2018-11-05 13:00:04 +05:30
2019-03-02 19:28:16 +05:30
#### SideChannel Attacks
- [All Attacks ](https://yifan.lu/ )
