2020-12-27 21:14:44 +05:30
2018-11-05 13:00:04 +05:30
2022-07-18 23:43:29 +05:30
- A Collection for IoT Security Resources
- You are welcome to fork and [contribute ](https://github.com/V33RU/IoTSecurity101/blob/master/contributors.md#contributors )
2022-07-18 23:42:55 +05:30
2023-01-03 19:24:08 +05:30
- Other Interesting Areas
2023-01-04 01:34:41 +05:30
- [ICS-Security ](https://github.com/V33RU/IoTSecurity101/blob/master/ICS/Industrial%20Control%20Systems.md )
2023-03-23 13:37:38 +05:30
- [Automotive-Security ](https://github.com/V33RU/IoTSecurity101/blob/master/Automotive/Automotive-security.md )
2023-01-03 19:24:08 +05:30
2020-02-27 19:08:57 +05:30
********************************************************************************************************************************
2022-07-18 23:42:55 +05:30
2020-12-27 21:26:20 +05:30
#### Approach Methodology
2020-02-27 19:17:40 +05:30
2020-12-27 21:34:29 +05:30
- ***1. Network***
- ***2. Web (Front & Backend and Web services)***
- ***3. Mobile App (Android & iOS)***
- ***4. Wireless Connectivity (Zigbee , WiFi , Bluetooth , etc)***
- ***5. Firmware Pentesting (OS of IoT Devices)***
- ***6. Hardware Hacking & Fault Injections & SCA Attacks***
- ***7. Storage Medium***
- ***8. I/O Ports***
2020-12-27 23:47:14 +05:30
2021-02-03 18:56:17 +05:30
2021-04-25 11:08:42 +05:30
## Contents
2021-02-03 18:56:17 +05:30
2021-02-28 10:30:27 +05:30
- IoT Security information
2021-02-03 18:57:12 +05:30
- [IoT Security Chat groups ](#Chat-groups-for-IoT-Security )
2021-02-03 19:13:30 +05:30
- [Books ](#Books-For-IoT-Pentesting )
2021-02-03 19:06:53 +05:30
- [Blogs ](#Blogs-for-iotpentest )
- [Cheatsheets ](#Awesome-CheatSheets )
2022-12-18 12:05:43 +05:30
- [Search Engines ](#search-engines-for-exposed-iot-devices-worldwide )
2021-02-03 19:13:30 +05:30
- [CTF ](#CTF-For-IoT-And-Embeddded )
2021-02-03 19:06:53 +05:30
- [Youtube ](#YouTube-Channels-for-IoT-Pentesting )
- [Exploitation Tools ](#Exploitation-Tools )
- [IoT Pentesting OSes ](#IoT-Pentesting-OSes )
- [IoT Vulnerabilites Checking Guides ](#IoT-Vulnerabilites-Checking-Guides )
2021-04-25 10:32:33 +05:30
- [IoT Labs ](#Vulnerable-IoT-and-Hardware-Applications )
2021-04-25 11:08:42 +05:30
- [Awesome IoT Pentesting Guides ](#Awesome-IoT-Pentesting-Guides )
2022-11-15 00:24:29 +05:30
- [Fuzzing Things ](#Fuzzing-Things )
2022-12-19 10:17:25 +05:30
- [IoT Lab Setup guide for corporate/individual ](https://github.com/IoT-PTv/IoT-Lab-Setup )
2022-11-15 00:24:29 +05:30
2021-02-03 22:10:12 +05:30
- Network
2021-04-25 11:08:42 +05:30
- Web IoT Message Protocols
- [MQTT ](#MQTT )
2021-04-25 10:32:33 +05:30
- [CoAP ](#CoAP )
2021-02-03 22:10:12 +05:30
- Mobile app
2022-12-18 11:39:17 +05:30
- [Mobile security (Android & iOS) ](#mobile-security-android--ios )
2021-04-25 11:08:42 +05:30
2021-02-11 00:53:27 +05:30
- Wireless Protocols
2021-02-11 01:02:56 +05:30
- [RADIO HACKING STARTING GUIDE ](#RADIO-HACKER-QUICK-START-GUIDE )
2021-06-11 23:42:17 +05:30
- [Cellular Hacking GSM BTS ](#cellular-hacking-gsm-bts )
2021-04-25 09:34:05 +05:30
- [Zigbee ](#Zigbee-ALL-Stuff )
2021-02-11 00:53:27 +05:30
- [Bluetooth ](#BLE-Intro-and-SW-HW-Tools-to-pentest )
2023-03-23 13:36:03 +05:30
- [DECT ](#dect-digital-enhanced-cordless-telecommunications )
2021-04-25 11:08:42 +05:30
- Firmware
- [Reverse Engineering Tools ](#Reverse-Engineering-Tools )
- [Online Assemblers ](#Online-Assemblers )
- [ARM ](#ARM )
- [Pentesting Firmwares and emulating and analyzing ](#Pentesting-Firmwares-and-emulating-and-analyzing )
- [Firmware samples to pentest ](#Firmware-samples-to-pentest )
2022-11-15 00:24:29 +05:30
- [Secureboot ](#Secureboot )
2022-12-18 11:12:52 +05:30
2021-04-25 11:08:42 +05:30
- Hardware
- [IoT Hardware Intro ](#IoT-hardware-Overview-and-Hacking )
- [IoT Hardware hacking Intro]
- [Required hardware to pentest IoT ](#Hardware-Gadgets-to-pentest )
- [Hardware interfaces ](#Attacking-Hardware-Interfaces )
2021-02-03 19:43:06 +05:30
- [SPI ](#SPI )
- [UART ](#UART )
- [JTAG ](#JTAG )
2022-12-18 11:13:43 +05:30
- [SideChannel Attacks & Glitching attacks ](#sidechannel-attacks )
- [Glitching Attacks ](#glitching-attacks )
2021-04-25 11:08:42 +05:30
2022-12-19 10:14:31 +05:30
- Storage Medium
2022-12-18 17:27:57 +05:30
- [EMMC Hacking ](#emmc-hacking )
2022-12-19 10:14:31 +05:30
2023-04-07 12:52:38 +05:30
- Payment Security
2023-04-06 00:45:16 +05:30
- [ATM Hacking ](#ATM-Hacking )
2023-01-03 19:24:08 +05:30
2020-02-27 19:17:40 +05:30
2020-02-27 19:11:31 +05:30
********************************************************************************************************************************
2020-05-09 00:07:53 +05:30
### To seen Hacked devices
2020-02-27 19:11:31 +05:30
2020-05-09 00:07:53 +05:30
- https://blog.exploitee.rs/2018/10/
- https://www.exploitee.rs/
- https://forum.exploitee.rs/
- [Your Lenovo Watch X Is Watching You & Sharing What It Learns ](https://www.checkmarx.com/blog/lenovo-watch-watching-you/ )
- [Your Smart Scale is Leaking More than Your Weight: Privacy Issues in IoT ](https://www.checkmarx.com/blog/smart-scale-privacy-issues-iot/ )
- [Smart Bulb Offers Light, Color, Music, and… Data Exfiltration? ](https://www.checkmarx.com/blog/smart-bulb-exfiltration/ )
- [Besder-IPCamera analysis ](http://blog.0x42424242.in/2019/04/besder-investigative-journey-part-1_24.html )
- [Smart Lock ](https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/ )
- [Subaru Head Unit Jailbreak ](https://github.com/sgayou/subaru-starlink-research/blob/master/doc/README.md )
- [Jeep Hack ](http://illmatics.com/Remote%20Car%20Hacking.pdf )
- [Dropcam hacking ](https://www.defcon.org/images/defcon-22/dc-22-presentations/Moore-Wardle/DEFCON-22-Colby-Moore-Patrick-Wardle-Synack-DropCam-Updated.pdf )
2023-04-10 10:46:19 +05:30
- [Printer Hacking live sessions - gamozolabs ](https://www.youtube.com/watch?v=2LVtEoQA8Qo&ab_channel=gamozolabs )
2023-01-13 16:50:09 +11:00
- [LED Light Hacking ](https://youtu.be/Nnb2ct3hc68 )
2018-05-27 10:20:43 +05:30
2023-01-11 21:55:34 +05:30
********************************************************************************************************************************
2023-01-11 21:56:05 +05:30
- [IoT-Vuln-with CVE and PoC of tenda and dlink ](https://github.com/z1r00/IOT_Vul )
2018-05-27 10:20:43 +05:30
2020-02-27 19:11:31 +05:30
********************************************************************************************************************************
2020-05-09 00:07:53 +05:30
### Chat groups for IoT Security
2020-02-27 19:17:40 +05:30
2021-05-14 17:08:04 +05:30
- IoTSecurity101 Telegram - <https://t.me/iotsecurity1011>
- IoTSecurity101 Reddit - <https://www.reddit.com/r/IoTSecurity101/>
- IoTSecurity101 Discord - <https://discord.gg/EH9dxT9>
- hardware hacking Telegram - <https://t.me/hardwareHackingBrasil>
- RFID Discord group - <https://discord.gg/Z43TrcVyPr>
- ICS Discord group - <https://discord.com/invite/CmDDsFK>
2019-08-25 13:03:16 +05:30
2020-02-27 19:11:31 +05:30
********************************************************************************************************************************
2020-05-09 00:07:53 +05:30
### Books For IoT Pentesting
2020-02-27 19:11:31 +05:30
2021-07-10 17:28:58 +05:30
- [The Firmware Handbook (Embedded Technology) 1st Edition
by Jack Ganssle ](https://www.amazon.com/Firmware-Handbook-Embedded-Technology/dp/075067606X) - 2004
2021-07-10 17:14:02 +05:30
- [Hardware Hacking: Have Fun while Voiding your Warranty 1st Edition ](https://www.elsevier.com/books/hardware-hacking/grand/978-1-932266-83-2 ) - 2004
- [Linksys WRT54G Ultimate Hacking 1st Edition by Paul Asadoorian ](https://www.amazon.com/Linksys-WRT54G-Ultimate-Hacking-Asadoorian/dp/1597491667 ) - 2007
2021-07-10 17:28:58 +05:30
- [Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure by Eric D. Knapp , Raj Samani ](https://www.amazon.com/Applied-Cyber-Security-Smart-Grid/dp/1597499986/ ) -2013
- [Hacking the Xbox-An Introduction to Reverse Engineering HACKING THE XBOX by Andrew “bunnie” Huang ](https://www.nostarch.com/xboxfree ) - Openbook - 2013
- [Android Hacker's Handbook by Joshua J. Drake ](https://www.amazon.in/Android-Hackers-Handbook-MISL-WILEY-Joshua/dp/812654922X ) - 2014
- [The Art of Pcb Reverse Engineering: Unravelling the Beauty of the Original Design ](https://www.amazon.in/Art-Pcb-Reverse-Engineering-Unravelling/dp/1499323441 ) - 2015
- [Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts 1st Edition, by Nitesh Dhanjani ](https://www.amazon.in/Abusing-Internet-Things-Blackouts-Freakouts-ebook/dp/B013VQ7N36 ) - 2015
2021-07-10 17:14:02 +05:30
- [Learning Linux Binary Analysis By Ryan "elfmaster" O'Neill ](https://www.packtpub.com/networking-and-servers/learning-linux-binary-analysis ) - 2016
2021-07-10 17:28:58 +05:30
- [Car hacker's handbook by Craig Smith ](http://opengarages.org/handbook ) - 2016
- [IoT Penetration Testing Cookbook By Aaron Guzman , Aditya Gupta ](https://www.packtpub.com/networking-and-servers/iot-penetration-testing-cookbook ) - 2017
2021-07-10 17:14:02 +05:30
- [Inside Radio: An Attack and Defense Guide by Authors: Yang, Qing, Huang, Lin ](https://books.google.co.in/books?id=71NSDwAAQBAJ&printsec=copyright&redir_esc=y#v=onepage&q&f=false ) -2018
- [Pentest Hardware ](https://github.com/unprovable/PentestHardware/ ) - Openbook -2018
- [Gray Hat Hacking: The Ethical Hacker's Handbook, Fifth Edition 5th Edition by by Daniel Regalado , Shon Harris , Allen Harper , Chris Eagle , Jonathan Ness , Branko Spasojevic , Ryan Linn , Stephen Sims ](https://www.amazon.in/Gray-Hat-Hacking-Ethical-Handbook-ebook/dp/B07D3J9J4H ) - 2018
2022-11-13 18:46:35 +05:30
- [Practical Hardware Pentesting ](https://www.packtpub.com/product/practical-hardware-pentesting/9781789619133?_ga=2.224205017.333884789.1668314814-101815837.1668314814 ) - 2021
2023-06-09 10:41:53 +05:30
- [Manual PCB-RE: The Essentials ](https://www.amazon.com/Manual-PCB-RE-Essentials-Keng-Tiong/dp/B0974Z3NDS )
2021-07-10 17:28:58 +05:30
- [The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks Front Cover Jasper van Woudenberg, Colin O'Flynn ](https://books.google.co.in/books?id=DEqatAEACAAJ&source=gbs_navlinks_s ) - 2021
2021-07-10 17:14:02 +05:30
- [Practical IoT Hacking-The Definitive Guide to Attacking the Internet of Things
by Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, Beau Woods](https://nostarch.com/practical-iot-hacking) - 2021
2021-07-10 17:28:58 +05:30
- [Internet of Things Security Encyclopedia ](https://iot-security.wiki/ ) - Openbook
2023-02-05 09:57:56 +01:00
- [PatrIoT: practical and agile threat research for IoT by Emre Süren ](https://link.springer.com/article/10.1007/s10207-022-00633-3 ) - 2022
2022-11-13 18:44:50 +05:30
- [Practical Hardware Pentesting - Second Edition ](https://www.packtpub.com/product/practical-hardware-pentesting-second-edition/9781803249322 ) - 2023
2023-02-13 17:43:36 +05:30
- [Blue Fox: Arm Assembly Internals & Reverse Engineering ](https://www.wiley.com/en-gb/Blue+Fox%3A+Arm+Assembly+Internals+%26+Reverse+Engineering-p-9781119745303 ) - 2023
2023-06-09 10:42:34 +05:30
- [Fuzzing Against the Machine: Automate vulnerability research with emulated IoT devices on QEMU ](https://www.packtpub.com/product/fuzzing-against-the-machine/9781804614976 ) - 2023
2018-05-28 09:58:53 +05:30
2020-02-27 19:11:31 +05:30
********************************************************************************************************************************
2020-05-09 00:07:53 +05:30
### Blogs for iotpentest
2020-01-30 19:35:37 +05:30
2023-04-19 14:11:57 +05:30
- https://jilles.com/
2021-02-11 00:14:38 +05:30
- https://payatu.com/blog/
2021-07-10 08:46:08 +05:30
- https://raelize.com/blog/
2021-02-11 00:14:38 +05:30
- http://jcjc-dev.com/
- https://w00tsec.blogspot.in/
- http://www.devttys0.com/
- https://wrongbaud.github.io/
- https://embeddedbits.org/
- https://www.rtl-sdr.com/
- https://keenlab.tencent.com/en/
- https://courk.cc/
- https://iotsecuritywiki.com/
- https://cybergibbons.com/
- http://firmware.re/
- http://blog.k3170makan.com/
- https://blog.tclaverie.eu/
- http://blog.besimaltinok.com/category/iot-pentest/
- https://ctrlu.net/
- http://iotpentest.com/
- https://blog.attify.com
- https://duo.com/decipher/
- http://www.sp3ctr3.me
- http://blog.0x42424242.in/
- https://dantheiotman.com/
- https://blog.danman.eu/
- https://quentinkaiser.be/
- https://blog.quarkslab.com
- https://blog.ice9.us/
- https://labs.f-secure.com/
- https://mg.lol/blog/
- https://cjhackerz.net/
- https://github.com/sponsors/bunnie/
- https://iotmyway.wordpress.com/
2021-03-11 10:27:58 +05:30
- https://www.synacktiv.com/publications.html
2021-04-11 22:26:50 +05:30
- http://blog.cr4.sh/
2021-08-22 16:42:12 +05:30
- https://ktln2.org/
2021-10-03 12:52:10 +05:30
- https://naehrdine.blogspot.com/
2022-11-13 19:46:47 +05:30
- https://limitedresults.com/
2022-11-13 20:02:04 +05:30
- https://fail0verflow.com/blog/
2023-06-17 17:52:20 +10:00
- https://www.exploitsecurity.io/blog
2020-04-17 00:40:10 +05:30
2020-02-27 19:11:31 +05:30
********************************************************************************************************************************
2020-05-09 00:07:53 +05:30
### Awesome CheatSheets
2020-02-27 19:11:31 +05:30
2020-04-12 00:33:57 +05:30
- [Hardware Hacking ](https://github.com/arunmagesh/hw_hacking_cheatsheet )
2020-01-30 19:35:37 +05:30
- [Nmap ](https://github.com/gnebbia/nmap_tutorial )
2019-05-14 11:26:46 +05:30
2020-02-27 19:11:31 +05:30
********************************************************************************************************************************
2022-10-18 12:41:15 +05:30
### Search Engines for Exposed IoT devices worldwide
2020-02-27 19:11:31 +05:30
2020-05-09 00:07:53 +05:30
- [Shodan ](https://www.shodan.io/ )
- [FOFA ](https://fofa.so/?locale=en )
- [Censys ](https://censys.io/ )
- [Zoomeye ](https://www.zoomeye.org/about )
- [ONYPHE ](https://www.onyphe.io/ )
2018-12-04 17:20:03 +05:30
2020-02-27 19:11:31 +05:30
********************************************************************************************************************************
2021-02-03 19:13:30 +05:30
### CTF For IoT And Embeddded
2020-02-27 19:11:31 +05:30
2020-05-10 20:12:53 +05:30
- https://github.com/hackgnar/ble_ctf
- https://www.microcorruption.com/
- https://github.com/Riscure/Rhme-2016
- https://github.com/Riscure/Rhme-2017
- https://blog.exploitlab.net/2018/01/dvar-damn-vulnerable-arm-router.html
- https://github.com/scriptingxss/IoTGoat
2019-05-14 11:26:46 +05:30
2020-02-27 19:11:31 +05:30
********************************************************************************************************************************
2020-05-09 00:07:53 +05:30
### YouTube Channels for IoT Pentesting
2020-02-27 19:11:31 +05:30
2022-11-28 13:29:24 +05:30
- [Joe Grand ](https://www.youtube.com/@JoeGrand )
2020-05-10 20:12:53 +05:30
- [Liveoverflow ](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w )
- [Binary Adventure ](https://www.youtube.com/channel/UCSLlgiYtOXZnYPba_W4bHqQ )
- [EEVBlog ](https://www.youtube.com/user/EEVblog )
- [Craig Smith ](https://www.youtube.com/channel/UCxC8G4Oeed4N0-GVeDdFoSA )
- [iotpentest [Mr-IoT]](https://www.youtube.com/channel/UCe2mJv2FPRFhYJ7dvNdYR4Q)
- [Besim ALTINOK - IoT - Hardware - Wireless ](https://www.youtube.com/channel/UCnIV7A3kDL4JXJEljpW6TRQ/playlists )
- [Ghidra Ninja ](https://www.youtube.com/channel/UC3S8vxwRfqLBdIhgRlDRVzw )
- [Cyber Gibbons ](https://www.youtube.com/channel/UC_IYERSoSwdR7AA5P41mYTA )
2020-06-09 16:09:20 +05:30
- [Scanline ](https://www.youtube.com/channel/UCaEgw3321ct_PE4PJvdhXEQ )
2021-08-08 19:52:41 +05:30
- [Aaron Christophel ](https://www.youtube.com/c/12002230/videos )
2022-10-17 22:23:08 +05:30
- [Valerio Di Giampietro ](https://www.youtube.com/c/MakeMeHack )
2018-07-26 11:44:07 +05:30
2020-02-27 19:11:31 +05:30
********************************************************************************************************************************
2020-05-09 00:07:53 +05:30
### Vehicle Security Resources
2019-11-28 01:46:33 +05:30
- https://github.com/jaredthecoder/awesome-vehicle-security
2020-02-27 19:11:31 +05:30
********************************************************************************************************************************
2020-05-09 00:07:53 +05:30
### IoT Vulnerabilites Checking Guides
2018-05-27 12:04:09 +05:30
2019-01-28 11:46:18 +05:30
- [Reflecting upon OWASP TOP-10 IoT Vulnerabilities ](https://embedi.org/blog/reflecting-upon-owasp-top-10-iot-vulnerabilities/ )
2019-04-25 10:30:55 +05:30
- [OWASP IoT Top 10 2018 Mapping Project ](https://scriptingxss.gitbook.io/owasp-iot-top-10-mapping-project/ )
2020-04-12 00:21:35 +05:30
- [Hardware toolkits for IoT security analysis ](https://defcon-nn.ru/0x0B/Hardware%20toolkits%20for%20IoT%20security%20analysis.pdf )
2018-05-27 12:04:09 +05:30
2020-02-27 19:11:31 +05:30
********************************************************************************************************************************
2020-05-09 00:07:53 +05:30
### IoT Gateway Software
2019-11-16 13:52:16 +05:30
- [Webthings by Mozilla - RaspberryPi ](https://iot.mozilla.org/docs/gateway-getting-started-guide.html )
2020-02-27 19:11:31 +05:30
********************************************************************************************************************************
2020-05-09 00:07:53 +05:30
### IoT Pentesting OSes
2020-02-27 19:11:31 +05:30
2019-11-10 16:34:14 +05:30
- [Sigint OS- LTE IMSI Catcher ](https://www.sigintos.com/downloads/ )
- [Instatn-gnuradio OS - For Radio Signals Testing ](https://github.com/bastibl/instant-gnuradio )
2018-05-28 09:58:53 +05:30
- [AttifyOS - IoT Pentest OS - by Aditya Gupta ](https://github.com/adi0x90/attifyos )
2019-11-10 16:35:11 +05:30
- [Ubutnu Best Host Linux for IoT's - Use LTS ](https://www.ubuntu.com/ )
2022-11-21 22:57:54 +05:30
- [Internet of Things - Penetration Testing OS v1 ](https://github.com/IoT-PTv )
2020-03-25 11:15:51 +05:30
- [Dragon OS - DEBIAN LINUX WITH PREINSTALLED OPEN SOURCE SDR SOFTWARE ](https://www.rtl-sdr.com/dragonos-debian-linux-with-preinstalled-open-source-sdr-software/ )
2020-03-31 19:59:29 +05:30
- [EmbedOS - Embedded security testing virtual machine ](https://github.com/scriptingxss/EmbedOS )
2020-05-09 00:12:40 +05:30
- [Skywave Linux- Software Defined Radio for Global Online Listening ](https://skywavelinux.com/ )
- [A Small, Scalable Open Source RTOS for IoT Embedded Devices ](https://www.zephyrproject.org/ )
2020-08-12 12:28:48 +05:30
- [ICS - Controlthings.io ](https://www.controlthings.io/platform )
2019-11-10 16:34:14 +05:30
2020-02-27 19:11:31 +05:30
********************************************************************************************************************************
2020-05-09 00:07:53 +05:30
### Exploitation Tools
2020-02-27 19:11:31 +05:30
2019-11-10 16:34:14 +05:30
- [Expliot - IoT Exploitation framework - by Aseemjakhar ](https://gitlab.com/expliot_framework/expliot )
2018-06-05 13:05:14 +05:30
- [Routersploit (Exploitation Framework for Embedded Devices) ](https://github.com/threat9/routersploit )
2019-02-06 16:14:23 +05:30
- [IoTSecFuzz (comprehensive testing for IoT device) ](https://gitlab.com/invuls/iot-projects/iotsecfuzz )
2020-06-16 13:27:23 +05:30
- [HomePwn - Swiss Army Knife for Pentesting of IoT Devices ](https://github.com/ElevenPaths/HomePWN )
2020-05-09 00:12:40 +05:30
- [killerbee - Zigbee exploitation ](https://github.com/riverloopsec/killerbee )
- [PRET - Printer Exploitation Toolkit ](https://github.com/RUB-NDS/PRET )
- [HAL – ](https://github.com/emsec/hal )
- [FwAnalyzer (Firmware Analyzer) ](https://github.com/cruise-automation/fwanalyzer )
2020-07-26 19:23:56 +05:30
- [ISF(Industrial Security Exploitation Framework ](https://github.com/w3h/isf )
- [PENIOT: Penetration Testing Tool for IoT ](https://github.com/yakuza8/peniot )
2021-02-28 10:05:29 +05:30
- [MQTT-PWN ](https://github.com/akamai-threat-research/mqtt-pwn )
2018-05-28 12:37:24 +05:30
2020-02-27 19:11:31 +05:30
********************************************************************************************************************************
2020-05-09 00:07:53 +05:30
### Reverse Engineering Tools
2020-02-27 19:11:31 +05:30
2018-05-28 12:37:24 +05:30
- [IDA Pro ](https://www.youtube.com/watch?v=fgMl0Uqiey8 )
- [GDB ](https://www.youtube.com/watch?v=fgMl0Uqiey8 )
2020-04-04 18:26:44 +05:30
- [Radare2 ](https://radare.gitbooks.io/radare2book/content/ ) | [cutter ](https://cutter.re/ )
2019-04-09 13:04:24 +05:30
- [Ghidra ](https://ghidra-sre.org/ )
2018-05-28 12:37:24 +05:30
2020-02-27 19:11:31 +05:30
********************************************************************************************************************************
2020-05-09 00:07:53 +05:30
## Introduction
2018-05-27 10:56:52 +05:30
2018-05-27 12:04:56 +05:30
- [Introduction to IoT ](https://en.wikipedia.org/wiki/Internet_of_things )
- [IoT Architecture ](https://www.c-sharpcorner.com/UploadFile/f88748/internet-of-things-part-2/ )
2018-05-27 11:14:56 +05:30
- [IoT attack surface ](https://www.owasp.org/index.php/IoT_Attack_Surface_Areas )
2018-05-28 12:37:24 +05:30
- [IoT Protocols Overview ](https://www.postscapes.com/internet-of-things-protocols/ )
2020-02-27 19:11:31 +05:30
********************************************************************************************************************************
2020-05-09 00:07:53 +05:30
### IoT Web and message services
#### MQTT
2020-02-27 19:11:31 +05:30
2018-05-28 12:37:24 +05:30
- [Introduction ](https://www.hivemq.com/blog/mqtt-essentials-part-1-introducing-mqtt )
- [Hacking the IoT with MQTT ](https://morphuslabs.com/hacking-the-iot-with-mqtt-8edaf0d07b9b )
- [thoughts about using IoT MQTT for V2V and Connected Car from CES 2014 ](https://mobilebit.wordpress.com/tag/mqtt/ )
- [Nmap ](https://nmap.org/nsedoc/lib/mqtt.html )
- [The Seven Best MQTT Client Tools ](https://www.hivemq.com/blog/seven-best-mqtt-client-tools )
2018-05-28 15:31:54 +05:30
- [A Guide to MQTT by Hacking a Doorbell to send Push Notifications ](https://youtu.be/J_BAXVSVPVI )
2020-03-14 16:40:02 +05:30
- [Are smart homes vulnerable to hacking ](https://blog.avast.com/mqtt-vulnerabilities-hacking-smart-homes )
2021-01-30 19:08:07 +05:30
- [Deep Learning UDF for KSQL / ksqlDB for Streaming Anomaly Detection of MQTT IoT Sensor Data ](https://github.com/kaiwaehner/ksql-udf-deep-learning-mqtt-iot )
- [Authenticating & Authorizing Devices using MQTT with Auth0 ](https://auth0.com/docs/integrations/authenticate-devices-using-mqtt )
- [Development information for the MQTT with hardware ](https://www.hackster.io/search?i=projects&q=Mqtt )
- [Understanding the MQTT Protocol Packet Structure ](http://www.steves-internet-guide.com/mqtt-protocol-messages-overview/ )
- [R7-2019-18: Multiple Hickory Smart Lock Vulnerabilities ](https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/ )
- [IoT Live Demo: 100.000 Connected Cars With Kubernetes, Kafka, MQTT, TensorFlow ](https://dzone.com/articles/iot-live-demo-100000-connected-cars-with-kubernete )
2020-03-14 16:40:02 +05:30
2020-05-09 00:07:53 +05:30
#### Softwares
2021-01-30 19:08:07 +05:30
- [Mosquitto-An open source MQTT broker ](https://mosquitto.org/ )
2020-03-14 16:40:02 +05:30
- [HiveMQ ](https://www.hivemq.com/ )
- [MQTT Explorer ](http://mqtt-explorer.com/ )
2021-01-30 19:08:07 +05:30
- [MQTT proxy - IoXY ](https://blog.nviso.eu/2020/07/06/introducing-ioxy-an-open-source-mqtt-intercepting-proxy/ )
- [MQTT Broker Security - 101 ](https://payatu.com/blog/dattatray/iot-security-%E2%80%93-part-12-mqtt-broker-security---101 )
- [Welcome to MQTT-PWN! ](https://mqtt-pwn.readthedocs.io/en/latest/ )
2018-05-28 12:37:24 +05:30
2020-05-09 00:07:53 +05:30
#### CoAP
2020-02-27 19:11:31 +05:30
2018-05-28 12:37:24 +05:30
- [Introduction ](http://coap.technology/ )
- [CoAP client Tools ](http://coap.technology/tools.html )
- [CoAP Pentest Tools ](https://bitbucket.org/aseemjakhar/expliot_framework )
2021-01-30 19:08:07 +05:30
- [Nmap - NSE for coap ](https://nmap.org/nsedoc/lib/coap.html )
2018-05-28 12:37:24 +05:30
2021-01-30 19:08:07 +05:30
2020-02-27 19:11:31 +05:30
********************************************************************************************************************************
2021-02-11 01:02:56 +05:30
### RADIO HACKER QUICK START GUIDE
2020-02-27 19:11:31 +05:30
2023-01-30 13:34:36 +05:30
- [Complete course in Software Defined Radio (SDR) by Michael Ossmann ](https://greatscottgadgets.com/sdr/ )
2021-02-11 00:49:40 +05:30
- [SDR Notes - Radio IoT Protocols Overview ](https://github.com/notpike/SDR-Notes )
2018-05-28 12:37:24 +05:30
- [Understanding Radio ](https://www.taitradioacademy.com/lessons/introduction-to-radio-communications-principals/ )
2021-01-30 19:08:07 +05:30
- [Introduction to Software Defined Radio ](https://www.allaboutcircuits.com/technical-articles/introduction-to-software-defined-radio/ )
- [Introduction Gnuradio companion ](https://wiki.gnuradio.org/index.php/Guided_Tutorial_GRC#Tutorial:_GNU_Radio_Companion )
- [Creating a flow graph in gunradiocompanion ](https://blog.didierstevens.com/2017/09/19/quickpost-creating-a-simple-flow-graph-with-gnu-radio-companion/ )
- [Analysing radio signals 433Mhz ](https://www.rtl-sdr.com/analyzing-433-mhz-transmitters-rtl-sdr/ )
2018-05-28 12:37:24 +05:30
- [Recording specific radio signal ](https://www.rtl-sdr.com/freqwatch-rtl-sdr-frequency-scanner-recorder/ )
2021-01-30 19:08:07 +05:30
- [Replay Attacks with raspberrypi -rpitx ](https://www.rtl-sdr.com/tutorial-replay-attacks-with-an-rtl-sdr-raspberry-pi-and-rpitx/ )
2018-05-28 12:37:24 +05:30
2021-06-11 23:38:51 +05:30
### Cellular Hacking GSM BTS
2020-02-27 19:11:31 +05:30
2021-01-30 15:47:37 +05:30
#### BTS
- [Awesome-Cellular-Hacking ](https://github.com/W00t3k/Awesome-Cellular-Hacking/blob/master/README.md )
2018-06-01 12:01:04 +05:30
- [what is base tranceiver station ](https://en.wikipedia.org/wiki/Base_transceiver_station )
2021-01-30 15:47:37 +05:30
- [How to Build Your Own Rogue GSM BTS ](https://l33t.gg/how-to-build-a-rogue-gsm-bts/ )
2018-06-01 12:01:04 +05:30
2021-04-25 10:03:32 +05:30
#### GSM SS7 Pentesting
2020-02-27 19:11:31 +05:30
2018-06-07 20:16:37 +05:30
- [Introduction to GSM Security ](http://www.pentestingexperts.com/introduction-to-gsm-security/ )
- [GSM Security 2 ](https://www.ehacking.net/2011/02/gsm-security-2.html )
- [vulnerabilities in GSM security with USRP B200 ](https://ieeexplore.ieee.org/document/7581461/ )
- [Security Testing 4G (LTE) Networks ](https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-44con-lte-presentation-2012-09-11.pdf )
- [Case Study of SS7/SIGTRAN Assessment ](https://nullcon.net/website/archives/pdf/goa-2017/case-study-of-SS7-sigtran.pdf )
- [Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP ](https://github.com/SigPloiter/SigPloit )
- [ss7MAPer – ](https://n0where.net/ss7-pentesting-toolkit-ss7maper )
- [Introduction to SIGTRAN and SIGTRAN Licensing ](https://www.youtube.com/watch?v=XUY6pyoRKsg )
- [SS7 Network Architecture ](https://youtu.be/pg47dDUL1T0 )
- [Introduction to SS7 Signaling ](https://www.patton.com/whitepapers/Intro_to_SS7_Tutorial.pdf )
2019-05-14 11:31:45 +05:30
- [Breaking LTE on Layer Two ](https://alter-attack.net/ )
2018-06-07 20:16:37 +05:30
2023-04-20 10:53:21 +05:30
#### Hardware Tools
- [Fake BTS Detector (SCL-8521) ](https://www.shoghicom.com/fake-bts-detector.php )
2020-02-27 19:11:31 +05:30
********************************************************************************************************************************
2021-04-25 09:30:58 +05:30
### Zigbee ALL Stuff
2020-02-27 19:11:31 +05:30
2018-05-28 12:49:01 +05:30
- [Introduction and protocol Overview ](http://www.informit.com/articles/article.aspx?p=1409785 )
- [Hacking Zigbee Devices with Attify Zigbee Framework ](https://blog.attify.com/hack-iot-devices-zigbee-sniffing-exploitation/ )
- [Hands-on with RZUSBstick ](https://uk.rs-online.com/web/p/radio-frequency-development-kits/6962415/ )
2018-06-06 12:27:19 +05:30
- [ZigBee & Z-Wave Security Brief ](http://www.riverloopsecurity.com/blog/2018/05/zigbee-zwave-part1/ )
2021-04-25 09:30:58 +05:30
- [Hacking ZigBee Networks ](https://resources.infosecinstitute.com/topic/hacking-zigbee-networks/ )
- [Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes ](https://mews.sv.cmu.edu/papers/wisec-20.pdf )
- [Security Analysis of Zigbee Networks with Zigator and GNU Radio ](https://mews.sv.cmu.edu/research/zigator/testbed-grcon2020-slides.pdf )
- [Low-Cost ZigBee Selective Jamming ](https://www.bastibl.net/reactive-zigbee-jamming/ )
2023-04-20 10:53:21 +05:30
#### SW Tools
2021-04-25 09:30:58 +05:30
- [zigbear ](https://github.com/philippnormann/zigbear )
- [ZigDiggity ](https://github.com/BishopFox/zigdiggity )
- [Zigator ](https://github.com/akestoridis/zigator )
- [Z3sec ](https://github.com/IoTsec/Z3sec )
#### Hardware Tools for Zigbee
- [APIMOTE IEEE 802.15.4/ZIGBEE SNIFFING HARDWARE ](https://www.riverloopsecurity.com/projects/apimote/ )
- [RaspBee-The Raspberry Pi Zigbee gateway ](https://phoscon.de/en/raspbee/ )
- [USRP SDR 2 ](https://www.ettus.com/products/ )
- [ATUSB IEEE 802.15.4 USB Adapter ](http://shop.sysmocom.de/products/atusb )
- [nRF52840-Dongle ](https://www.nordicsemi.com/Software-and-tools/Development-Kits/nRF52840-Dongle )
2018-05-28 12:37:24 +05:30
2020-02-27 19:11:31 +05:30
********************************************************************************************************************************
2021-02-11 00:49:40 +05:30
### BLE Intro and SW-HW Tools to pentest
2020-02-27 19:11:31 +05:30
2020-05-09 00:07:53 +05:30
- [Step By Step guide to BLE Understanding and Exploiting ](https://github.com/V33RU/BLE-NullBlr )
- [Traffic Engineering in a Bluetooth Piconet ](http://www.diva-portal.org/smash/get/diva2:833159/FULLTEXT01.pdf )
- [BLE Characteristics ](https://devzone.nordicsemi.com/nordic/short-range-guides/b/bluetooth-low-energy/posts/ble-characteristics-a-beginners-tutorial )
2020-02-27 19:17:40 +05:30
2020-03-24 11:54:49 +05:30
2020-05-09 00:07:53 +05:30
#### Bluetooth and BLE Pentest Tools
2020-02-27 19:17:40 +05:30
2020-02-27 19:05:55 +05:30
- [btproxy ](https://github.com/conorpp/btproxy )
- [hcitool & bluez ](https://www.pcsuggest.com/linux-bluetooth-setup-hcitool-bluez )
- [Testing With GATT Tool ](https://www.jaredwolff.com/blog/get-started-with-bluetooth-low-energy/ )
2023-04-06 20:50:46 +05:30
- [crackle-Cracking encryption ](https://github.com/mikeryan/crackle )
2020-02-27 19:05:55 +05:30
- [bettercap ](https://github.com/bettercap/bettercap )
- [BtleJuice Bluetooth Smart Man-in-the-Middle framework ](https://github.com/DigitalSecurity/btlejuice )
- [gattacker ](https://github.com/securing/gattacker )
- [BTLEjack Bluetooth Low Energy Swiss army knife ](https://github.com/virtualabs/btlejack )
2023-04-06 20:50:46 +05:30
- [bluing-An intelligence gathering tool for hacking Bluetooth ](https://github.com/fO-000/bluing )
2020-03-24 11:54:49 +05:30
2021-01-30 19:08:07 +05:30
#### Hardware for bluetooth hacking
2020-02-27 19:17:40 +05:30
2020-02-27 19:05:55 +05:30
- [NRFCONNECT - 52840 ](https://www.nordicsemi.com/Software-and-tools/Development-Kits/nRF52840-Dongle )
- [EDIMAX ](https://www.nordicsemi.com/Software-and-tools/Development-Kits/nRF52840-Dongle )
- [CSR 4.0 ](https://www.amazon.in/GENERIC-Ultra-Mini-Bluetooth-Dongle-Adapter/dp/B0117H7GZ6/ref=asc_df_B0117H7GZ6/?tag=googleshopdes-21&linkCode=df0&hvadid=396984700257&hvpos=1o1&hvnetw=g&hvrand=2179727910417729406&hvpone=&hvptwo=&hvqmt=&hvdev=c&hvdvcmdl=&hvlocint=&hvlocphy=9061998&hvtargid=pla-343685677347&psc=1&ext_vrnc=hi )
- [ESP32 - Development and learning Bluetooth ](https://www.espressif.com/en/products/hardware/esp32/overview )
- [Ubertooth ](https://github.com/greatscottgadgets/ubertooth/wiki/Ubertooth-One )
- [Sena 100 ](http://www.senanetworks.com/ud100-g03.html )
2022-11-13 19:19:17 +05:30
- [ESP-WROVER-KIT-VB ](https://www.digikey.in/en/products/detail/espressif-systems/ESP-WROVER-KIT-VB/8544301 )
2020-02-27 19:17:40 +05:30
2020-03-25 11:15:51 +05:30
#### BLE Pentesting Tutorials
2020-02-27 19:11:31 +05:30
2019-08-05 12:03:38 +05:30
- [Bluetooth vs BLE Basics ](https://github.com/V33RU/BLE-NullBlr )
2021-04-25 09:04:34 +05:30
- [Finding bugs in Bluetooth ](https://bluetooth.lol/ )
2019-07-26 16:55:41 +05:30
- [Intel Edison as Bluetooth LE — Exploit box ](https://medium.com/@arunmag/intel-edison-as-bluetooth-le-exploit-box-a63e4cad6580 )
- [How I Reverse Engineered and Exploited a Smart Massager ](https://medium.com/@arunmag/how-i-reverse-engineered-and-exploited-a-smart-massager-ee7c9f21bf33 )
- [My journey towards Reverse Engineering a Smart Band — Bluetooth-LE RE ](https://medium.com/@arunmag/my-journey-towards-reverse-engineering-a-smart-band-bluetooth-le-re-d1dea00e4de2 )
- [Bluetooth Smartlocks ](https://www.getkisi.com/blog/smart-locks-hacked-bluetooth-ble )
- [I hacked MiBand 3 ](https://medium.com/@yogeshojha/i-hacked-xiaomi-miband-3-and-here-is-how-i-did-it-43d68c272391 )
- [GATTacking Bluetooth Smart Devices ](https://securing.pl/en/gattacking-bluetooth-smart-devices-introducing-a-new-ble-proxy-tool/index.html )
2020-08-07 22:56:51 +05:30
- [blueooth beacon vulnerability ](https://www.beaconzone.co.uk/blog/category/security/ )
- [Sweyntooth Vulnerabilties ](https://asset-group.github.io/disclosures/sweyntooth/ )
2021-03-20 23:44:58 +05:30
- [AIRDROP_LEAK - sniffs BLE traffic and displays status messages from Apple devices ](https://github.com/hexway/apple_bleee )
2022-11-13 19:19:17 +05:30
- [BRAKTOOTH: Causing Havoc on Bluetooth Link Manager ](https://asset-group.github.io/disclosures/braktooth/ )
2023-03-23 13:35:17 +05:30
********************************************************************************************************************************
### DECT (Digital Enhanced Cordless Telecommunications)
- [Real Time Interception And Monitoring Of A DECT Cordless Telephone ](https://www.youtube.com/watch?v=MDF1eUvOte0&ab_channel=RobVK8FOES )
- [Eavesdropping On Unencrypted DECT Voice Traffic ](https://www.youtube.com/watch?v=WBvYsXrs3DI&ab_channel=RobVK8FOES )
- [Decoding DECT Voice Traffic: In-depth Explanation ](https://www.youtube.com/watch?v=oiMkirm_xfY&ab_channel=RobVK8FOES )
#### Software Tools && Hardware Tools
##### Software
##### Hardware
2019-07-26 16:55:41 +05:30
2020-02-27 19:11:31 +05:30
********************************************************************************************************************************
2020-05-09 00:07:53 +05:30
### Mobile security (Android & iOS)
2020-02-27 19:11:31 +05:30
2020-04-12 01:09:46 +05:30
- [Android App Reverse Engineering 101 ](https://maddiestone.github.io/AndroidAppRE/ )
- [Android Application pentesting book ](https://www.packtpub.com/hardware-and-creative/learning-pentesting-android-devices )
- [Android Pentest Video Course-TutorialsPoint ](https://www.youtube.com/watch?v=zHknRia3I6s&list=PLWPirh4EWFpESLreb04c4eZoCvJQJrC6H )
2018-05-28 12:49:01 +05:30
- [IOS Pentesting ](https://web.securityinnovation.com/hubfs/iOS%20Hacking%20Guide.pdf? )
2020-04-12 01:09:46 +05:30
- [OWASP Mobile Security Testing Guide ](https://owasp.org/www-project-mobile-security-testing-guide/ )
- [Android Tamer - Android Tamer is a Virtual / Live Platform for Android Security professionals ](https://androidtamer.com/ )
2020-03-24 11:47:29 +05:30
*******************************************************************************************************************************
2020-05-09 00:07:53 +05:30
### Online Assemblers
2018-05-28 12:37:24 +05:30
2020-03-24 11:47:29 +05:30
- [AZM Online Arm Assembler by Azeria ](https://azeria-labs.com/azm/ )
- [Online Disassembler ](https://onlinedisassembler.com/odaweb/ )
- [Compiler Explorer is an interactive online compiler which shows the assembly output of compiled C++, Rust, Go ](https://godbolt.org/ )
2020-02-27 19:11:31 +05:30
********************************************************************************************************************************
2020-05-09 00:07:53 +05:30
### ARM
2020-02-27 19:11:31 +05:30
2018-05-28 15:21:19 +05:30
- [Azeria Labs ](https://azeria-labs.com/ )
2018-06-04 20:17:06 +05:30
- [ARM EXPLOITATION FOR IoT ](https://www.exploit-db.com/docs/english/43906-arm-exploitation-for-iot.pdf )
2019-05-14 11:26:46 +05:30
- [Damn Vulnerable ARM Router (DVAR) ](https://blog.exploitlab.net/2018/01/dvar-damn-vulnerable-arm-router.html )
2019-05-14 11:31:45 +05:30
- [EXPLOIT.EDUCATION ](https://exploit.education/ )
2018-05-28 12:37:24 +05:30
2020-02-27 19:11:31 +05:30
********************************************************************************************************************************
2020-05-09 00:07:53 +05:30
### Pentesting Firmwares and emulating and analyzing
2020-02-27 19:11:31 +05:30
2023-02-21 09:05:12 +05:30
##### Firmware Analysis Tools
2021-03-30 21:50:51 +05:30
- [EMBA-An analyzer for embedded Linux firmware ](https://p4cx.medium.com/emba-b370ce503602 )
2023-02-21 09:05:12 +05:30
- [FACT-Firmware Analysis and Comparison Tool ](https://github.com/fkie-cad/FACT_core )
- [Binwalk ](https://github.com/ReFirmLabs/binwalk )
- [Qiling ](https://github.com/qilingframework/qiling )
- [fwanalyzer ](https://github.com/cruise-automation/fwanalyzer )
- [ByteSweep ](https://gitlab.com/bytesweep/bytesweep )
- [Firmwalker ](https://github.com/craigz28/firmwalker )
- [Checksec.sh ](https://github.com/slimm609/checksec.sh )
- [QEMU ](https://www.qemu.org/ )
- [Firmadyne ](https://github.com/firmadyne/firmadyne )
- [Firmware Modification Kit ](https://code.google.com/archive/p/firmware-mod-kit/ )
##### Resources
- [Firmware analysis and reversing ](https://www.owasp.org/index.php/IoT_Firmware_Analysis )
2023-03-17 22:07:02 +05:30
- [Reversing 101 ](https://0xinfection.github.io/reversing/ )
2021-07-30 00:04:12 +05:30
- [IoT Security Verification Standard (ISVS) ](https://github.com/OWASP/IoT-Security-Verification-Standard-ISVS )
- [OWASP Firmware Security Testing Methodology ](https://scriptingxss.gitbook.io/firmware-security-testing-methodology/ )
2018-05-28 12:49:01 +05:30
- [Firmware emulation with QEMU ](https://www.youtube.com/watch?v=G0NNBloGIvs )
2019-03-02 19:32:26 +05:30
- [Reversing ESP8266 Firmware ](https://boredpentester.com/reversing-esp8266-firmware-part-1/ )
2020-03-24 11:47:29 +05:30
- [Emulating Embedded Linux Devices with QEMU ](https://www.novetta.com/2018/02/emulating-embedded-linux-devices-with-qemu/?__cf_chl_captcha_tk__=2167fb6cf097848dbf0dea8e4ecccc66f2a55e55-1585030085-0-AVfO7wG_mHgvnIgeIl-aiKLNW1IMb5IMLyqLOSOLydnZFzhyAyySWgfKvjvllAtYtmpbJjnaTlwyaWiO2kHXH4APqLuott0R7UReYCTZ3u--g4AJBK4eONEL2bTJcAHg3fzmXhrC-3iAqccNQC4jx1RWEz60y_MKFq63NVeoE1pC0EBYWkk7VqDWusBFbgpj6zRNv0ifKLc3oLYJck-oG13jeSbPISVLMCn6bCHVLaTp2gW7qG6GRELIWgdyfP9viyMDSAww3u-R1NmUgRQzctXIYMWH1MdL5p8lqbSpCa160cW3JaZ16IxT7iP1HkCBurx7rCOVP3DAcI8zrc19V9mi-jU9nXIW0Xf9eIpqlUP-R_txfNw4vF10PwIGKmg0Cpl2IDuY1ty3J8koQkdvxfE )
- [Emulating Embedded Linux Systems with QEMU ](https://www.novetta.com/2018/02/emulating-embedded-linux-systems-with-qemu/?__cf_chl_captcha_tk__=9dd83a08cffb28fae75286f63f399c34eec56852-1585030087-0-AblGAUd4LCDVbghNgQyfL5hgPXNC8pUcLIAbPUpx2tBOb_L4gVVc1sZ7Ivg0g--06WpkdpeV-kylZu3T_Yqgr7GdFpc2cKzxATdc_bsEV7uu1ljIctFloHTW_B1vvjFAe3QXdex4kkn2D4HuQiw9WLszvO2Ff8SvvfEpHoBumOavj-c2iXcEb2dDFMoK3_HB_3-y7q_BEAX3xqDCjqz7TpcoIWt-wTSQwRfx-VuBfO87hrTsX43yzq6BNjCE9s15ZQmPp_NouYIHNMnx3augAfkwZBSUA0r43GbA--3jLmJsTe_qvcn7gMz_HAR-GpnA_Usn_cr94VqtyNpl0vEsC1OMf48oBMMoFQJA6Jjn1hGPv5hV4M4aBtJrTnFoRP2YGwxAyNTM3Df9qw1iyBB8r58 )
2020-03-24 11:53:07 +05:30
- [Fuzzing Embedded Linux Devices ](https://www.novetta.com/2018/07/fuzzing-embedded-linux-devices/?__cf_chl_captcha_tk__=f07f3f76e61b43f9ae6340e94cf4adeaec87977e-1585030089-0-AYkRNbh1wpUia0P5wBgrRfhf92Uy6Pl2mEEBOXi2FUvxROOJ9obK4ZIS78Y4iCRrMdi3umwQrJEyF0u3EPwHPu3_22f5PwOvVDFC0QwFPyw7LkY5bLuansI_8uoEunuLIEQ1VPIZHFpht1vT0_rW4YrYGc8osJZpubAhXfyZe1G7U_ibpZj9tdrUE6SwgA_Ph0io4LRfbjuvpeM03NHuc1sTTqRVdkWiw47kmr9uSAK10ZmQEvE7zpbpkEJM2slchjdYq6hziM3L5l8vB-eEm_JVxsSHbGfdDM3kSfTw3oXlYkvxvLy_llSyyefuub4yOBrqNgzV1Gj_PDTmuRTMxobGo7vZaRdr2LgOXML58kpG6NTDLb3A4YzwVw9u32ErRh4Ab89vn90RsHlWnU928Oc )
- [Emulating ARM Router Firmware ](https://azeria-labs.com/emulating-arm-firmware/ )
- [Reversing Firmware With Radare ](https://www.bored-nerds.com/reversing/radare/automotive/2019/07/07/reversing-firmware-with-radare.html )
2021-07-30 00:04:12 +05:30
- [Samsung Firmware Magic - Unpacking and Decrypting ](https://github.com/chrivers/samsung-firmware-magic )
2020-10-02 09:47:25 +05:30
- [Qiling & Binary Emulation for automatic unpacking ](https://kernemporium.github.io/articles/en/auto_unpacking/m.html )
2021-01-30 18:36:16 +05:30
- [Reverse engineering with #Ghidra: Breaking an embedded firmware encryption scheme ](https://www.youtube.com/watch?v=4urMITJKQQs&ab_channel=stacksmashing )
- [Simulating and hunting firmware vulnerabilities with Qiling ](https://blog.vincss.net/2020/12/pt007-simulating-and-hunting-firmware-vulnerabilities-with-Qiling.html?m=1&s=09 )
2023-06-09 10:41:53 +05:30
2018-11-13 13:18:00 +05:30
2020-02-27 19:11:31 +05:30
********************************************************************************************************************************
2020-05-09 00:07:53 +05:30
### Firmware samples to pentest
2020-02-27 19:11:31 +05:30
2020-05-26 21:11:46 +05:30
- [Download From here by firmware.center ](https://firmware.center/ )
2018-05-28 09:58:53 +05:30
2020-02-27 19:11:31 +05:30
********************************************************************************************************************************
2023-02-16 12:52:18 +05:30
### Symlinks Attacks
2023-02-15 23:48:02 +05:30
- [Zip Slip Vulnerability ](https://security.snyk.io/research/zip-slip-vulnerability )
2023-02-16 12:52:18 +05:30
2023-02-15 23:48:02 +05:30
********************************************************************************************************************************
2022-11-13 19:46:47 +05:30
### Secureboot
2021-05-29 13:43:22 +05:30
#### Dev
- [Writing a Bootloader ](http://3zanders.co.uk/2017/10/13/writing-a-bootloader/ )
2023-01-31 18:01:43 +05:30
2021-05-29 13:43:22 +05:30
2022-11-13 19:46:47 +05:30
#### Hacking
- [Pwn the ESP32 Secure Boot ](https://limitedresults.com/2019/09/pwn-the-esp32-secure-boot/ )
- [Pwn the ESP32 Forever: Flash Encryption and Sec. Boot Keys Extraction ](https://limitedresults.com/2019/11/pwn-the-esp32-forever-flash-encryption-and-sec-boot-keys-extraction/ )
- [Amlogic S905 SoC: bypassing the (not so) Secure Boot to dump the BootROM ](https://fredericb.info/2016/10/amlogic-s905-soc-bypassing-not-so.html ) / [another-link ](https://www.cnx-software.com/2016/10/06/hacking-arm-trustzone-secure-boot-on-amlogic-s905-soc/ )
- [Defeating Secure Boot with Symlink Attacks ](https://www.anvilsecure.com/blog/defeating-secure-boot-with-symlink-attacks.html )
- [PS4 Aux Hax 5 & PSVR Secure Boot Hacking with Keys by Fail0verflow! ](https://www.psxhax.com/threads/ps4-aux-hax-5-psvr-secure-boot-hacking-with-keys-by-fail0verflow.12820/ )
2023-01-31 18:01:43 +05:30
- [ECLYPSIUM DISCOVERS MULTIPLE VULNERABILITIES AFFECTING 129 DELL MODELS VIA DELL REMOTE OS RECOVERY AND FIRMWARE UPDATE CAPABILITIES ](https://eclypsium.com/2021/06/24/biosdisconnect/ )
2021-05-29 13:43:22 +05:30
********************************************************************************************************************************
2022-12-18 17:26:06 +05:30
### Storage Medium
#### EMMC HACKING
2021-02-03 15:19:40 +05:30
- [HARDWARE HACKING 101: IDENTIFYING AND DUMPING EMMC FLASH ](https://www.riverloopsecurity.com/blog/2020/03/hw-101-emmc/ )
- [EMMC DATA RECOVERY FROM DAMAGED SMARTPHONE ](https://dangerouspayload.com/2018/10/24/emmc-data-recovery-from-damaged-smartphone/ )
2021-02-03 15:33:44 +05:30
- [Another bunch of Atricles for EMMC ](https://hackaday.com/tag/emmc/ )
- [Unleash your smart-home devices: Vacuum Cleaning Robot Hacking ](https://media.ccc.de/v/34c3-9147-unleash_your_smart-home_devices_vacuum_cleaning_robot_hacking#t=1810 )
2022-12-06 00:26:25 +05:30
- [Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Part 1 ](https://www.rapid7.com/blog/post/2022/10/18/hands-on-iot-hacking-rapid7-at-def-con-30-iot-village-part-1/ )
2023-04-06 00:45:16 +05:30
********************************************************************************************************************************
### Payment Device Security
#### ATM Hacking
- [Introduction to ATM Penetration Testing ](https://www.youtube.com/watch?v=Ff-0zXTYhuA )
- [Pwning ATMs For Fun and Profit ](https://www.youtube.com/watch?v=9cG-JL0LHYw )
2023-04-07 12:54:20 +05:30
- [Jackpotting Automated Teller Machines Redux ](https://www.youtube.com/watch?v=4StcW9OPpPc ) By Barnaby Jack
2021-02-03 15:19:40 +05:30
********************************************************************************************************************************
2022-11-30 22:36:14 +05:30
2021-01-30 18:36:16 +05:30
### IoT hardware Overview and Hacking
2020-02-27 19:11:31 +05:30
2021-08-04 00:15:04 +05:30
- [IoT Hardware Guide ](https://www.postscapes.com/internet-of-things-hardware/ )
- [Intro To Hardware Hacking - Dumping Your First Firmware ](https://blog.nvisium.com/intro-to-hardware-hacking-dumping-your-first-firmware )
2018-05-28 13:00:55 +05:30
2021-01-30 18:36:16 +05:30
#### Hardware Gadgets to pentest
2020-02-27 19:11:31 +05:30
2018-05-28 12:49:01 +05:30
- [Bus Pirate ](https://www.sparkfun.com/products/12942 )
2020-02-18 11:03:51 +05:30
- [EEPROM reader/SOIC Cable ](https://www.sparkfun.com/products/13153 )
- [Jtagulator/Jtagenum ](https://www.adafruit.com/product/1550 )
2018-05-28 12:49:01 +05:30
- [Logic Analyzer ](https://www.saleae.com/ )
2018-05-29 13:42:30 +05:30
- [The Shikra ](https://int3.cc/products/the-shikra )
2018-05-29 13:41:18 +05:30
- [FaceDancer21 (USB Emulator/USB Fuzzer) ](https://int3.cc/products/facedancer21 )
- [RfCat ](https://int3.cc/products/rfcat )
- [Hak5Gear- Hak5FieldKits ](https://hakshop.com/ )
- [Ultra-Mini Bluetooth CSR 4.0 USB Dongle Adapter ](https://www.ebay.in/itm/Ultra-Mini-Bluetooth-CSR-4-0-USB-Dongle-Adapter-Black-Golden-with-2-yr-wrnty-/332302813975 )
- [Attify Badge - UART, JTAG, SPI, I2C (w/ headers) ](https://www.attify-store.com/products/attify-badge-assess-security-of-iot-devices )
2020-02-18 11:03:51 +05:30
2021-01-30 18:36:16 +05:30
#### Attacking Hardware Interfaces
2020-02-27 19:11:31 +05:30
2021-05-20 20:50:06 +05:30
- [An Introduction to Hardware Hacking ](https://securityboulevard.com/2020/09/an-introduction-to-hardware-hacking/ )
2021-02-03 19:44:40 +05:30
- [Serial Terminal Basics ](https://learn.sparkfun.com/tutorials/terminal-basics/all )
- [Reverse Engineering Serial Ports ](http://www.devttys0.com/2012/11/reverse-engineering-serial-ports/ )
- [REVERSE ENGINEERING ARCHITECTURE AND PINOUT OF CUSTOM ASICS ](https://sec-consult.com/en/blog/2019/02/reverse-engineering-architecture-pinout-plc/ )
- [ChipWhisperer - Hardware attacks ](http://wiki.newae.com/Main_Page )
2021-08-04 00:15:04 +05:30
- [Hardware hacking tutorial: Dumping and reversing firmware ](https://ivanorsolic.github.io/post/hardwarehacking1/ )
2020-05-09 00:07:53 +05:30
2021-01-30 18:36:16 +05:30
2021-02-03 19:43:06 +05:30
#### SPI
2021-02-01 23:03:12 +05:30
2022-10-17 22:14:05 +05:30
- [Reading FlashROMS - Youtube ](https://www.youtube.com/results?search_query=reading+chip+flash+rom )
2021-02-01 21:02:02 +05:30
- [Dumping the firmware From Router using BUSPIRATE - SPI Dump ](https://www.iotpentest.com/2019/06/dumping-firmware-from-device-using.html )
2021-02-01 23:03:12 +05:30
- [How to Flash Chip of a Router With a Programmer | TP-Link Router Repair & MAC address change ](https://www.youtube.com/watch?v=fbt4OJXJdOc&ab_channel=ElectricalProjects%5BCreativeLab%5D )
2022-02-04 20:12:05 +05:30
- [Extracting Flash Memory over SPI ](https://akimbocore.com/article/extracting-flash-memory-over-spi/ )
2022-12-06 00:26:25 +05:30
- [Extracting Firmware from Embedded Devices (SPI NOR Flash) ](https://www.youtube.com/watch?v=nruUuDalNR0&ab_channel=FlashbackTeam )
2022-02-04 20:15:31 +05:30
- [SPI-Blogs ](https://www.google.com/search?q=%22spi+dump%22&source=hp&ei=5jv9YaW6JNvl2roPgbGqMA&iflsig=AHkkrS4AAAAAYf1J9qNY6Snarz3dsHr9KXF1YSY6AKVL&ved=0ahUKEwilxY3apOb1AhXbslYBHYGYCgYQ4dUDCAg&uact=5&oq=%22spi+dump%22&gs_lcp=Cgdnd3Mtd2l6EAMyBggAEBYQHjIGCAAQFhAeMgYIABAWEB4yBggAEBYQHjIGCAAQFhAeMgYIABAWEB4yBggAEBYQHjIGCAAQFhAeMgYIABAWEB4yCAgAEBYQChAeUABYAGC-A2gAcAB4AIABYIgBYJIBATGYAQCgAQKgAQE&sclient=gws-wiz )
2021-02-01 23:03:12 +05:30
2021-02-03 19:43:06 +05:30
#### UART
2020-02-27 19:11:31 +05:30
2018-05-28 12:49:01 +05:30
- [Identifying UART interface ](https://www.mikroe.com/blog/uart-serial-communication )
- [onewire-over-uart ](https://github.com/dword1511/onewire-over-uart )
- [Accessing sensor via UART ](http://home.wlu.edu/~levys/courses/csci250s2017/SensorsSignalsSerialSockets.pdf )
2019-02-13 10:16:00 +00:00
- [Using UART to connect to a chinese IP cam ](https://www.davidsopas.com/using-uart-to-connect-to-a-chinese-ip-cam/ )
2019-03-02 19:28:16 +05:30
- [A journey into IoT – ](https://techblog.mediaservice.net/2019/03/a-journey-into-iot-hardware-hacking-uart/ )
2021-01-30 16:49:23 +05:30
- [UARTBruteForcer ](https://github.com/FireFart/UARTBruteForcer )
2021-02-01 21:02:02 +05:30
- [UART Connections and Dynamic analysis on Linksys e1000 ](https://www.youtube.com/watch?v=ix6rSV2Dj44&ab_channel=Defenceindepth )
2021-08-04 00:15:04 +05:30
- [Accessing and Dumping Firmware Through UART ](https://www.cyberark.com/resources/threat-research-blog/accessing-and-dumping-firmware-through-uart )
2023-06-17 17:52:20 +10:00
- [UART Exploiter ](https://github.com/exploitsecurityio/uart-exploiter )
2020-02-27 19:17:40 +05:30
2021-02-03 19:43:06 +05:30
#### JTAG
2020-02-27 19:11:31 +05:30
2023-01-08 01:44:59 +05:30
- [HARDWARE HACKING 101: INTRODUCTION TO JTAG ](https://www.riverloopsecurity.com/blog/2021/05/hw-101-jtag/ )
- [How To Find The JTAG Interface - Hardware Hacking Tutorial ](https://www.youtube.com/watch?v=_FSM_10JXsM&ab_channel=MakeMeHack )
2021-05-08 22:30:24 +05:30
- [Buspirate JTAG Connections - Openocd ](https://research.kudelskisecurity.com/2014/05/01/jtag-debugging-made-easy-with-bus-pirate-and-openocd/#:~:text=The%20Bus%20Pirate%20is%20an,protocols%20like%20I%C2%B2C%20and%20SPI. )
2023-01-08 01:44:59 +05:30
- [Extracting Firmware from External Memory via JTAG ](https://www.youtube.com/watch?v=IadnBUJAvks&ab_channel=JoeGrand )
- [Analyzing JTAG ](https://nse.digital/pages/guides/hardware/jtag.html )
2023-01-08 01:58:27 +05:30
- [The hitchhacker’ ](https://media.defcon.org/DEF%20CON%2030/DEF%20CON%2030%20presentations/stacksmashing%20-%20The%20hitchhackers%20guide%20to%20iPhone%20Lightning%20%20%20JTAG%20hacking.pdf )
2021-01-30 16:49:23 +05:30
2022-11-08 21:34:49 +05:30
#### SideChannel Attacks
2020-02-27 19:11:31 +05:30
2021-01-30 16:49:23 +05:30
- [Side channel attacks ](https://yifan.lu/ )
- [Attacks on Implementations of Secure Systems ](https://github.com/Yossioren/AttacksonImplementationsCourseBook )
2020-08-14 09:04:00 +05:30
- [fuzzing, binary analysis, IoT security, and general exploitation ](https://github.com/0xricksanchez/paper_collection )
2021-01-30 16:49:23 +05:30
- [Espressif ESP32: Bypassing Encrypted Secure Boot(CVE-2020-13629) ](https://raelize.com/blog/espressif-esp32-bypassing-encrypted-secure-boot-cve-2020-13629/ )
2022-11-08 21:34:49 +05:30
- [Breaking AES with ChipWhisperer - Piece of scake (Side Channel Analysis 100) ](https://www.youtube.com/watch?v=FktI4qSjzaE&ab_channel=LiveOverflow )
2023-01-20 17:10:21 +06:00
- [Researchers use Rowhammer bit flips to steal 2048-bit crypto key ](https://arstechnica.com/information-technology/2019/06/researchers-use-rowhammer-bitflips-to-steal-2048-bit-crypto-key/ )
2022-11-08 21:34:49 +05:30
#### Glitching attacks
- [NAND Glitching Attack ](http://www.brettlischalk.com/posts/nand-glitching-wink-hub-for-root )
- [Tutorial CW305-4 Voltage Glitching with Crowbars ](https://wiki.newae.com/index.php?title=Tutorial_CW305-4_Voltage_Glitching_with_Crowbars&mobileaction=toggle_view_mobile )
2021-01-30 16:49:23 +05:30
- [Voltage Glitching Attack using SySS iCEstick Glitcher ](https://www.youtube.com/watch?v=FVUhVewFmxw&feature=youtu.be&ab_channel=SySSPentestTV )
2021-06-02 21:23:05 +05:30
- [Samy Kamkar - FPGA Glitching & Side Channel Attacks ](https://www.youtube.com/watch?v=oGndiX5tvEk )
2021-06-02 21:37:19 +05:30
- [Hardware Power Glitch Attack (Fault Injection) - rhme2 Fiesta (FI 100) ](https://www.youtube.com/watch?v=6Pf3pY3GxBM&ab_channel=LiveOverflow )
2022-11-08 21:34:49 +05:30
- [Keys in flash - Glitching AES keys from an Arduino / ATmega with a camera flash ](https://srfilipek.medium.com/keys-in-a-flash-3e984d0de54b )
- [Implementing Practical Electrical Glitching Attacks ](blackhat.com/docs/eu-15/materials/eu-15-Giller-Implementing-Electrical-Glitching-Attacks.pdf )
2019-08-05 12:03:38 +05:30
2020-02-27 19:17:40 +05:30
********************************************************************************************************************************
2020-05-09 00:07:53 +05:30
### Awesome IoT Pentesting Guides
2020-02-27 19:11:31 +05:30
2020-02-18 11:03:51 +05:30
- [Shodan Pentesting Guide ](https://community.turgensec.com/shodan-pentesting-guide/ )
- [Car Hacking Practical Guide 101 ](https://medium.com/@yogeshojha/car-hacking-101-practical-guide-to-exploiting-can-bus-using-instrument-cluster-simulator-part-i-cd88d3eb4a53 )
2020-04-11 14:11:32 +05:30
- [OWASP Firmware Security Testing Methodology
](https://scriptingxss.gitbook.io/firmware-security-testing-methodology/)
2022-12-15 01:29:59 +05:30
- [Awesome-bluetooth-security ](https://github.com/engn33r/awesome-bluetooth-security )
2022-11-15 00:00:48 +05:30
********************************************************************************************************************************
### Fuzzing Things
- [OWASP Fuzzing Info ](https://owasp.org/www-community/Fuzzing )
- [Fuzzing_ICS_protocols ](https://1modm.github.io/Fuzzing_ICS_protocols.html )
- [Fuzzowski - the Network Protocol Fuzzer that we will want to use ](https://hakin9.org/fuzzowski-the-network-protocol-fuzzer-that-we-will-want-to-use/ )
- [Fuzz Testing of Application Reliability ](https://pages.cs.wisc.edu/~bart/fuzz/ )
2022-11-28 14:49:17 +05:30
- [FIRM-AFL : High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation ](https://www.usenix.org/conference/usenixsecurity19/presentation/zheng )
- [Snipuzz : Black-box Fuzzing of IoT Firmware via Message Snippet Inference ](https://arxiv.org/pdf/2105.05445.pdf )
2022-11-15 00:24:29 +05:30
- [fuzzing-iot-binaries] - [part1 ](https://blog.attify.com/fuzzing-iot-devices-part-1/ ) / [part2 ](https://blog.attify.com/fuzzing-iot-binaries-with-afl-part-ii/ )
2022-11-15 00:00:48 +05:30
2022-12-19 10:14:31 +05:30
********************************************************************************************************************************
### ICS
2023-01-20 17:10:21 +06:00
- [ICS-Security ](https://github.com/V33RU/IoTSecurity101/blob/master/ICS/Industrial%20Control%20Systems.md )
2021-04-25 11:10:47 +05:30
2020-02-27 19:17:40 +05:30
2022-12-19 10:14:31 +05:30
********************************************************************************************************************************
### Automotive
- [Automotive-Security ](https://github.com/V33RU/IoTSecurity101/blob/master/Automotive-Security.md )
2020-02-27 19:17:40 +05:30
********************************************************************************************************************************
2020-05-09 00:07:53 +05:30
## Vulnerable IoT and Hardware Applications
2019-08-05 12:03:38 +05:30
2023-01-20 17:10:21 +06:00
- IoT Goat : https://github.com/OWASP/IoTGoat
2020-07-26 19:27:29 +05:30
2019-09-11 12:56:12 +05:30
- IoT : https://github.com/Vulcainreo/DVID
- Safe : https://insinuator.net/2016/01/damn-vulnerable-safe/
- Router : https://github.com/praetorian-code/DVRF
- SCADA : https://www.slideshare.net/phdays/damn-vulnerable-chemical-process
- PI : https://whitedome.com.au/re4son/sticky-fingers-dv-pi/
- SS7 Network: https://www.blackhat.com/asia-17/arsenal.html#damn -vulnerable-ss7-network
2021-02-01 23:03:12 +05:30
- VoIP : https://www.vulnhub.com/entry/hacklab-vulnvoip,40/
2022-10-22 22:09:40 +05:30
- Hardware Hacking 101 : https://github.com/rdomanski/hardware_hacking
- RHME-2015 : https://github.com/Riscure/RHme-2015
- RHME-2016 : https://github.com/Riscure/Rhme-2016
- RHME-2017 : https://github.com/Riscure/Rhme-2017
2020-07-26 19:27:29 +05:30
2020-04-12 00:40:10 +05:30
2021-02-03 18:56:17 +05:30
********************************************************************************************************************************
2020-05-09 00:07:53 +05:30
## follow the people
2020-04-12 00:55:39 +05:30
2020-04-12 01:00:51 +05:30
- [Jilles ](https://twitter.com/jilles_com )
2020-04-17 00:40:10 +05:30
- [Joe Fitz ](https://twitter.com/securelyfitz )
2020-04-12 01:00:51 +05:30
- [Aseem Jakhar ](https://twitter.com/aseemjakhar )
- [Cybergibbons ](https://twitter.com/cybergibbons )
2020-04-17 00:40:10 +05:30
- [Jasper ](https://twitter.com/jzvw )
- [Dave Jones ](https://twitter.com/eevblog )
- [bunnie ](https://twitter.com/bunniestudios )
2020-04-12 01:00:51 +05:30
- [Ilya Shaposhnikov ](https://twitter.com/drakylar )
- [Mark C. ](https://twitter.com/LargeCardinal )
- [A-a-ron Guzman ](https://twitter.com/scriptingxss )
- [Yashin Mehaboobe ](https://twitter.com/YashinMehaboobe )
2020-04-12 01:02:17 +05:30
- [Arun Magesh ](https://www.linkedin.com/in/marunmagesh )
2023-01-05 23:09:23 +05:30
- [Mr-IoT ](https://twitter.com/v33riot )
2023-01-05 23:10:13 +05:30
- [QKaiser ](https://twitter.com/qkaiser )
2023-06-17 17:52:20 +10:00
- [9lyph ](https://twitter.com/9lyph )
