From 667c838ddbc4385fae0bd6eaf0f010017943277f Mon Sep 17 00:00:00 2001 From: `Mr-IoT` Date: Thu, 7 Aug 2025 10:33:26 +0530 Subject: [PATCH] Update README.md --- README.md | 201 ++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 134 insertions(+), 67 deletions(-) diff --git a/README.md b/README.md index 3c2becc..45db59a 100644 --- a/README.md +++ b/README.md @@ -42,92 +42,159 @@ ******************************************************************************************************************************** +# ๐Ÿ›ก๏ธ IoT & Hardware Security โ€“ Master Resource Index -# ๐Ÿ› ๏ธ Approach Methodology +--- +## ๐Ÿ› ๏ธ Approach Methodology +| # | Focus Area | Emoji | +|---|----------------------------------------------|-------| +| 1 | [Network Security](#network-security) | ๐ŸŒ | +| 2 | [Web Protocols & APIs](#web-protocols--apis) | ๐ŸŒ | +| 3 | [Mobile App Security](#mobile-application-security) | ๐Ÿ“ฑ | +| 4 | [Wireless Protocols](#wireless-protocols) | ๐Ÿ“ก | +| 5 | [Firmware Security](#firmware-security--reverse-engineering) | ๐Ÿ’ฝ | +| 6 | [Hardware Attacks](#hardware--physical-attacks) | ๐Ÿ› ๏ธ | +| 7 | [Storage Security](#storage--data-security) | ๐Ÿ’พ | +| 8 | [I/O Ports](#hardware--physical-attacks) | ๐Ÿ”Œ | -- ๐ŸŒ **1. Network** -- ๐ŸŒ **2. Web (Front & Backend and Web services)** -- ๐Ÿ“ฑ **3. Mobile App (Android & iOS)** -- ๐Ÿ“ก **4. Wireless Connectivity (Zigbee, WiFi, Bluetooth, etc)** -- ๐Ÿ’ฝ **5. Firmware Pentesting (Static and Dynamic analysis, OS of IoT Devices)** -- ๐Ÿ› ๏ธ **6. Hardware Hacking & Fault Injections & SCA Attacks** -- ๐Ÿ’พ **7. Storage Medium** -- ๐Ÿ”Œ **8. I/O Ports** +## ๐Ÿงญ Table of Contents +- [Approach Methodology](#approach-methodology) +- [Resource Index](#resource-index) + - [๐ŸŒ Network Security](#network-security) + - [๐ŸŒ Web Protocols & APIs](#web-protocols--apis) + - [๐Ÿ“ฑ Mobile Application Security](#mobile-application-security) + - [๐Ÿ“ก Wireless Protocols](#wireless-protocols) + - [๐Ÿ’ฝ Firmware Security & RE](#firmware-security--reverse-engineering) + - [๐Ÿ› ๏ธ Hardware & Physical Attacks](#hardware--physical-attacks) + - [๐Ÿ’พ Storage & Data Security](#storage--data-security) + - [๐Ÿ’ณ Payment/Transaction Security](#paymenttransaction-security) +- [General Information & Community](#general-information--community) +- [Learning & Training](#learning--training) +- [Technical Research, Labs & CTFs](#technical-research-labs--ctfs) +- [Books, Blogs, Cheatsheets](#books-blogs-cheatsheets) +- [Search Engines & Device Discovery](#search-engines--device-discovery) +- [Exploitation Tools & Pentesting OS](#exploitation-tools--pentesting-os) +--- +## ๐Ÿ—‚๏ธ Resource Index -## ๐Ÿ“‘ Contents Overview +### ๐ŸŒ **Network Security** +- [Segmentation, Device Discovery, Sniffing, MITM](#) +- [Network Attack Tools](#exploitation-tools--pentesting-os) +- [IoT Network Protocols (MQTT, CoAP, etc)](#web-protocols--apis) -### ๐Ÿ›ก๏ธ IoT Security Information +### ๐ŸŒ **Web Protocols & APIs** +- [MQTT](#mqtt) +- [CoAP](#coap) +- [REST/SOAP APIs](#) +- [Web (Front, Backend, Web Services)](#) -#### ๐Ÿ›ก๏ธ **General Information and Resources in IoT Security** +### ๐Ÿ“ฑ **Mobile Application Security** +- [Android & iOS Security](#mobile-security-android--ios) +- [App Reverse Engineering](#) +- [Mobile Device Management](#) +### ๐Ÿ“ก **Wireless Protocols** +- [Radio Hacking Quick Start Guide](#radio-hacker-quick-start-guide) +- [Cellular Hacking (GSM/BTS)](#cellular-hacking-gsm-bts) +- [Zigbee](#zigbee-all-stuff) +- [Bluetooth](#ble-intro-and-sw-hw-tools-to-pentest) +- [DECT](#dect-digital-enhanced-cordless-telecommunications) +- [NFC/RFID](#nfc-rfid) -- [๐Ÿ‘ฅ ***Community and Discussion Platforms***](#community-and-discussion-platforms) -- [๐ŸŽ“ ***IoT and Hardware Security Trainings***](#iot-and-hardware-security-trainings) -- [๐Ÿ” ***Technical Research and Hacking***](#technical-research-and-hacking) -- [๐Ÿ’ป ***Proof of Concepts: Known Device Vulnerabilities***](#proof-of-concepts-known-device-vulnerabilities) -- [๐Ÿ“š ***Books for IoT Penetration Testing***](#books-for-iot-penetration-testing) -- [๐Ÿ–‹๏ธ ***Blogs for IoT Pentest***](#blogs-for-iot-pentest) -- [๐Ÿ“‹ ***Awesome Cheatsheets***](#awesome-cheatsheets) -- [๐Ÿ” ***Search Engines for Exposed IoT Devices Worldwide***](#search-engines-for-exposed-iot-devices-worldwide) -- [๐Ÿšฉ ***CTF: Vulnerable IoT and Hardware Applications***](#vulnerable-iot-and-hardware-applications) -- [๐Ÿ“บ ***YouTube Channels for IoT Pentesting***](#youtube-channels-for-iot-pentesting) -- [โš’๏ธ ***Exploitation Tools***](#exploitation-tools) -- [๐Ÿ–ฅ๏ธ ***IoT Pentesting OSes***](#iot-pentesting-oses) -- [๐Ÿ“˜ ***IoT Vulnerabilities Checking Guides***](#iot-vulnerabilities-checking-guides) -- [๐Ÿ”ฌ ***IoT Labs***](#vulnerable-iot-and-hardware-applications) -- [๐Ÿ“– ***Awesome IoT Pentesting Guides***](#awesome-iot-pentesting-guides) -- [๐Ÿ› ***Fuzzing Things***](#fuzzing-things) -- [๐Ÿข ***IoT Lab Setup Guide for Corporate/Individual***](https://github.com/IoT-PTv/IoT-Lab-Setup) -- [๐Ÿ”ง ***FlipperZero***](#flipperzero) -- [๐Ÿ˜ ***Villages***](#villages) +### ๐Ÿ’ฝ **Firmware Security & Reverse Engineering** +- [Reverse Engineering Tools](#reverse-engineering-tools) +- [Online Assemblers](#online-assemblers) +- [ARM](#arm) +- [Firmware Emulation & Analysis](#pentesting-firmwares-and-emulating-and-analyzing) +- [Firmware Samples](#firmware-samples-to-pentest) +- [Secure Boot](#secureboot) +- [Binary Analysis](#binary-analysis) +### ๐Ÿ› ๏ธ **Hardware & Physical Attacks** +- [IoT Hardware Overview & Hacking](#iot-hardware-overview-and-hacking) +- [Essential Hardware for IoT Pentest](#hardware-gadgets-to-pentest) +- [Hardware Interfaces: SPI, UART, JTAG, TPM](#attacking-hardware-interfaces) + - [SPI](#spi) + - [UART](#uart) + - [JTAG](#jtag) + - [TPM](#tpm) +- [Side Channel & Glitching Attacks](#sidechannel-attacks) -## **Specific Topics in IoT Security** +### ๐Ÿ’พ **Storage & Data Security** +- [EMMC](#emmc-protocol-and-techniques) -#### ๐ŸŒ **Network** +### ๐Ÿ’ณ **Payment/Transaction Security** +- [ATM Hacking](#atm-hacking) -#### ๐ŸŒ **Web IoT Message Protocols** -- [๐Ÿ“จ ***MQTT***](#mqtt) -- [๐Ÿ“ฌ ***CoAP***](#coap) +--- -#### ๐Ÿ“ฑ **Mobile App** -- [๐Ÿ›ก***Mobile Security (Android & iOS)***](#mobile-security-android--ios) +### ๐Ÿ›ก๏ธ General Information & Community -#### ๐Ÿ“ก **Wireless Protocols** -- [๐Ÿ“ป ***Radio Hacking Starting Guide***](#Radio-Hacker-Quick-Start-Guide) -- [๐Ÿ“ก ***Cellular Hacking GSM BTS***](#cellular-hacking-gsm-bts) -- [๐Ÿ ***Zigbee***](#zigbee-all-stuff) -- [๐Ÿ”ต ***Bluetooth***](#ble-intro-and-sw-hw-tools-to-pentest) -- [๐Ÿ“ž ***DECT***](#dect-digital-enhanced-cordless-telecommunications) -- [๐Ÿ“ฒ ***NFC***](#nfc-rfid) +- [๐Ÿ‘ฅ **Community and Discussion Platforms**](#community-and-discussion-platforms) +- [๐ŸŽ“ **IoT and Hardware Security Trainings**](#iot-and-hardware-security-trainings) +- [๐Ÿ” **Technical Research and Hacking**](#technical-research-and-hacking) +- [๐Ÿ’ป **Proof of Concepts: Known Device Vulnerabilities**](#proof-of-concepts-known-device-vulnerabilities) +- [๐Ÿ“š **Books for IoT Penetration Testing**](#books-for-iot-penetration-testing) +- [๐Ÿ–‹๏ธ **Blogs for IoT Pentest**](#blogs-for-iot-pentest) +- [๐Ÿ“‹ **Awesome Cheatsheets**](#awesome-cheatsheets) +- [๐Ÿ” **Search Engines for Exposed IoT Devices Worldwide**](#search-engines-for-exposed-iot-devices-worldwide) +- [๐Ÿšฉ **CTF: Vulnerable IoT and Hardware Applications**](#vulnerable-iot-and-hardware-applications) +- [๐Ÿ“บ **YouTube Channels for IoT Pentesting**](#youtube-channels-for-iot-pentesting) +- [โš’๏ธ **Exploitation Tools**](#exploitation-tools) +- [๐Ÿ–ฅ๏ธ **IoT Pentesting OSes**](#iot-pentesting-oses) +- [๐Ÿ“˜ **IoT Vulnerabilities Checking Guides**](#iot-vulnerabilities-checking-guides) +- [๐Ÿ”ฌ **IoT Labs**](#vulnerable-iot-and-hardware-applications) +- [๐Ÿ“– **Awesome IoT Pentesting Guides**](#awesome-iot-pentesting-guides) +- [๐Ÿ› **Fuzzing Things**](#fuzzing-things) +- [๐Ÿข **IoT Lab Setup Guide for Corporate/Individual**](https://github.com/IoT-PTv/IoT-Lab-Setup) +- [๐Ÿ”ง **FlipperZero**](#flipperzero) +- [๐Ÿ˜ **Villages**](#villages) -#### ๐Ÿ’ฝ **Firmware** -- [๐Ÿ” ***Reverse Engineering Tools***](#reverse-engineering-tools) -- [๐Ÿ’ป ***Online Assemblers***](#online-assemblers) -- [๐Ÿ’ช ***ARM***](#arm) -- [๐Ÿ”จ ***Pentesting Firmwares: Emulating and Analyzing***](#pentesting-firmwares-and-emulating-and-analyzing) -- [๐Ÿ”ฌ ***Firmware Samples to Pentest***](#firmware-samples-to-pentest) -- [๐Ÿ”’ ***Secureboot***](#secureboot) -- [๐Ÿ” ***Binary Analysis***](#binary-analysis) +--- -#### ๐Ÿ› ๏ธ **Hardware** -- [๐Ÿ”Ž ***IoT Hardware Intro***](#iot-hardware-overview-and-hacking) -- [๐Ÿ› ๏ธ ***Required Hardware to Pentest IoT***](#hardware-gadgets-to-pentest) -- [๐Ÿ”Œ ***Hardware Interfaces***](#attacking-hardware-interfaces) - - [๐Ÿ”Œ ***SPI***](#spi) - - [๐Ÿ”Œ ***UART***](#uart) - - [๐Ÿ”Œ ***JTAG***](#jtag) - - [๐Ÿ”Œ ***TPM***](#tpm) -- [๐Ÿ› ๏ธ ***Side Channel Attacks & Glitching Attacks***](#sidechannel-attacks) +### ๐Ÿ“š Learning & Training -#### ๐Ÿ’พ Storage Medium -- [๐Ÿ“€ ***EMMC*** ](#emmc-protocol-and-techniques) +- [๐ŸŽ“ IoT & Hardware Security Trainings](#iot-and-hardware-security-trainings) +- [๐Ÿ“š Books for IoT Penetration Testing](#books-for-iot-penetration-testing) +- [๐Ÿ–‹๏ธ Blogs for IoT Pentest](#blogs-for-iot-pentest) +- [๐Ÿ“‹ Awesome Cheatsheets](#awesome-cheatsheets) +- [๐Ÿ“– Awesome IoT Pentesting Guides](#awesome-iot-pentesting-guides) +- [๐Ÿ“บ YouTube Channels for IoT Pentesting](#youtube-channels-for-iot-pentesting) -#### ๐Ÿ’ณ Payment Security -- [๐Ÿ’ต ***ATM Hacking***](#ATM-Hacking) +--- +### ๐Ÿงช Technical Research, Labs & CTFs + +- [๐Ÿ” Technical Research and Hacking](#technical-research-and-hacking) +- [๐Ÿ’ป Proof of Concepts: Known Device Vulnerabilities](#proof-of-concepts-known-device-vulnerabilities) +- [๐Ÿšฉ CTF: Vulnerable IoT and Hardware Applications](#vulnerable-iot-and-hardware-applications) +- [๐Ÿ”ฌ IoT Labs](#vulnerable-iot-and-hardware-applications) +- [๐Ÿข IoT Lab Setup Guide for Corporate/Individual](https://github.com/IoT-PTv/IoT-Lab-Setup) + +--- + +### ๐Ÿ“– Books, Blogs, Cheatsheets + +- [๐Ÿ“š Books for IoT Penetration Testing](#books-for-iot-penetration-testing) +- [๐Ÿ–‹๏ธ Blogs for IoT Pentest](#blogs-for-iot-pentest) +- [๐Ÿ“‹ Awesome Cheatsheets](#awesome-cheatsheets) +- [๐Ÿ“˜ IoT Vulnerabilities Checking Guides](#iot-vulnerabilities-checking-guides) +- [๐Ÿ“– Awesome IoT Pentesting Guides](#awesome-iot-pentesting-guides) + +--- + +### ๐Ÿ” Search Engines & Device Discovery + +- [๐Ÿ” Search Engines for Exposed IoT Devices Worldwide](#search-engines-for-exposed-iot-devices-worldwide) + +--- + +### โš’๏ธ Exploitation Tools & Pentesting OS + +- [โš’๏ธ Exploitation Tools](#exploitation-tools) +- [๐Ÿ–ฅ๏ธ IoT Pentesting OSes](#iot-pentesting-oses) +- [๐Ÿ”ง FlipperZero](#flipperzero) - ******************************************************************************************************************************** ### Technical Research and Hacking