From 758d30bb5cc951a67a16674144d8db04fecc4901 Mon Sep 17 00:00:00 2001
From: "Veerababu Penugonda(Mr-IoT)" <veeru.rockstar249@gmail.com>
Date: Tue, 14 May 2019 11:26:46 +0530
Subject: [PATCH] Update README.md

---
 README.md | 70 +++++++++++++++++++++++++++----------------------------
 1 file changed, 35 insertions(+), 35 deletions(-)

diff --git a/README.md b/README.md
index a1d52bf..1b59163 100644
--- a/README.md
+++ b/README.md
@@ -2,8 +2,7 @@
 
 
 
-## Approach Methodology 
-  
+##**Approach Methodology** 
   1. Network 
   2. Web (Front & Backend and Web services)
   3. Mobile App(Android & iOS)
@@ -12,7 +11,7 @@
   6. Hardware Level Approach 
   7. Storage Areas
 
-## To seen Hacked devices
+###***To seen Hacked devices***
 1. https://blog.exploitee.rs/2018/10/
 2. https://www.exploitee.rs/
 3. https://forum.exploitee.rs/
@@ -25,11 +24,10 @@
 <!-- START doctoc generated TOC please keep comment here to allow auto update -->
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 
-### Telegram group for IoT Security
+###***Telegram group for IoT Security***
 - https://t.me/iotsecurity1011
 
-### Books
-
+###***Books***
 - [Android Hacker's Handbook](https://www.amazon.in/Android-Hackers-Handbook-MISL-WILEY-Joshua/dp/812654922X)
 - [Hacking the Xbox](https://www.nostarch.com/xboxfree)
 - [Car hacker's handbook](http://opengarages.org/handbook)
@@ -40,8 +38,7 @@
 - [Linux Binary Analysis](https://www.packtpub.com/networking-and-servers/learning-linux-binary-analysis)
 - [Firmware](https://www.amazon.com/Firmware-Handbook-Embedded-Technology/dp/075067606X)
 
-### Blogs for iotpentest
-
+###***Blogs for iotpentest***
 1. http://iotpentest.com/
 2. https://blog.attify.com
 3. https://payatu.com/blog/
@@ -60,21 +57,23 @@
 16. http://blog.besimaltinok.com/category/iot-pentest/
 17. https://ctrlu.net/
 18. https://duo.com/decipher/
-### Search Engines for IoT Devices
+
+###***Search Engines for IoT Devices***
 1. [Shodan](https://www.shodan.io/)
 2. [FOFA](https://fofa.so/?locale=en)
 3. [Censys](https://censys.io/)
 4. [Zoomeye](https://www.zoomeye.org/about)
 5. [ONYPHE](https://www.onyphe.io/)
 
-### CTF For IoT's And Embeddded
+###***CTF For IoT's And Embeddded***
 1. https://github.com/hackgnar/ble_ctf
 2. https://www.microcorruption.com/
 3. https://github.com/Riscure/Rhme-2016
 4. https://github.com/Riscure/Rhme-2017
 5. https://blog.exploitlab.net/2018/01/dvar-damn-vulnerable-arm-router.html
 6. https://github.com/scriptingxss/IoTGoat
-### YouTube Channels for IoT Pentesting
+
+###***YouTube Channels for IoT Pentesting***
 1. [Liveoverflow](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w)
 2. [Binary Adventure](https://www.youtube.com/channel/UCSLlgiYtOXZnYPba_W4bHqQ)
 3. [EEVBlog](https://www.youtube.com/user/EEVblog)
@@ -84,13 +83,13 @@
 7. [Besim ALTINOK - IoT - Hardware - Wireless](https://www.youtube.com/channel/UCnIV7A3kDL4JXJEljpW6TRQ/playlists)
 
 
-### IoT security vulnerabilites checking guides
+###***IoT security vulnerabilites checking guides***
 
 - [Reflecting upon OWASP TOP-10 IoT Vulnerabilities](https://embedi.org/blog/reflecting-upon-owasp-top-10-iot-vulnerabilities/)
 - [OWASP IoT Top 10 2018 Mapping Project](https://scriptingxss.gitbook.io/owasp-iot-top-10-mapping-project/)
 
 
-### Exploitation Tools & OS 
+###***Exploitation Tools & OS***
 - [Expliot - IoT Exploitation framework - by Aseemjakhar](https://gitlab.com/expliot_framework/expliot)
 - [AttifyOS - IoT Pentest OS - by Aditya Gupta](https://github.com/adi0x90/attifyos)
 - [Ubutnu Best Host Linux for IoT's - Use LTS](https://www.ubuntu.com/)
@@ -99,14 +98,14 @@
 - [Routersploit (Exploitation Framework for Embedded Devices)](https://github.com/threat9/routersploit)
 - [IoTSecFuzz (comprehensive testing for IoT device)](https://gitlab.com/invuls/iot-projects/iotsecfuzz)
 
-### Reverse Enginnering Tools
+###***Reverse Enginnering Tools***
 - [IDA Pro](https://www.youtube.com/watch?v=fgMl0Uqiey8)
 - [GDB](https://www.youtube.com/watch?v=fgMl0Uqiey8)
 - [Radare2](https://radare.gitbooks.io/radare2book/content/)
 - [Ghidra](https://ghidra-sre.org/)
 
 
-### Introduction
+##***Introduction***
 
 - [Introduction to IoT](https://en.wikipedia.org/wiki/Internet_of_things)
 - [IoT Architecture](https://www.c-sharpcorner.com/UploadFile/f88748/internet-of-things-part-2/)
@@ -114,9 +113,9 @@
 - [IoT Protocols Overview](https://www.postscapes.com/internet-of-things-protocols/) 
 
 
-### IoT Protocols Pentesting 
+##***IoT Protocols Pentesting*** 
 
-#### MQTT
+###***MQTT***
 - [Introduction](https://www.hivemq.com/blog/mqtt-essentials-part-1-introducing-mqtt)
 - [Hacking the IoT with MQTT](https://morphuslabs.com/hacking-the-iot-with-mqtt-8edaf0d07b9b)
 - [thoughts about using IoT MQTT for V2V and Connected Car from CES 2014](https://mobilebit.wordpress.com/tag/mqtt/)
@@ -125,20 +124,20 @@
 - [A Guide to MQTT by Hacking a Doorbell to send Push Notifications](https://youtu.be/J_BAXVSVPVI)
 
 
-#### CoAP
+###***CoAP***
 - [Introduction](http://coap.technology/)
 - [CoAP client Tools](http://coap.technology/tools.html)
 - [CoAP Pentest Tools](https://bitbucket.org/aseemjakhar/expliot_framework)
 - [Nmap](https://nmap.org/nsedoc/lib/coap.html)
 
-#### Automobile 
+####***Automobile***
   CanBus
 - [Introduction and protocol Overview](https://www.youtube.com/watch?v=FqLDpHsxvf8)	
 - [PENTESTING VEHICLES WITH CANTOOLZ](https://www.blackhat.com/docs/eu-16/materials/eu-16-Sintsov-Pen-Testing-Vehicles-With-Cantoolz.pdf)
 - [Building a Car Hacking Development Workbench: Part1](https://blog.rapid7.com/2017/07/11/building-a-car-hacking-development-workbench-part-1/)
 - [CANToolz - Black-box CAN network analysis framework](https://github.com/CANToolz/CANToolz)
 
-#### Radio IoT Protocols Overview
+###***Radio IoT Protocols Overview***
 - [Understanding Radio](https://www.taitradioacademy.com/lessons/introduction-to-radio-communications-principals/)
 - [Signal Processing]()
 - [Software Defined Radio](https://www.allaboutcircuits.com/technical-articles/introduction-to-software-defined-radio/)
@@ -148,11 +147,11 @@
 - [Recording specific radio signal](https://www.rtl-sdr.com/freqwatch-rtl-sdr-frequency-scanner-recorder/)
 - [Replay Attacks](https://www.rtl-sdr.com/tutorial-replay-attacks-with-an-rtl-sdr-raspberry-pi-and-rpitx/)
 
-#### Base transceiver station (BTS)
+###***Base transceiver station (BTS)***
 - [what is base tranceiver station](https://en.wikipedia.org/wiki/Base_transceiver_station)
 - [How to Build Your Own Rogue GSM BTS](https://www.evilsocket.net/2016/03/31/how-to-build-your-own-rogue-gsm-bts-for-fun-and-profit/)
 
-#### GSM & SS7 Pentesting
+###***GSM & SS7 Pentesting***
 - [Introduction to GSM Security](http://www.pentestingexperts.com/introduction-to-gsm-security/)
 - [GSM Security 2 ](https://www.ehacking.net/2011/02/gsm-security-2.html)
 - [vulnerabilities in GSM security with USRP B200](https://ieeexplore.ieee.org/document/7581461/)
@@ -164,13 +163,13 @@
 - [SS7 Network Architecture](https://youtu.be/pg47dDUL1T0)
 - [Introduction to SS7 Signaling](https://www.patton.com/whitepapers/Intro_to_SS7_Tutorial.pdf)
 
-#### Zigbee & Zwave
+###***Zigbee & Zwave***
 - [Introduction and protocol Overview](http://www.informit.com/articles/article.aspx?p=1409785)
 - [Hacking Zigbee Devices with Attify Zigbee Framework](https://blog.attify.com/hack-iot-devices-zigbee-sniffing-exploitation/)
 - [Hands-on with RZUSBstick](https://uk.rs-online.com/web/p/radio-frequency-development-kits/6962415/) 
 - [ZigBee & Z-Wave Security Brief](http://www.riverloopsecurity.com/blog/2018/05/zigbee-zwave-part1/)
 
-#### BLE
+###***BLE***
 - [Traffic Engineering in a  Bluetooth Piconet](http://www.diva-portal.org/smash/get/diva2:833159/FULLTEXT01.pdf)
 - [BLE Characteristics](https://devzone.nordicsemi.com/tutorials/b/bluetooth-low-energy/posts/ble-characteristics-a-beginners-tutorial0)
    Reconnaissance (Active and Passive) with HCI Tools
@@ -180,34 +179,35 @@
     - [Cracking encryption](https://github.com/mikeryan/crackle)
     - [bettercap](https://github.com/bettercap/bettercap)
     
- ##### BLE Sniffing/MiTM
+###***BLE Sniffing/MiTM***
  - [BtleJuice Bluetooth Smart Man-in-the-Middle framework](https://github.com/DigitalSecurity/btlejuice)
  - [gattacker](https://github.com/securing/gattacker)
  - [BTLEjack Bluetooth Low Energy Swiss army knife](https://github.com/virtualabs/btlejack)
 
-#### Mobile security (Android & iOS)
+###***Mobile security (Android & iOS)***
  - [Android](https://www.packtpub.com/hardware-and-creative/learning-pentesting-android-devices)
  - [Android Pentest Video Course](https://www.youtube.com/watch?v=zHknRia3I6s&list=PLWPirh4EWFpESLreb04c4eZoCvJQJrC6H)
  - [IOS Pentesting](https://web.securityinnovation.com/hubfs/iOS%20Hacking%20Guide.pdf?)
 
-#### ARM
+###***ARM***
 - [Azeria Labs](https://azeria-labs.com/)
 - [ARM EXPLOITATION FOR IoT](https://www.exploit-db.com/docs/english/43906-arm-exploitation-for-iot.pdf)
 - [Static Binary analysis ARMV7](https://github.com/CJHackerz/easy_iotsec-arm)
+- [Damn Vulnerable ARM Router (DVAR)](https://blog.exploitlab.net/2018/01/dvar-damn-vulnerable-arm-router.html)
 
-#### Firmware Pentest
+###***Firmware Pentest***
  - [Firmware analysis and reversing](https://www.owasp.org/index.php/IoT_Firmware_Analysis)
  - [Firmware emulation with QEMU](https://www.youtube.com/watch?v=G0NNBloGIvs)
  - [Dumping Firmware using Buspirate](http://iotpentest.com/tag/pulling-firmware/)
  - [Reversing ESP8266 Firmware](https://boredpentester.com/reversing-esp8266-firmware-part-1/)
  
-#### Firmware to pentest
+###***Firmware to pentest***
  - [Download From here](https://firmware.center/)
 
-### IoT hardware Overview
+###***IoT hardware Overview***
  - [IoT Hardware Guide](https://www.postscapes.com/internet-of-things-hardware/)	
  
-#### Hardware Gadgets to pentest
+###***Hardware Gadgets to pentest***
   - [Bus Pirate](https://www.sparkfun.com/products/12942)
   - [EEPROM readers](https://www.ebay.com/bhp/eeprom-reader)
   - [Jtagulator / Jtagenum](https://www.adafruit.com/product/1550)
@@ -220,21 +220,21 @@
   - [Attify Badge - UART, JTAG, SPI, I2C (w/ headers)](https://www.attify-store.com/products/attify-badge-assess-security-of-iot-devices)
   - [Ubertooth](https://github.com/greatscottgadgets/ubertooth/wiki/Ubertooth-One)
     
-#### Attacking Hardware Interfaces
+###***Attacking Hardware Interfaces***
    -	[Serial Terminal Basics](https://learn.sparkfun.com/tutorials/terminal-basics/all)
    -  [Reverse Engineering Serial Ports](http://www.devttys0.com/2012/11/reverse-engineering-serial-ports/)
    -  [REVERSE ENGINEERING ARCHITECTURE AND PINOUT OF CUSTOM ASICS](https://sec-consult.com/en/blog/2019/02/reverse-engineering-architecture-pinout-plc/)
 
-#### UART  
+###***UART***
    - [Identifying UART interface](https://www.mikroe.com/blog/uart-serial-communication)
    - [onewire-over-uart](https://github.com/dword1511/onewire-over-uart)
    - [Accessing sensor via UART](http://home.wlu.edu/~levys/courses/csci250s2017/SensorsSignalsSerialSockets.pdf)
    - [Using UART to connect to a chinese IP cam](https://www.davidsopas.com/using-uart-to-connect-to-a-chinese-ip-cam/)
    - [A journey into IoT – Hardware hacking: UART](https://techblog.mediaservice.net/2019/03/a-journey-into-iot-hardware-hacking-uart/)
    
-#### JTAG
+###***JTAG***
    - [Identifying JTAG interface](https://blog.senr.io/blog/jtag-explained)
    - [NAND Glitching Attack](http://www.brettlischalk.com/posts/nand-glitching-wink-hub-for-root)
    
-#### SideChannel Attacks
+###***SideChannel Attacks***
    - [All Attacks](https://yifan.lu/)