diff --git a/README.md b/README.md index f7a713a..a1e93c3 100644 --- a/README.md +++ b/README.md @@ -88,7 +88,7 @@ #### 🌐 **Web IoT Message Protocols** - [📨 ***MQTT***](#mqtt) -- [📬 ***CoAP***](#coap) +- [📬 ***CoAP***](#CoAP-Protocol-&-Security-Updates) #### 📱 **Mobile App** - [🛡***Mobile Security (Android & iOS)***](#mobile-security-android--ios) @@ -386,51 +386,44 @@ - [Alert: New WailingCrab Malware Loader](https://thehackernews.com/2023/11/alert-new-wailingcrab-malware-loader.html) - [MQTT on Snapcraft](https://snapcraft.io/search?q=mqtt) +--- +#### **CoAP Protocol & Security Updates** -#### 🛡️ CoAP Security & Pentesting Resources (2023–2025) +- **IETF Security Protocol Comparison (2023)** + 📖 [Read the Draft](https://datatracker.ietf.org/doc/draft-ietf-iotops-security-protocol-comparison/03/) -##### 🚀 CoAP Protocol & Security Updates +- **EMQX on CoAP & IoT Security (2024)** + 🌐 [Read the Blog](https://www.emqx.com/en/blog/iot-protocols-mqtt-coap-lwm2m) -- **Comparison of CoAP Security Protocols (IETF Internet-Draft, Oct 2023)** - In-depth analysis of DTLS 1.2/1.3, TLS 1.2/1.3, cTLS, EDHOC, OSCORE, and Group OSCORE overheads. - - 📖 [IETF Draft](https://datatracker.ietf.org/doc/draft-ietf-iotops-security-protocol-comparison/03/) +##### *Software Tools* -- **EMQX: IoT Protocols & Security (2024)** - Overview of CoAP, MQTT, LwM2M, detailing DTLS-based security, UDP overhead, and design considerations. - - 🌐 [EMQX Blog](https://www.emqx.com/en/blog/iot-protocols-mqtt-coap-lwm2m) +- [Expliot Framework](https://bitbucket.org/aseemjakhar/expliot_framework) – Fuzzing & exploitation +- [CoAP NSE (Nmap)](https://nmap.org/nsedoc/lib/coap.html) – CoAP discovery via Nmap +- [Copper (Firefox plugin)](https://github.com/mkovatsc/Copper) – Lightweight CoAP client for testing +- [libcoap (CLI Tools)](https://github.com/obgm/libcoap) – C-based CoAP library with CLI +- [Scapy CoAP Plugin](https://github.com/secdev/scapy) – CoAP packet crafting and fuzzing +- [Eclipse Californium (Java)](https://www.eclipse.org/californium/) – Full-featured CoAP stack +- [Peach Fuzzer (Commercial)](https://www.peach.tech/) – Commercial protocol fuzzer -##### Software Tools +##### *Hardware Tools* -- **[Expliot Framework](https://bitbucket.org/aseemjakhar/expliot_framework)** – CoAP fuzzing & exploitation -- **[CoAP-NSE](https://nmap.org/nsedoc/lib/coap.html)** – Nmap scripting for CoAP discovery -- **Copper (Cu)** – Firefox plugin for CoAP client interaction (via DTLS) -- **libcoap** – C-based CoAP library with command-line tools -- **Scapy-CoAP Plugin** – For building and injecting custom CoAP packets -- **Eclipse Californium** – Full-featured Java CoAP framework -- **Peach Fuzzer** – Commercial fuzzer with CoAP templates +- [Raspberry Pi / Arduino + 6LoWPAN](https://docs.arduino.cc/tutorials/nano-33-iot/contiki-ng-coap-example) – Embedded lab environments +- [Zolertia](https://zolertia.io/), [OpenMote](http://www.openmote.com/), [Nordic Boards](https://www.nordicsemi.com/) – CoAP stacks with Contiki/RIOT OS +- [RTL-SDR](https://www.rtl-sdr.com/), [Wi-Fi Sniffers](https://www.wireshark.org/) – For CoAP/UDP traffic analysis -##### Hardware Tools +##### *Blogs, Research & Tutorials* -- **Raspberry Pi / Arduino + 6LoWPAN Shields** – Mesh and constrained node simulations -- **Zolertia Firefly, OpenMote, Nordic Boards** – CoAP stack testing under Contiki/RIOT OS -- **RTL-SDR / Wi-Fi Sniffers** – Packet inspection for DTLS/OSCORE traffic +- [SpectralOps – Top Protocol Security Issues](https://spectralops.io/blog/top-5-most-commonly-used-iot-protocols-and-their-security-issues/) +- [Radware – CoAP Protocol Overview](https://www.radware.com/security/ddos-knowledge-center/ddospedia/coap/) +- [Webasha – IoT Pentest Lab Setup Guide (2025)](https://www.webasha.com/blog/how-to-set-up-a-penetration-testing-lab-in-2025-complete-guide-with-tools-os-network-topology-and-real-world-practice-scenarios) +- [Recorded Future – CoAP Exposure Study (2024)](https://raid2024.github.io/papers/raid2024-9.pdf) -##### 🧠 Blogs, Research & Tutorials - -- **[SpectralOps – Top IoT Protocols and Security Issues](https://spectralops.io/blog/top-5-most-commonly-used-iot-protocols-and-their-security-issues/)** -- **[Radware – CoAP Primer](https://www.radware.com/security/ddos-knowledge-center/ddospedia/coap/)** -- **[Webasha – IoT Pentest Lab Guide (2025)](https://www.webasha.com/blog/how-to-set-up-a-penetration-testing-lab-in-2025-complete-guide-with-tools-os-network-topology-and-real-world-practice-scenarios)** -- **[Recorded Future IoT Protocol Study](https://raid2024.github.io/papers/raid2024-9.pdf)** - - -##### 📚 Books & Guides - -- **"Practical CoAP" (Apress, 2024)** - Updated edition with secure CoAP over DTLS & OSCORE examples. - -- **RFC 8613 (OSCORE)** - 🔗 [RFC Link](https://datatracker.ietf.org/doc/html/rfc8613) +##### *Books & Guides* +- *Practical CoAP* (Apress, 2024) – Updated with DTLS and OSCORE usage +- [RFC 8613 – OSCORE](https://datatracker.ietf.org/doc/html/rfc8613) +- [RFC 8323 – CoAP over TCP](https://datatracker.ietf.org/doc/html/rfc8323) +- [RFC 8824 – SCHC Header Compression](https://datatracker.ietf.org/doc/html/rfc8824) ******************************************************************************************************************************** ### RADIO HACKER QUICK START GUIDE