# IoT Pentesting 101 && IoT Security 101 ![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg) ******************************************************************************************************************************** ## Approach Methodology ##### 1. Network ##### 2. Web (Front & Backend and Web services ##### 3. Mobile App (Android & iOS) ##### 4. Wireless Connectivity (Zigbee , WiFi , Bluetooth , etc) ##### 5. Firmware Pentesting (OS of IoT Devices) ##### 6. Hardware Hacking & Fault Injections & SCA Attacks ##### 7. Storage Medium ##### 8. I/O Ports ******************************************************************************************************************************** ### ***To seen Hacked devices*** 1. https://blog.exploitee.rs/2018/10/ 2. https://www.exploitee.rs/ 3. https://forum.exploitee.rs/ 4. [Your Lenovo Watch X Is Watching You & Sharing What It Learns](https://www.checkmarx.com/blog/lenovo-watch-watching-you/) 5. [Your Smart Scale is Leaking More than Your Weight: Privacy Issues in IoT](https://www.checkmarx.com/blog/smart-scale-privacy-issues-iot/) 6. [Smart Bulb Offers Light, Color, Music, and… Data Exfiltration?](https://www.checkmarx.com/blog/smart-bulb-exfiltration/) 7. [Besder-IPCamera analysis](http://blog.0x42424242.in/2019/04/besder-investigative-journey-part-1_24.html) 8. [Smart Lock](https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/) 9. [Subaru Head Unit Jailbreak](https://github.com/sgayou/subaru-starlink-research/blob/master/doc/README.md) 10. [Jeep Hack](http://illmatics.com/Remote%20Car%20Hacking.pdf) ******************************************************************************************************************************** ### ***Chat groups for IoT Security*** - - - - - https://discord.gg/EH9dxT9 ******************************************************************************************************************************** ### ***Books For IoT Pentesting*** - [Android Hacker's Handbook](https://www.amazon.in/Android-Hackers-Handbook-MISL-WILEY-Joshua/dp/812654922X) - [Hacking the Xbox](https://www.nostarch.com/xboxfree) - [Car hacker's handbook](http://opengarages.org/handbook) - [IoT Penetration Testing Cookbook](https://www.packtpub.com/networking-and-servers/iot-penetration-testing-cookbook) - [Abusing the Internet of Things](https://www.amazon.in/Abusing-Internet-Things-Blackouts-Freakouts-ebook/dp/B013VQ7N36) - [Hardware Hacking: Have Fun while Voiding your Warranty](https://www.elsevier.com/books/hardware-hacking/grand/978-1-932266-83-2) - [Linksys WRT54G Ultimate Hacking](https://www.amazon.com/Linksys-WRT54G-Ultimate-Hacking-Asadoorian/dp/1597491667) - [Linux Binary Analysis](https://www.packtpub.com/networking-and-servers/learning-linux-binary-analysis) - [Firmware](https://www.amazon.com/Firmware-Handbook-Embedded-Technology/dp/075067606X) - [Hardware Hacking Handbook](https://books.google.co.in/books?id=DEqatAEACAAJ&source=gbs_navlinks_s) - [inside radio attack and defense](https://books.google.co.in/books?id=71NSDwAAQBAJ&printsec=copyright&redir_esc=y#v=onepage&q&f=false) ******************************************************************************************************************************** ### ***Blogs for iotpentest*** 1. https://payatu.com/blog/ 2. http://jcjc-dev.com/ 3. https://w00tsec.blogspot.in/ 4. http://www.devttys0.com/ 5. https://www.rtl-sdr.com/ 6. https://keenlab.tencent.com/en/ 7. https://courk.cc/ 8. https://iotsecuritywiki.com/ 9. https://cybergibbons.com/ 10. http://firmware.re/ 11. https://iotmyway.wordpress.com/ 12. http://blog.k3170makan.com/ 13. https://blog.tclaverie.eu/ 14. http://blog.besimaltinok.com/category/iot-pentest/ 15. https://ctrlu.net/ 16. http://iotpentest.com/ 17. https://blog.attify.com 18. https://duo.com/decipher/ 19. http://www.sp3ctr3.me 20. http://blog.0x42424242.in/ 21. https://dantheiotman.com/ 22. https://blog.danman.eu/ 23. https://quentinkaiser.be/ 24. https://blog.quarkslab.com 25. https://blog.ice9.us/ 26. https://labs.f-secure.com/ 27. https://mg.lol/blog/ 28. https://cjhackerz.net/ ******************************************************************************************************************************** ### ***Awesome CheatSheets*** - [Hardware Hacking](https://github.com/arunmagesh/hw_hacking_cheatsheet) - [Nmap](https://github.com/gnebbia/nmap_tutorial) ******************************************************************************************************************************** ### ***Search Engines for IoT Devices*** 1. [Shodan](https://www.shodan.io/) 2. [FOFA](https://fofa.so/?locale=en) 3. [Censys](https://censys.io/) 4. [Zoomeye](https://www.zoomeye.org/about) 5. [ONYPHE](https://www.onyphe.io/) ******************************************************************************************************************************** ### ***CTF For IoT's And Embeddded*** 1. https://github.com/hackgnar/ble_ctf 2. https://www.microcorruption.com/ 3. https://github.com/Riscure/Rhme-2016 4. https://github.com/Riscure/Rhme-2017 5. https://blog.exploitlab.net/2018/01/dvar-damn-vulnerable-arm-router.html 6. https://github.com/scriptingxss/IoTGoat ******************************************************************************************************************************** ### ***YouTube Channels for IoT Pentesting*** 1. [Liveoverflow](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w) 2. [Binary Adventure](https://www.youtube.com/channel/UCSLlgiYtOXZnYPba_W4bHqQ) 3. [EEVBlog](https://www.youtube.com/user/EEVblog) 4. [JackkTutorials](https://www.youtube.com/channel/UC64x_rKHxY113KMWmprLBPA) 5. [Craig Smith](https://www.youtube.com/channel/UCxC8G4Oeed4N0-GVeDdFoSA) 6. [iotpentest [Mr-IoT]](https://www.youtube.com/channel/UCe2mJv2FPRFhYJ7dvNdYR4Q) 7. [Besim ALTINOK - IoT - Hardware - Wireless](https://www.youtube.com/channel/UCnIV7A3kDL4JXJEljpW6TRQ/playlists) 8. [Ghidra Ninja](https://www.youtube.com/channel/UC3S8vxwRfqLBdIhgRlDRVzw) 9. [Cyber Gibbons](https://www.youtube.com/channel/UC_IYERSoSwdR7AA5P41mYTA) ******************************************************************************************************************************** ### ***Vehicle Security Resources*** - https://github.com/jaredthecoder/awesome-vehicle-security ******************************************************************************************************************************** ### ***IoT security vulnerabilites checking guides*** - [Reflecting upon OWASP TOP-10 IoT Vulnerabilities](https://embedi.org/blog/reflecting-upon-owasp-top-10-iot-vulnerabilities/) - [OWASP IoT Top 10 2018 Mapping Project](https://scriptingxss.gitbook.io/owasp-iot-top-10-mapping-project/) - [Firmware Pentest Guide](https://scriptingxss.gitbook.io/firmware-security-testing-methodology/) - [Hardware toolkits for IoT security analysis](https://defcon-nn.ru/0x0B/Hardware%20toolkits%20for%20IoT%20security%20analysis.pdf) ******************************************************************************************************************************** ### ***IoT Gateway Software*** - [Webthings by Mozilla - RaspberryPi](https://iot.mozilla.org/docs/gateway-getting-started-guide.html) ******************************************************************************************************************************** ### ***Labs for Practice*** - [IoT Goat](https://github.com/scriptingxss/IoTGoat) ******************************************************************************************************************************** ### ***IoT Pentesting OSes*** - [Sigint OS- LTE IMSI Catcher](https://www.sigintos.com/downloads/) - [Instatn-gnuradio OS - For Radio Signals Testing](https://github.com/bastibl/instant-gnuradio) - [AttifyOS - IoT Pentest OS - by Aditya Gupta](https://github.com/adi0x90/attifyos) - [Ubutnu Best Host Linux for IoT's - Use LTS](https://www.ubuntu.com/) - [Internet of Things - Penetration Testing OS](https://github.com/IoT-PTv) - [Dragon OS - DEBIAN LINUX WITH PREINSTALLED OPEN SOURCE SDR SOFTWARE](https://www.rtl-sdr.com/dragonos-debian-linux-with-preinstalled-open-source-sdr-software/) - [EmbedOS - Embedded security testing virtual machine](https://github.com/scriptingxss/EmbedOS) ******************************************************************************************************************************** ### ***Exploitation Tools*** - [Expliot - IoT Exploitation framework - by Aseemjakhar](https://gitlab.com/expliot_framework/expliot) - [A Small, Scalable Open Source RTOS for IoT Embedded Devices](https://www.zephyrproject.org/) - [Skywave Linux- Software Defined Radio for Global Online Listening](https://skywavelinux.com/) - [Routersploit (Exploitation Framework for Embedded Devices)](https://github.com/threat9/routersploit) - [IoTSecFuzz (comprehensive testing for IoT device)](https://gitlab.com/invuls/iot-projects/iotsecfuzz) ******************************************************************************************************************************** ### ***Reverse Engineering Tools*** - [IDA Pro](https://www.youtube.com/watch?v=fgMl0Uqiey8) - [GDB](https://www.youtube.com/watch?v=fgMl0Uqiey8) - [Radare2](https://radare.gitbooks.io/radare2book/content/) | [cutter](https://cutter.re/) - [Ghidra](https://ghidra-sre.org/) ******************************************************************************************************************************** ## ***Introduction*** - [Introduction to IoT](https://en.wikipedia.org/wiki/Internet_of_things) - [IoT Architecture](https://www.c-sharpcorner.com/UploadFile/f88748/internet-of-things-part-2/) - [IoT attack surface](https://www.owasp.org/index.php/IoT_Attack_Surface_Areas) - [IoT Protocols Overview](https://www.postscapes.com/internet-of-things-protocols/) ******************************************************************************************************************************** ### ***MQTT*** - [Introduction](https://www.hivemq.com/blog/mqtt-essentials-part-1-introducing-mqtt) - [Hacking the IoT with MQTT](https://morphuslabs.com/hacking-the-iot-with-mqtt-8edaf0d07b9b) - [thoughts about using IoT MQTT for V2V and Connected Car from CES 2014](https://mobilebit.wordpress.com/tag/mqtt/) - [Nmap](https://nmap.org/nsedoc/lib/mqtt.html) - [The Seven Best MQTT Client Tools](https://www.hivemq.com/blog/seven-best-mqtt-client-tools) - [A Guide to MQTT by Hacking a Doorbell to send Push Notifications](https://youtu.be/J_BAXVSVPVI) - [Are smart homes vulnerable to hacking](https://blog.avast.com/mqtt-vulnerabilities-hacking-smart-homes) ### Softwares - [Mosquitto](https://mosquitto.org/) - [HiveMQ](https://www.hivemq.com/) - [MQTT Explorer](http://mqtt-explorer.com/) ******************************************************************************************************************************** ### ***CoAP*** - [Introduction](http://coap.technology/) - [CoAP client Tools](http://coap.technology/tools.html) - [CoAP Pentest Tools](https://bitbucket.org/aseemjakhar/expliot_framework) - [Nmap](https://nmap.org/nsedoc/lib/coap.html) ******************************************************************************************************************************** ### ***Automobile*** CanBus - [Introduction and protocol Overview](https://www.youtube.com/watch?v=FqLDpHsxvf8) - [PENTESTING VEHICLES WITH CANTOOLZ](https://www.blackhat.com/docs/eu-16/materials/eu-16-Sintsov-Pen-Testing-Vehicles-With-Cantoolz.pdf) - [Building a Car Hacking Development Workbench: Part1](https://blog.rapid7.com/2017/07/11/building-a-car-hacking-development-workbench-part-1/) - [CANToolz - Black-box CAN network analysis framework](https://github.com/CANToolz/CANToolz) - [PLAYING WITH CAN BUS](https://blog.danman.eu/playing-with-can-bus/) ******************************************************************************************************************************** ### ***Radio IoT Protocols Overview*** - [Understanding Radio](https://www.taitradioacademy.com/lessons/introduction-to-radio-communications-principals/) - [Signal Processing]() - [Software Defined Radio](https://www.allaboutcircuits.com/technical-articles/introduction-to-software-defined-radio/) - [Gnuradio](https://wiki.gnuradio.org/index.php/Guided_Tutorial_GRC#Tutorial:_GNU_Radio_Companion) - [Creating a flow graph](https://blog.didierstevens.com/2017/09/19/quickpost-creating-a-simple-flow-graph-with-gnu-radio-companion/) - [Analysing radio signals](https://www.rtl-sdr.com/analyzing-433-mhz-transmitters-rtl-sdr/) - [Recording specific radio signal](https://www.rtl-sdr.com/freqwatch-rtl-sdr-frequency-scanner-recorder/) - [Replay Attacks](https://www.rtl-sdr.com/tutorial-replay-attacks-with-an-rtl-sdr-raspberry-pi-and-rpitx/) ******************************************************************************************************************************** ### ***Base transceiver station (BTS)*** - [what is base tranceiver station](https://en.wikipedia.org/wiki/Base_transceiver_station) - [How to Build Your Own Rogue GSM BTS](https://www.evilsocket.net/2016/03/31/how-to-build-your-own-rogue-gsm-bts-for-fun-and-profit/) ******************************************************************************************************************************** ### ***GSM & SS7 Pentesting*** - [Introduction to GSM Security](http://www.pentestingexperts.com/introduction-to-gsm-security/) - [GSM Security 2 ](https://www.ehacking.net/2011/02/gsm-security-2.html) - [vulnerabilities in GSM security with USRP B200](https://ieeexplore.ieee.org/document/7581461/) - [Security Testing 4G (LTE) Networks](https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-44con-lte-presentation-2012-09-11.pdf) - [Case Study of SS7/SIGTRAN Assessment](https://nullcon.net/website/archives/pdf/goa-2017/case-study-of-SS7-sigtran.pdf) - [Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP](https://github.com/SigPloiter/SigPloit) - [ss7MAPer – A SS7 pen testing toolkit](https://n0where.net/ss7-pentesting-toolkit-ss7maper) - [Introduction to SIGTRAN and SIGTRAN Licensing](https://www.youtube.com/watch?v=XUY6pyoRKsg) - [SS7 Network Architecture](https://youtu.be/pg47dDUL1T0) - [Introduction to SS7 Signaling](https://www.patton.com/whitepapers/Intro_to_SS7_Tutorial.pdf) - [Breaking LTE on Layer Two](https://alter-attack.net/) ******************************************************************************************************************************** ### ***Zigbee & Zwave*** - [Introduction and protocol Overview](http://www.informit.com/articles/article.aspx?p=1409785) - [Hacking Zigbee Devices with Attify Zigbee Framework](https://blog.attify.com/hack-iot-devices-zigbee-sniffing-exploitation/) - [Hands-on with RZUSBstick](https://uk.rs-online.com/web/p/radio-frequency-development-kits/6962415/) - [ZigBee & Z-Wave Security Brief](http://www.riverloopsecurity.com/blog/2018/05/zigbee-zwave-part1/) ******************************************************************************************************************************** ### ***BLE Intro and SW & HW Tools*** - [Step By Step guide to BLE Understanding and Exploiting](https://github.com/V33RU/BLE-NullBlr) - [Traffic Engineering in a Bluetooth Piconet](http://www.diva-portal.org/smash/get/diva2:833159/FULLTEXT01.pdf) - [BLE Characteristics](https://devzone.nordicsemi.com/nordic/short-range-guides/b/bluetooth-low-energy/posts/ble-characteristics-a-beginners-tutorial) #### Reconnaissance (Active and Passive) with HCI Tools - [btproxy](https://github.com/conorpp/btproxy) - [hcitool & bluez](https://www.pcsuggest.com/linux-bluetooth-setup-hcitool-bluez) - [Testing With GATT Tool](https://www.jaredwolff.com/blog/get-started-with-bluetooth-low-energy/) - [Cracking encryption](https://github.com/mikeryan/crackle) - [bettercap](https://github.com/bettercap/bettercap) - [BtleJuice Bluetooth Smart Man-in-the-Middle framework](https://github.com/DigitalSecurity/btlejuice) - [gattacker](https://github.com/securing/gattacker) - [BTLEjack Bluetooth Low Energy Swiss army knife](https://github.com/virtualabs/btlejack) #### Hardware - [NRFCONNECT - 52840](https://www.nordicsemi.com/Software-and-tools/Development-Kits/nRF52840-Dongle) - [EDIMAX](https://www.nordicsemi.com/Software-and-tools/Development-Kits/nRF52840-Dongle) - [CSR 4.0](https://www.amazon.in/GENERIC-Ultra-Mini-Bluetooth-Dongle-Adapter/dp/B0117H7GZ6/ref=asc_df_B0117H7GZ6/?tag=googleshopdes-21&linkCode=df0&hvadid=396984700257&hvpos=1o1&hvnetw=g&hvrand=2179727910417729406&hvpone=&hvptwo=&hvqmt=&hvdev=c&hvdvcmdl=&hvlocint=&hvlocphy=9061998&hvtargid=pla-343685677347&psc=1&ext_vrnc=hi) - [ESP32 - Development and learning Bluetooth](https://www.espressif.com/en/products/hardware/esp32/overview) - [Ubertooth](https://github.com/greatscottgadgets/ubertooth/wiki/Ubertooth-One) - [Sena 100](http://www.senanetworks.com/ud100-g03.html) #### BLE Pentesting Tutorials - [Bluetooth vs BLE Basics](https://github.com/V33RU/BLE-NullBlr) - [Intel Edison as Bluetooth LE — Exploit box](https://medium.com/@arunmag/intel-edison-as-bluetooth-le-exploit-box-a63e4cad6580) - [How I Reverse Engineered and Exploited a Smart Massager](https://medium.com/@arunmag/how-i-reverse-engineered-and-exploited-a-smart-massager-ee7c9f21bf33) - [My journey towards Reverse Engineering a Smart Band — Bluetooth-LE RE](https://medium.com/@arunmag/my-journey-towards-reverse-engineering-a-smart-band-bluetooth-le-re-d1dea00e4de2) - [Bluetooth Smartlocks](https://www.getkisi.com/blog/smart-locks-hacked-bluetooth-ble) - [I hacked MiBand 3](https://medium.com/@yogeshojha/i-hacked-xiaomi-miband-3-and-here-is-how-i-did-it-43d68c272391) - [GATTacking Bluetooth Smart Devices](https://securing.pl/en/gattacking-bluetooth-smart-devices-introducing-a-new-ble-proxy-tool/index.html) ******************************************************************************************************************************** ### ***Mobile security (Android & iOS)*** - [Android App Reverse Engineering 101](https://maddiestone.github.io/AndroidAppRE/) - [Android Application pentesting book](https://www.packtpub.com/hardware-and-creative/learning-pentesting-android-devices) - [Android Pentest Video Course-TutorialsPoint](https://www.youtube.com/watch?v=zHknRia3I6s&list=PLWPirh4EWFpESLreb04c4eZoCvJQJrC6H) - [IOS Pentesting](https://web.securityinnovation.com/hubfs/iOS%20Hacking%20Guide.pdf?) - [OWASP Mobile Security Testing Guide](https://owasp.org/www-project-mobile-security-testing-guide/) - [Android Tamer - Android Tamer is a Virtual / Live Platform for Android Security professionals](https://androidtamer.com/) ******************************************************************************************************************************* ### ***Online Assemblers*** - [AZM Online Arm Assembler by Azeria](https://azeria-labs.com/azm/) - [Online Disassembler](https://onlinedisassembler.com/odaweb/) - [Compiler Explorer is an interactive online compiler which shows the assembly output of compiled C++, Rust, Go](https://godbolt.org/) ******************************************************************************************************************************** ### ***ARM*** - [Azeria Labs](https://azeria-labs.com/) - [ARM EXPLOITATION FOR IoT](https://www.exploit-db.com/docs/english/43906-arm-exploitation-for-iot.pdf) - [Damn Vulnerable ARM Router (DVAR)](https://blog.exploitlab.net/2018/01/dvar-damn-vulnerable-arm-router.html) - [EXPLOIT.EDUCATION](https://exploit.education/) ******************************************************************************************************************************** ### ***Pentesting Firmwares and emulating and analyzing*** - [Firmware analysis and reversing](https://www.owasp.org/index.php/IoT_Firmware_Analysis) - [Firmware emulation with QEMU](https://www.youtube.com/watch?v=G0NNBloGIvs) - [Dumping Firmware using Buspirate](http://iotpentest.com/tag/pulling-firmware/) - [Reversing ESP8266 Firmware](https://boredpentester.com/reversing-esp8266-firmware-part-1/) - [Emulating Embedded Linux Devices with QEMU](https://www.novetta.com/2018/02/emulating-embedded-linux-devices-with-qemu/?__cf_chl_captcha_tk__=2167fb6cf097848dbf0dea8e4ecccc66f2a55e55-1585030085-0-AVfO7wG_mHgvnIgeIl-aiKLNW1IMb5IMLyqLOSOLydnZFzhyAyySWgfKvjvllAtYtmpbJjnaTlwyaWiO2kHXH4APqLuott0R7UReYCTZ3u--g4AJBK4eONEL2bTJcAHg3fzmXhrC-3iAqccNQC4jx1RWEz60y_MKFq63NVeoE1pC0EBYWkk7VqDWusBFbgpj6zRNv0ifKLc3oLYJck-oG13jeSbPISVLMCn6bCHVLaTp2gW7qG6GRELIWgdyfP9viyMDSAww3u-R1NmUgRQzctXIYMWH1MdL5p8lqbSpCa160cW3JaZ16IxT7iP1HkCBurx7rCOVP3DAcI8zrc19V9mi-jU9nXIW0Xf9eIpqlUP-R_txfNw4vF10PwIGKmg0Cpl2IDuY1ty3J8koQkdvxfE) - [Emulating Embedded Linux Systems with QEMU](https://www.novetta.com/2018/02/emulating-embedded-linux-systems-with-qemu/?__cf_chl_captcha_tk__=9dd83a08cffb28fae75286f63f399c34eec56852-1585030087-0-AblGAUd4LCDVbghNgQyfL5hgPXNC8pUcLIAbPUpx2tBOb_L4gVVc1sZ7Ivg0g--06WpkdpeV-kylZu3T_Yqgr7GdFpc2cKzxATdc_bsEV7uu1ljIctFloHTW_B1vvjFAe3QXdex4kkn2D4HuQiw9WLszvO2Ff8SvvfEpHoBumOavj-c2iXcEb2dDFMoK3_HB_3-y7q_BEAX3xqDCjqz7TpcoIWt-wTSQwRfx-VuBfO87hrTsX43yzq6BNjCE9s15ZQmPp_NouYIHNMnx3augAfkwZBSUA0r43GbA--3jLmJsTe_qvcn7gMz_HAR-GpnA_Usn_cr94VqtyNpl0vEsC1OMf48oBMMoFQJA6Jjn1hGPv5hV4M4aBtJrTnFoRP2YGwxAyNTM3Df9qw1iyBB8r58) - [Fuzzing Embedded Linux Devices](https://www.novetta.com/2018/07/fuzzing-embedded-linux-devices/?__cf_chl_captcha_tk__=f07f3f76e61b43f9ae6340e94cf4adeaec87977e-1585030089-0-AYkRNbh1wpUia0P5wBgrRfhf92Uy6Pl2mEEBOXi2FUvxROOJ9obK4ZIS78Y4iCRrMdi3umwQrJEyF0u3EPwHPu3_22f5PwOvVDFC0QwFPyw7LkY5bLuansI_8uoEunuLIEQ1VPIZHFpht1vT0_rW4YrYGc8osJZpubAhXfyZe1G7U_ibpZj9tdrUE6SwgA_Ph0io4LRfbjuvpeM03NHuc1sTTqRVdkWiw47kmr9uSAK10ZmQEvE7zpbpkEJM2slchjdYq6hziM3L5l8vB-eEm_JVxsSHbGfdDM3kSfTw3oXlYkvxvLy_llSyyefuub4yOBrqNgzV1Gj_PDTmuRTMxobGo7vZaRdr2LgOXML58kpG6NTDLb3A4YzwVw9u32ErRh4Ab89vn90RsHlWnU928Oc) - [Emulating ARM Router Firmware](https://azeria-labs.com/emulating-arm-firmware/) - [Reversing Firmware With Radare](https://www.bored-nerds.com/reversing/radare/automotive/2019/07/07/reversing-firmware-with-radare.html) - [Samsung Firmware Magic](https://github.com/chrivers/samsung-firmware-magic) ******************************************************************************************************************************** ### ***Firmware samples to pentest*** - [Download From here](https://firmware.center/) ******************************************************************************************************************************** ### ***IoT hardware Overview*** - [IoT Hardware Guide](https://www.postscapes.com/internet-of-things-hardware/) ******************************************************************************************************************************** ### ***Hardware Gadgets to pentest*** - [Bus Pirate](https://www.sparkfun.com/products/12942) - [EEPROM reader/SOIC Cable](https://www.sparkfun.com/products/13153) - [Jtagulator/Jtagenum](https://www.adafruit.com/product/1550) - [Logic Analyzer](https://www.saleae.com/) - [The Shikra](https://int3.cc/products/the-shikra) - [FaceDancer21 (USB Emulator/USB Fuzzer)](https://int3.cc/products/facedancer21) - [RfCat](https://int3.cc/products/rfcat) - [Hak5Gear- Hak5FieldKits](https://hakshop.com/) - [Ultra-Mini Bluetooth CSR 4.0 USB Dongle Adapter](https://www.ebay.in/itm/Ultra-Mini-Bluetooth-CSR-4-0-USB-Dongle-Adapter-Black-Golden-with-2-yr-wrnty-/332302813975) - [Attify Badge - UART, JTAG, SPI, I2C (w/ headers)](https://www.attify-store.com/products/attify-badge-assess-security-of-iot-devices) ******************************************************************************************************************************** ### ***Attacking Hardware Interfaces*** - [Serial Terminal Basics](https://learn.sparkfun.com/tutorials/terminal-basics/all) - [Reverse Engineering Serial Ports](http://www.devttys0.com/2012/11/reverse-engineering-serial-ports/) - [REVERSE ENGINEERING ARCHITECTURE AND PINOUT OF CUSTOM ASICS](https://sec-consult.com/en/blog/2019/02/reverse-engineering-architecture-pinout-plc/) - [ChipWhisperer - Hardware attacks](http://wiki.newae.com/Main_Page) ******************************************************************************************************************************** ### ***UART*** - [Identifying UART interface](https://www.mikroe.com/blog/uart-serial-communication) - [onewire-over-uart](https://github.com/dword1511/onewire-over-uart) - [Accessing sensor via UART](http://home.wlu.edu/~levys/courses/csci250s2017/SensorsSignalsSerialSockets.pdf) - [Using UART to connect to a chinese IP cam](https://www.davidsopas.com/using-uart-to-connect-to-a-chinese-ip-cam/) - [A journey into IoT – Hardware hacking: UART](https://techblog.mediaservice.net/2019/03/a-journey-into-iot-hardware-hacking-uart/) ******************************************************************************************************************************** ### ***JTAG*** - [Identifying JTAG interface](https://blog.senr.io/blog/jtag-explained) - [NAND Glitching Attack](http://www.brettlischalk.com/posts/nand-glitching-wink-hub-for-root)\ ******************************************************************************************************************************** ### ***SideChannel Attacks*** - [All Attacks](https://yifan.lu/) ******************************************************************************************************************************** ### ***Awesome IoT Pentesting Guides*** - [Shodan Pentesting Guide](https://community.turgensec.com/shodan-pentesting-guide/) - [Car Hacking Practical Guide 101](https://medium.com/@yogeshojha/car-hacking-101-practical-guide-to-exploiting-can-bus-using-instrument-cluster-simulator-part-i-cd88d3eb4a53) - [OWASP Firmware Security Testing Methodology ](https://scriptingxss.gitbook.io/firmware-security-testing-methodology/) ******************************************************************************************************************************** ## ***Vulnerable IoT and Hardware Applications*** - IoT : https://github.com/Vulcainreo/DVID - Safe : https://insinuator.net/2016/01/damn-vulnerable-safe/ - Router : https://github.com/praetorian-code/DVRF - SCADA : https://www.slideshare.net/phdays/damn-vulnerable-chemical-process - PI : https://whitedome.com.au/re4son/sticky-fingers-dv-pi/ - SS7 Network: https://www.blackhat.com/asia-17/arsenal.html#damn-vulnerable-ss7-network - VoIP : https://www.vulnhub.com/entry/hacklab-vulnvoip,40/ ******************************************************************************************************************************* ## ***follow the people*** - [Jilles](https://twitter.com/jilles_com) - [Aseem Jakhar](https://twitter.com/aseemjakhar) - [Cybergibbons](https://twitter.com/cybergibbons) - [Ilya Shaposhnikov](https://twitter.com/drakylar) - [Mark C.](https://twitter.com/LargeCardinal) - [A-a-ron Guzman](https://twitter.com/scriptingxss) - [Arun Mane](https://twitter.com/rootkill3r) - [Yashin Mehaboobe](https://twitter.com/YashinMehaboobe) - [Arun Magesh](https://www.linkedin.com/in/marunmagesh)