mirror of
https://github.com/V33RU/awesome-connected-things-sec.git
synced 2026-04-10 12:33:45 +00:00
799 lines
52 KiB
Markdown
799 lines
52 KiB
Markdown
|
||
|
||
|
||
|
||
|
||
- A Collection for IoT Security Resources
|
||
- You are welcome to fork and [contribute](https://github.com/V33RU/IoTSecurity101/blob/master/contributors.md#contributors)
|
||
|
||
- Other Interesting Areas
|
||
- [ICS-Security](https://github.com/V33RU/IoTSecurity101/blob/master/ICS/Industrial%20Control%20Systems.md)
|
||
- [Automotive-Security](https://github.com/V33RU/IoTSecurity101/blob/master/Automotive/Automotive-security.md)
|
||
|
||
********************************************************************************************************************************
|
||
|
||
|
||
#### 🛠️ Approach Methodology
|
||
|
||
- 🌐 ***1. Network***
|
||
- 🌐 ***2. Web (Front & Backend and Web services)***
|
||
- 📱 ***3. Mobile App (Android & iOS)***
|
||
- 📡 ***4. Wireless Connectivity (Zigbee, WiFi, Bluetooth, etc)***
|
||
- 💽 ***5. Firmware Pentesting (OS of IoT Devices)***
|
||
- 🛠️ ***6. Hardware Hacking & Fault Injections & SCA Attacks***
|
||
- 💾 ***7. Storage Medium***
|
||
- 🔌 ***8. I/O Ports***
|
||
|
||
## 📑 Contents
|
||
|
||
- 🛡️ IoT Security information
|
||
- [👥 IoT Security Chat groups](#chat-groups-for-iot-security)
|
||
- [🎓 IoT and Hardware Security Trainings](#iot-and-hardware-security-trainings)
|
||
- [📚 Books](#books-for-iot-penetration-testing)
|
||
- [🖋️ Blogs](#blogs-for-iotpentest)
|
||
- [📋 Cheatsheets](#awesome-cheatsheets)
|
||
- [🔍 Search Engines](#search-engines-for-exposed-iot-devices-worldwide)
|
||
- [🚩 CTF](#vulnerable-iot-and-hardware-applications)
|
||
- [📺 Youtube](#youtube-channels-for-iot-pentesting)
|
||
- [⚒️ Exploitation Tools](#exploitation-tools)
|
||
- [🖥️ IoT Pentesting OSes](#iot-pentesting-oses)
|
||
- [📘 IoT Vulnerabilities Checking Guides](#iot-vulnerabilites-checking-guides)
|
||
- [🔬 IoT Labs](#vulnerable-iot-and-hardware-applications)
|
||
- [📖 Awesome IoT Pentesting Guides](#awesome-iot-pentesting-guides)
|
||
- [🐛 Fuzzing Things](#fuzzing-things)
|
||
- [🏢 IoT Lab Setup guide for corporate/individual](https://github.com/IoT-PTv/IoT-Lab-Setup)
|
||
- [🔧 FlipperZero](#flipperzero)
|
||
|
||
- 🌐 Network
|
||
- 🌐 Web IoT Message Protocols
|
||
- [📨 MQTT](#mqtt)
|
||
- [📬 CoAP](#coap)
|
||
|
||
- 📱 Mobile app
|
||
- [🛡️ Mobile security (Android & iOS)](#mobile-security-android--ios)
|
||
|
||
- 📡 Wireless Protocols
|
||
- [📻 RADIO HACKING STARTING GUIDE](#Radio-Hacker-Quick-Start-Guide)
|
||
- [📡 Cellular Hacking GSM BTS](#cellular-hacking-gsm-bts)
|
||
- [🐝 Zigbee](#zigbee-aLL-stuff)
|
||
- [🔵 Bluetooth](#ble-intro-and-sw-hw-tools-to-pentest)
|
||
- [📞 DECT](#dect-digital-enhanced-cordless-telecommunications)
|
||
|
||
- 💽 Firmware
|
||
- [🔍 Reverse Engineering Tools](#reverse-engineering-tools)
|
||
- [💻 Online Assemblers](#online-assemblers)
|
||
- [💪 ARM](#arm)
|
||
- [🔨 Pentesting Firmwares and emulating and analyzing](#pentesting-firmwares-and-emulating-and-analyzing)
|
||
- [🔬 Firmware samples to pentest](#firmware-samples-to-pentest)
|
||
- [🔒 Secureboot](#secureboot)
|
||
|
||
- 🛠️ Hardware
|
||
- [🔎 IoT Hardware Intro](#iot-hardware-overview-and-hacking)
|
||
- [📌 IoT Hardware hacking Intro]
|
||
- [🛠️ Required hardware to pentest IoT](#hardware-gadgets-to-pentest)
|
||
- [🔌 Hardware interfaces](#attacking-hardware-interfaces)
|
||
- [🔌 SPI](#spi)
|
||
- [🔌 UART](#uart)
|
||
- [🔌 JTAG](#jtag)
|
||
- [🛠️ SideChannel Attacks & Glitching attacks](#sidechannel-attacks)
|
||
- [🛠️ Glitching Attacks](#glitching-attacks)
|
||
|
||
- 💾 Storage Medium
|
||
- [📀 EMMC Hacking](#emmc-hacking)
|
||
|
||
- 💳 Payment Security
|
||
- [💵 ATM Hacking](#ATM-Hacking)
|
||
|
||
|
||
********************************************************************************************************************************
|
||
### To See Hacked Devices
|
||
|
||
- [Exploitee.rs Blog](https://blog.exploitee.rs/2018/10/)
|
||
- [Exploitee.rs Website](https://www.exploitee.rs/)
|
||
- [Exploitee.rs Forum](https://forum.exploitee.rs/)
|
||
- [Your Lenovo Watch X Is Watching You & Sharing What It Learns](https://www.checkmarx.com/blog/lenovo-watch-watching-you/)
|
||
- [Your Smart Scale is Leaking More than Your Weight: Privacy Issues in IoT](https://www.checkmarx.com/blog/smart-scale-privacy-issues-iot/)
|
||
- [Smart Bulb Offers Light, Color, Music, and… Data Exfiltration?](https://www.checkmarx.com/blog/smart-bulb-exfiltration/)
|
||
- [Besder-IPCamera Analysis](http://blog.0x42424242.in/2019/04/besder-investigative-journey-part-1_24.html)
|
||
- [Smart Lock Vulnerabilities](https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/)
|
||
- [Subaru Head Unit Jailbreak](https://github.com/sgayou/subaru-starlink-research/blob/master/doc/README.md)
|
||
- [Jeep Hack](http://illmatics.com/Remote%20Car%20Hacking.pdf)
|
||
- [Dropcam Hacking](https://www.defcon.org/images/defcon-22/dc-22-presentations/Moore-Wardle/DEFCON-22-Colby-Moore-Patrick-Wardle-Synack-DropCam-Updated.pdf)
|
||
- [Printer Hacking Live Sessions - Gamozo Labs](https://www.youtube.com/watch?v=2LVtEoQA8Qo&ab_channel=gamozolabs)
|
||
- [LED Light Hacking](https://youtu.be/Nnb2ct3hc68)
|
||
|
||
********************************************************************************************************************************
|
||
- [IoT-Vuln-with CVE and PoC of tenda and dlink](https://github.com/z1r00/IOT_Vul)
|
||
|
||
********************************************************************************************************************************
|
||
### Chat Groups for IoT Security
|
||
|
||
- [IoTSecurity101 Telegram](https://t.me/iotsecurity1011)
|
||
- [IoTSecurity101 Reddit](https://www.reddit.com/r/IoTSecurity101/)
|
||
- [IoTSecurity101 Discord](https://discord.gg/EH9dxT9)
|
||
- [Hardware Hacking Telegram](https://t.me/hardwareHackingBrasil)
|
||
- [RFID Discord Group](https://discord.gg/Z43TrcVyPr)
|
||
- [ICS Discord Group](https://discord.com/invite/CmDDsFK)
|
||
|
||
********************************************************************************************************************************
|
||
### IoT and Hardware Security Trainings
|
||
- [opensecuritytraining 2](https://p.ost2.fyi/courses)
|
||
|
||
********************************************************************************************************************************
|
||
### Books for IoT Penetration Testing
|
||
|
||
#### 2004
|
||
- [The Firmware Handbook (Embedded Technology) 1st Edition by Jack Ganssle](https://www.amazon.com/Firmware-Handbook-Embedded-Technology/dp/075067606X)
|
||
- [Hardware Hacking: Have Fun while Voiding your Warranty 1st Edition](https://www.elsevier.com/books/hardware-hacking/grand/978-1-932266-83-2)
|
||
|
||
#### 2007
|
||
- [Linksys WRT54G Ultimate Hacking 1st Edition by Paul Asadoorian](https://www.amazon.com/Linksys-WRT54G-Ultimate-Hacking-Asadoorian/dp/1597491667)
|
||
|
||
#### 2013
|
||
- [Hacking the Xbox - An Introduction to Reverse Engineering HACKING THE XBOX by Andrew “bunnie” Huang](https://www.nostarch.com/xboxfree)
|
||
- [Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure by Eric D. Knapp , Raj Samani](https://www.amazon.com/Applied-Cyber-Security-Smart-Grid/dp/1597499986/)
|
||
|
||
#### 2014
|
||
- [Android Hacker's Handbook by Joshua J. Drake](https://www.amazon.in/Android-Hackers-Handbook-MISL-WILEY-Joshua/dp/812654922X)
|
||
|
||
#### 2015
|
||
- [The Art of Pcb Reverse Engineering: Unravelling the Beauty of the Original Design](https://www.amazon.in/Art-Pcb-Reverse-Engineering-Unravelling/dp/1499323441)
|
||
- [Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts 1st Edition, by Nitesh Dhanjani](https://www.amazon.in/Abusing-Internet-Things-Blackouts-Freakouts-ebook/dp/B013VQ7N36)
|
||
|
||
#### 2016
|
||
- [Learning Linux Binary Analysis By Ryan "elfmaster" O'Neill](https://www.packtpub.com/networking-and-servers/learning-linux-binary-analysis)
|
||
- [Car hacker's handbook by Craig Smith](http://opengarages.org/handbook)
|
||
|
||
#### 2017
|
||
- [IoT Penetration Testing Cookbook By Aaron Guzman , Aditya Gupta](https://www.packtpub.com/networking-and-servers/iot-penetration-testing-cookbook)
|
||
|
||
#### 2018
|
||
- [Inside Radio: An Attack and Defense Guide by Authors: Yang, Qing, Huang, Lin](https://books.google.co.in/books?id=71NSDwAAQBAJ&printsec=copyright&redir_esc=y#v=onepage&q&f=false)
|
||
- [Pentest Hardware](https://github.com/unprovable/PentestHardware/)
|
||
- [Gray Hat Hacking: The Ethical Hacker's Handbook, Fifth Edition 5th Edition by Daniel Regalado , Shon Harris , Allen Harper , Chris Eagle , Jonathan Ness , Branko Spasojevic , Ryan Linn , Stephen Sims](https://www.amazon.in/Gray-Hat-Hacking-Ethical-Handbook-ebook/dp/B07D3J9J4H)
|
||
|
||
#### 2021
|
||
- [Practical Hardware Pentesting](https://www.packtpub.com/product/practical-hardware-pentesting/9781789619133?_ga=2.224205017.333884789.1668314814-101815837.1668314814)
|
||
- [The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks Front Cover Jasper van Woudenberg, Colin O'Flynn](https://books.google.co.in/books?id=DEqatAEACAAJ&source=gbs_navlinks_s)
|
||
- [Practical IoT Hacking-The Definitive Guide to Attacking the Internet of Things by Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, Beau Woods](https://nostarch.com/practical-iot-hacking)
|
||
|
||
#### 2022
|
||
- [PatrIoT: practical and agile threat research for IoT by Emre Süren](https://link.springer.com/article/10.1007/s10207-022-00633-3)
|
||
|
||
#### 2023
|
||
- [Practical Hardware Pentesting - Second Edition](https://www.packtpub.com/product/practical-hardware-pentesting-second-edition/9781803249322)
|
||
- [Blue Fox: Arm Assembly Internals & Reverse Engineering](https://www.wiley.com/en-gb/Blue+Fox%3A+Arm+Assembly+Internals+%26+Reverse+Engineering-p-9781119745303)
|
||
- [Fuzzing Against the Machine: Automate vulnerability research with emulated IoT devices on QEMU](https://www.packtpub.com/product/fuzzing-against-the-machine/9781804614976)
|
||
- [Hardware Security Training, Hands-on!](https://link.springer.com/book/10.1007/978-3-031-31034-8)
|
||
- [Manual PCB-RE: The Essentials](https://www.amazon.com/Manual)
|
||
|
||
|
||
********************************************************************************************************************************
|
||
### Blogs for IoT Pentest
|
||
|
||
- [Jilles.com](https://jilles.com/)
|
||
- [Payatu Blog](https://payatu.com/blog/)
|
||
- [Raelize Blog](https://raelize.com/blog/)
|
||
- [JCJC Dev Blog](http://jcjc-dev.com/)
|
||
- [W00tsec Blog](https://w00tsec.blogspot.in/)
|
||
- [Devttys0 Blog](http://www.devttys0.com/)
|
||
- [Wrongbaud Blog](https://wrongbaud.github.io/)
|
||
- [Embedded Bits Blog](https://embeddedbits.org/)
|
||
- [RTL-SDR Blog](https://www.rtl-sdr.com/)
|
||
- [Keenlab Blog](https://keenlab.tencent.com/en/)
|
||
- [Courk.cc](https://courk.cc/)
|
||
- [IoT Security Wiki](https://iotsecuritywiki.com/)
|
||
- [Cybergibbons Blog](https://cybergibbons.com/)
|
||
- [Firmware.RE](http://firmware.re/)
|
||
- [K3170makan Blog](http://blog.k3170makan.com/)
|
||
- [Tclaverie Blog](https://blog.tclaverie.eu/)
|
||
- [Besimaltinok Blog](http://blog.besimaltinok.com/category/iot-pentest/)
|
||
- [Ctrlu Blog](https://ctrlu.net/)
|
||
- [IoT Pentest Blog](http://iotpentest.com/)
|
||
- [Attify Blog](https://blog.attify.com)
|
||
- [Duo Decipher Blog](https://duo.com/decipher/)
|
||
- [Sp3ctr3 Blog](http://www.sp3ctr3.me)
|
||
- [0x42424242.in Blog](http://blog.0x42424242.in/)
|
||
- [Dantheiotman Blog](https://dantheiotman.com/)
|
||
- [Danman Blog](https://blog.danman.eu/)
|
||
- [Quentinkaiser Blog](https://quentinkaiser.be/)
|
||
- [Quarkslab Blog](https://blog.quarkslab.com)
|
||
- [Ice9 Blog](https://blog.ice9.us/)
|
||
- [F-Secure Labs Blog](https://labs.f-secure.com/)
|
||
- [MG.lol Blog](https://mg.lol/blog/)
|
||
- [CJHackerz Blog](https://cjhackerz.net/)
|
||
- [Bunnie's Blog](https://github.com/sponsors/bunnie/)
|
||
- [IoT My Way Blog](https://iotmyway.wordpress.com/)
|
||
- [Synacktiv Publications](https://www.synacktiv.com/publications.html)
|
||
- [Cr4.sh Blog](http://blog.cr4.sh/)
|
||
- [Ktln2 Blog](https://ktln2.org/)
|
||
- [Naehrdine Blog](https://naehrdine.blogspot.com/)
|
||
- [Limited Results Blog](https://limitedresults.com/)
|
||
- [Fail0verflow Blog](https://fail0verflow.com/blog/)
|
||
- [Exploit Security Blog](https://www.exploitsecurity.io/blog)
|
||
|
||
|
||
********************************************************************************************************************************
|
||
### Awesome CheatSheets
|
||
|
||
- [Hardware Hacking cheat sheet](https://github.com/arunmagesh/hw_hacking_cheatsheet)
|
||
- [Nmap](https://github.com/gnebbia/nmap_tutorial)
|
||
|
||
********************************************************************************************************************************
|
||
# Search Engines for Internet-Connected Devices
|
||
|
||
- [Shodan](https://www.shodan.io/)
|
||
- [Censys](https://censys.io/)
|
||
- [ZoomEye](https://www.zoomeye.org/)
|
||
- [BinaryEdge](https://www.binaryedge.io/)
|
||
- [Thingful](https://www.thingful.net/)
|
||
- [Wigle](https://wigle.net/)
|
||
- [Hunter.io](https://hunter.io/)
|
||
- [BuiltWith](https://builtwith.com/)
|
||
- [NetDB](https://github.com/stamparm/NetDB)
|
||
- [Recon-ng](https://github.com/lanmaster53/recon-ng)
|
||
- [PublicWWW](https://publicwww.com/)
|
||
|
||
********************************************************************************************************************************
|
||
### YouTube Channels for IoT Pentesting
|
||
|
||
- [Joe Grand](https://www.youtube.com/@JoeGrand)
|
||
- [Liveoverflow](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w)
|
||
- [Binary Adventure](https://www.youtube.com/channel/UCSLlgiYtOXZnYPba_W4bHqQ)
|
||
- [EEVBlog](https://www.youtube.com/user/EEVblog)
|
||
- [Craig Smith](https://www.youtube.com/channel/UCxC8G4Oeed4N0-GVeDdFoSA)
|
||
- [iotpentest [Mr-IoT]](https://www.youtube.com/channel/UCe2mJv2FPRFhYJ7dvNdYR4Q)
|
||
- [Besim ALTINOK - IoT - Hardware - Wireless](https://www.youtube.com/channel/UCnIV7A3kDL4JXJEljpW6TRQ/playlists)
|
||
- [Ghidra Ninja](https://www.youtube.com/channel/UC3S8vxwRfqLBdIhgRlDRVzw)
|
||
- [Cyber Gibbons](https://www.youtube.com/channel/UC_IYERSoSwdR7AA5P41mYTA)
|
||
- [Scanline](https://www.youtube.com/channel/UCaEgw3321ct_PE4PJvdhXEQ)
|
||
- [Aaron Christophel](https://www.youtube.com/c/12002230/videos)
|
||
- [Valerio Di Giampietro](https://www.youtube.com/c/MakeMeHack)
|
||
|
||
********************************************************************************************************************************
|
||
### Vehicle Security Resources
|
||
|
||
- https://github.com/jaredthecoder/awesome-vehicle-security
|
||
|
||
********************************************************************************************************************************
|
||
### IoT Vulnerabilites Checking Guides
|
||
|
||
- [Reflecting upon OWASP TOP-10 IoT Vulnerabilities](https://embedi.org/blog/reflecting-upon-owasp-top-10-iot-vulnerabilities/)
|
||
- [OWASP IoT Top 10 2018 Mapping Project](https://scriptingxss.gitbook.io/owasp-iot-top-10-mapping-project/)
|
||
- [Hardware toolkits for IoT security analysis](https://defcon-nn.ru/0x0B/Hardware%20toolkits%20for%20IoT%20security%20analysis.pdf)
|
||
|
||
********************************************************************************************************************************
|
||
### IoT Gateway Software
|
||
|
||
- [Webthings by Mozilla - RaspberryPi](https://iot.mozilla.org/docs/gateway-getting-started-guide.html)
|
||
|
||
********************************************************************************************************************************
|
||
### IoT Pentesting OSes
|
||
|
||
- [Sigint OS- LTE IMSI Catcher](https://www.sigintos.com/downloads/)
|
||
- [Instatn-gnuradio OS - For Radio Signals Testing](https://github.com/bastibl/instant-gnuradio)
|
||
- [AttifyOS - IoT Pentest OS - by Aditya Gupta](https://github.com/adi0x90/attifyos)
|
||
- [Ubutnu Best Host Linux for IoT's - Use LTS](https://www.ubuntu.com/)
|
||
- [Internet of Things - Penetration Testing OS v1](https://github.com/IoT-PTv)
|
||
- [Dragon OS - DEBIAN LINUX WITH PREINSTALLED OPEN SOURCE SDR SOFTWARE](https://www.rtl-sdr.com/dragonos-debian-linux-with-preinstalled-open-source-sdr-software/)
|
||
- [EmbedOS - Embedded security testing virtual machine](https://github.com/scriptingxss/EmbedOS)
|
||
- [Skywave Linux- Software Defined Radio for Global Online Listening](https://skywavelinux.com/)
|
||
- [A Small, Scalable Open Source RTOS for IoT Embedded Devices](https://www.zephyrproject.org/)
|
||
- [ICS - Controlthings.io](https://www.controlthings.io/platform)
|
||
|
||
********************************************************************************************************************************
|
||
### Exploitation Tools
|
||
|
||
- [Expliot - IoT Exploitation framework - by Aseemjakhar](https://gitlab.com/expliot_framework/expliot)
|
||
- [Routersploit (Exploitation Framework for Embedded Devices)](https://github.com/threat9/routersploit)
|
||
- [IoTSecFuzz (comprehensive testing for IoT device)](https://gitlab.com/invuls/iot-projects/iotsecfuzz)
|
||
- [HomePwn - Swiss Army Knife for Pentesting of IoT Devices](https://github.com/ElevenPaths/HomePWN)
|
||
- [killerbee - Zigbee exploitation](https://github.com/riverloopsec/killerbee)
|
||
- [PRET - Printer Exploitation Toolkit](https://github.com/RUB-NDS/PRET)
|
||
- [HAL – The Hardware Analyzer](https://github.com/emsec/hal)
|
||
- [FwAnalyzer (Firmware Analyzer)](https://github.com/cruise-automation/fwanalyzer)
|
||
- [ISF(Industrial Security Exploitation Framework](https://github.com/w3h/isf)
|
||
- [PENIOT: Penetration Testing Tool for IoT](https://github.com/yakuza8/peniot)
|
||
- [MQTT-PWN](https://github.com/akamai-threat-research/mqtt-pwn)
|
||
|
||
********************************************************************************************************************************
|
||
### Reverse Engineering Tools
|
||
|
||
- [IDA Pro](https://www.youtube.com/watch?v=fgMl0Uqiey8)
|
||
- [GDB](https://www.youtube.com/watch?v=fgMl0Uqiey8)
|
||
- [Radare2](https://radare.gitbooks.io/radare2book/content/) | [cutter](https://cutter.re/)
|
||
- [Ghidra](https://ghidra-sre.org/)
|
||
|
||
********************************************************************************************************************************
|
||
## Introduction
|
||
|
||
- [Introduction to IoT](https://en.wikipedia.org/wiki/Internet_of_things)
|
||
- [IoT Architecture](https://www.c-sharpcorner.com/UploadFile/f88748/internet-of-things-part-2/)
|
||
- [IoT attack surface](https://www.owasp.org/index.php/IoT_Attack_Surface_Areas)
|
||
- [IoT Protocols Overview](https://www.postscapes.com/internet-of-things-protocols/)
|
||
|
||
********************************************************************************************************************************
|
||
### IoT Web and message services
|
||
|
||
#### MQTT
|
||
|
||
- [Introduction](https://www.hivemq.com/blog/mqtt-essentials-part-1-introducing-mqtt)
|
||
- [Hacking the IoT with MQTT](https://morphuslabs.com/hacking-the-iot-with-mqtt-8edaf0d07b9b)
|
||
- [thoughts about using IoT MQTT for V2V and Connected Car from CES 2014](https://mobilebit.wordpress.com/tag/mqtt/)
|
||
- [Nmap](https://nmap.org/nsedoc/lib/mqtt.html)
|
||
- [The Seven Best MQTT Client Tools](https://www.hivemq.com/blog/seven-best-mqtt-client-tools)
|
||
- [A Guide to MQTT by Hacking a Doorbell to send Push Notifications](https://youtu.be/J_BAXVSVPVI)
|
||
- [Are smart homes vulnerable to hacking](https://blog.avast.com/mqtt-vulnerabilities-hacking-smart-homes)
|
||
- [Deep Learning UDF for KSQL / ksqlDB for Streaming Anomaly Detection of MQTT IoT Sensor Data](https://github.com/kaiwaehner/ksql-udf-deep-learning-mqtt-iot)
|
||
- [Authenticating & Authorizing Devices using MQTT with Auth0](https://auth0.com/docs/integrations/authenticate-devices-using-mqtt)
|
||
- [Development information for the MQTT with hardware](https://www.hackster.io/search?i=projects&q=Mqtt)
|
||
- [Understanding the MQTT Protocol Packet Structure](http://www.steves-internet-guide.com/mqtt-protocol-messages-overview/)
|
||
- [R7-2019-18: Multiple Hickory Smart Lock Vulnerabilities](https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/)
|
||
- [IoT Live Demo: 100.000 Connected Cars With Kubernetes, Kafka, MQTT, TensorFlow](https://dzone.com/articles/iot-live-demo-100000-connected-cars-with-kubernete)
|
||
|
||
|
||
#### Softwares
|
||
- [Mosquitto-An open source MQTT broker](https://mosquitto.org/)
|
||
- [HiveMQ](https://www.hivemq.com/)
|
||
- [MQTT Explorer](http://mqtt-explorer.com/)
|
||
- [MQTT proxy - IoXY](https://blog.nviso.eu/2020/07/06/introducing-ioxy-an-open-source-mqtt-intercepting-proxy/)
|
||
- [MQTT Broker Security - 101](https://payatu.com/blog/dattatray/iot-security-%E2%80%93-part-12-mqtt-broker-security---101)
|
||
- [Welcome to MQTT-PWN!](https://mqtt-pwn.readthedocs.io/en/latest/)
|
||
|
||
#### CoAP
|
||
|
||
- [Introduction](http://coap.technology/)
|
||
- [CoAP client Tools](http://coap.technology/tools.html)
|
||
- [CoAP Pentest Tools](https://bitbucket.org/aseemjakhar/expliot_framework)
|
||
- [Nmap - NSE for coap](https://nmap.org/nsedoc/lib/coap.html)
|
||
|
||
|
||
********************************************************************************************************************************
|
||
### RADIO HACKER QUICK START GUIDE
|
||
|
||
- [Complete course in Software Defined Radio (SDR) by Michael Ossmann](https://greatscottgadgets.com/sdr/)
|
||
- [SDR Notes - Radio IoT Protocols Overview](https://github.com/notpike/SDR-Notes)
|
||
- [Understanding Radio](https://www.taitradioacademy.com/lessons/introduction-to-radio-communications-principals/)
|
||
- [Introduction to Software Defined Radio](https://www.allaboutcircuits.com/technical-articles/introduction-to-software-defined-radio/)
|
||
- [Introduction Gnuradio companion](https://wiki.gnuradio.org/index.php/Guided_Tutorial_GRC#Tutorial:_GNU_Radio_Companion)
|
||
- [Creating a flow graph in gunradiocompanion](https://blog.didierstevens.com/2017/09/19/quickpost-creating-a-simple-flow-graph-with-gnu-radio-companion/)
|
||
- [Analysing radio signals 433Mhz ](https://www.rtl-sdr.com/analyzing-433-mhz-transmitters-rtl-sdr/)
|
||
- [Recording specific radio signal](https://www.rtl-sdr.com/freqwatch-rtl-sdr-frequency-scanner-recorder/)
|
||
- [Replay Attacks with raspberrypi -rpitx](https://www.rtl-sdr.com/tutorial-replay-attacks-with-an-rtl-sdr-raspberry-pi-and-rpitx/)
|
||
|
||
### Cellular Hacking GSM BTS
|
||
|
||
#### BTS
|
||
|
||
- [Awesome-Cellular-Hacking](https://github.com/W00t3k/Awesome-Cellular-Hacking/blob/master/README.md)
|
||
- [what is base tranceiver station](https://en.wikipedia.org/wiki/Base_transceiver_station)
|
||
- [How to Build Your Own Rogue GSM BTS](https://l33t.gg/how-to-build-a-rogue-gsm-bts/)
|
||
|
||
#### GSM SS7 Pentesting
|
||
|
||
- [Introduction to GSM Security](http://www.pentestingexperts.com/introduction-to-gsm-security/)
|
||
- [GSM Security 2 ](https://www.ehacking.net/2011/02/gsm-security-2.html)
|
||
- [vulnerabilities in GSM security with USRP B200](https://ieeexplore.ieee.org/document/7581461/)
|
||
- [Security Testing 4G (LTE) Networks](https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-44con-lte-presentation-2012-09-11.pdf)
|
||
- [Case Study of SS7/SIGTRAN Assessment](https://nullcon.net/website/archives/pdf/goa-2017/case-study-of-SS7-sigtran.pdf)
|
||
- [Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP](https://github.com/SigPloiter/SigPloit)
|
||
- [ss7MAPer – A SS7 pen testing toolkit](https://n0where.net/ss7-pentesting-toolkit-ss7maper)
|
||
- [Introduction to SIGTRAN and SIGTRAN Licensing](https://www.youtube.com/watch?v=XUY6pyoRKsg)
|
||
- [SS7 Network Architecture](https://youtu.be/pg47dDUL1T0)
|
||
- [Introduction to SS7 Signaling](https://www.patton.com/whitepapers/Intro_to_SS7_Tutorial.pdf)
|
||
- [Breaking LTE on Layer Two](https://alter-attack.net/)
|
||
|
||
#### Hardware Tools
|
||
- [Fake BTS Detector (SCL-8521)](https://www.shoghicom.com/fake-bts-detector.php)
|
||
|
||
********************************************************************************************************************************
|
||
### Zigbee ALL Stuff
|
||
|
||
- [Introduction and protocol Overview](http://www.informit.com/articles/article.aspx?p=1409785)
|
||
- [Hacking Zigbee Devices with Attify Zigbee Framework](https://blog.attify.com/hack-iot-devices-zigbee-sniffing-exploitation/)
|
||
- [Hands-on with RZUSBstick](https://uk.rs-online.com/web/p/radio-frequency-development-kits/6962415/)
|
||
- [ZigBee & Z-Wave Security Brief](http://www.riverloopsecurity.com/blog/2018/05/zigbee-zwave-part1/)
|
||
- [Hacking ZigBee Networks](https://resources.infosecinstitute.com/topic/hacking-zigbee-networks/)
|
||
- [Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes](https://mews.sv.cmu.edu/papers/wisec-20.pdf)
|
||
- [Security Analysis of Zigbee Networks with Zigator and GNU Radio](https://mews.sv.cmu.edu/research/zigator/testbed-grcon2020-slides.pdf)
|
||
- [Low-Cost ZigBee Selective Jamming](https://www.bastibl.net/reactive-zigbee-jamming/)
|
||
|
||
#### SW Tools
|
||
- [zigbear](https://github.com/philippnormann/zigbear)
|
||
- [ZigDiggity](https://github.com/BishopFox/zigdiggity)
|
||
- [Zigator](https://github.com/akestoridis/zigator)
|
||
- [Z3sec](https://github.com/IoTsec/Z3sec)
|
||
|
||
|
||
#### Hardware Tools for Zigbee
|
||
- [APIMOTE IEEE 802.15.4/ZIGBEE SNIFFING HARDWARE](https://www.riverloopsecurity.com/projects/apimote/)
|
||
- [RaspBee-The Raspberry Pi Zigbee gateway](https://phoscon.de/en/raspbee/)
|
||
- [USRP SDR 2](https://www.ettus.com/products/)
|
||
- [ATUSB IEEE 802.15.4 USB Adapter](http://shop.sysmocom.de/products/atusb)
|
||
- [nRF52840-Dongle](https://www.nordicsemi.com/Software-and-tools/Development-Kits/nRF52840-Dongle)
|
||
|
||
********************************************************************************************************************************
|
||
### BLE Intro and SW-HW Tools to pentest
|
||
|
||
- [Step By Step guide to BLE Understanding and Exploiting](https://github.com/V33RU/BLE-NullBlr)
|
||
- [Traffic Engineering in a Bluetooth Piconet](http://www.diva-portal.org/smash/get/diva2:833159/FULLTEXT01.pdf)
|
||
- [BLE Characteristics](https://devzone.nordicsemi.com/nordic/short-range-guides/b/bluetooth-low-energy/posts/ble-characteristics-a-beginners-tutorial)
|
||
|
||
|
||
#### Bluetooth and BLE Pentest Tools
|
||
|
||
- [btproxy](https://github.com/conorpp/btproxy)
|
||
- [hcitool & bluez](https://www.pcsuggest.com/linux-bluetooth-setup-hcitool-bluez)
|
||
- [Testing With GATT Tool](https://www.jaredwolff.com/blog/get-started-with-bluetooth-low-energy/)
|
||
- [crackle-Cracking encryption](https://github.com/mikeryan/crackle)
|
||
- [bettercap](https://github.com/bettercap/bettercap)
|
||
- [BtleJuice Bluetooth Smart Man-in-the-Middle framework](https://github.com/DigitalSecurity/btlejuice)
|
||
- [gattacker](https://github.com/securing/gattacker)
|
||
- [BTLEjack Bluetooth Low Energy Swiss army knife](https://github.com/virtualabs/btlejack)
|
||
- [bluing-An intelligence gathering tool for hacking Bluetooth](https://github.com/fO-000/bluing)
|
||
- [DEDSEC-Bluetooth-exploit](https://github.com/0xbitx/DEDSEC-Bluetooth-exploit)
|
||
|
||
#### Hardware for bluetooth hacking
|
||
|
||
- [NRFCONNECT - 52840](https://www.nordicsemi.com/Software-and-tools/Development-Kits/nRF52840-Dongle)
|
||
- [EDIMAX](https://www.nordicsemi.com/Software-and-tools/Development-Kits/nRF52840-Dongle)
|
||
- [CSR 4.0](https://www.amazon.in/GENERIC-Ultra-Mini-Bluetooth-Dongle-Adapter/dp/B0117H7GZ6/ref=asc_df_B0117H7GZ6/?tag=googleshopdes-21&linkCode=df0&hvadid=396984700257&hvpos=1o1&hvnetw=g&hvrand=2179727910417729406&hvpone=&hvptwo=&hvqmt=&hvdev=c&hvdvcmdl=&hvlocint=&hvlocphy=9061998&hvtargid=pla-343685677347&psc=1&ext_vrnc=hi)
|
||
- [ESP32 - Development and learning Bluetooth](https://www.espressif.com/en/products/hardware/esp32/overview)
|
||
- [Ubertooth](https://github.com/greatscottgadgets/ubertooth/wiki/Ubertooth-One)
|
||
- [Sena 100](http://www.senanetworks.com/ud100-g03.html)
|
||
- [ESP-WROVER-KIT-VB](https://www.digikey.in/en/products/detail/espressif-systems/ESP-WROVER-KIT-VB/8544301)
|
||
|
||
#### BLE Pentesting Tutorials
|
||
|
||
- [Bluetooth vs BLE Basics](https://github.com/V33RU/BLE-NullBlr)
|
||
- [examining-the-august-smart-lock](https://blog.quarkslab.com/examining-the-august-smart-lock.html)
|
||
- [Finding bugs in Bluetooth](https://bluetooth.lol/)
|
||
- [Intel Edison as Bluetooth LE — Exploit box](https://medium.com/@arunmag/intel-edison-as-bluetooth-le-exploit-box-a63e4cad6580)
|
||
- [How I Reverse Engineered and Exploited a Smart Massager](https://medium.com/@arunmag/how-i-reverse-engineered-and-exploited-a-smart-massager-ee7c9f21bf33)
|
||
- [My journey towards Reverse Engineering a Smart Band — Bluetooth-LE RE](https://medium.com/@arunmag/my-journey-towards-reverse-engineering-a-smart-band-bluetooth-le-re-d1dea00e4de2)
|
||
- [Bluetooth Smartlocks](https://www.getkisi.com/blog/smart-locks-hacked-bluetooth-ble)
|
||
- [I hacked MiBand 3](https://medium.com/@yogeshojha/i-hacked-xiaomi-miband-3-and-here-is-how-i-did-it-43d68c272391)
|
||
- [GATTacking Bluetooth Smart Devices](https://securing.pl/en/gattacking-bluetooth-smart-devices-introducing-a-new-ble-proxy-tool/index.html)
|
||
- [blueooth beacon vulnerability](https://www.beaconzone.co.uk/blog/category/security/)
|
||
- [Sweyntooth Vulnerabilties](https://asset-group.github.io/disclosures/sweyntooth/)
|
||
- [AIRDROP_LEAK - sniffs BLE traffic and displays status messages from Apple devices](https://github.com/hexway/apple_bleee)
|
||
- [BRAKTOOTH: Causing Havoc on Bluetooth Link Manager](https://asset-group.github.io/disclosures/braktooth/)
|
||
- [Practical Introduction to BLE GATT Reverse Engineering: Hacking the Domyos EL500](https://jcjc-dev.com/2023/03/19/reversing-domyos-el500-elliptical/)
|
||
- [MojoBox - yet another not so smartlock](https://mandomat.github.io/2023-03-15-testing-mojobox-security/)
|
||
- [bluetooth-hacking](https://github.com/zedxpace/bluetooth-hacking-)
|
||
|
||
********************************************************************************************************************************
|
||
### DECT (Digital Enhanced Cordless Telecommunications)
|
||
- [Real Time Interception And Monitoring Of A DECT Cordless Telephone](https://www.youtube.com/watch?v=MDF1eUvOte0&ab_channel=RobVK8FOES)
|
||
- [Eavesdropping On Unencrypted DECT Voice Traffic](https://www.youtube.com/watch?v=WBvYsXrs3DI&ab_channel=RobVK8FOES)
|
||
- [Decoding DECT Voice Traffic: In-depth Explanation](https://www.youtube.com/watch?v=oiMkirm_xfY&ab_channel=RobVK8FOES)
|
||
|
||
#### Software Tools && Hardware Tools
|
||
##### Software
|
||
|
||
##### Hardware
|
||
|
||
|
||
********************************************************************************************************************************
|
||
### Mobile security (Android & iOS)
|
||
|
||
- [Android App Reverse Engineering 101](https://maddiestone.github.io/AndroidAppRE/)
|
||
- [Android Application pentesting book](https://www.packtpub.com/hardware-and-creative/learning-pentesting-android-devices)
|
||
- [Android Pentest Video Course-TutorialsPoint](https://www.youtube.com/watch?v=zHknRia3I6s&list=PLWPirh4EWFpESLreb04c4eZoCvJQJrC6H)
|
||
- [IOS Pentesting](https://web.securityinnovation.com/hubfs/iOS%20Hacking%20Guide.pdf?)
|
||
- [OWASP Mobile Security Testing Guide](https://owasp.org/www-project-mobile-security-testing-guide/)
|
||
- [Android Tamer - Android Tamer is a Virtual / Live Platform for Android Security professionals](https://androidtamer.com/)
|
||
|
||
|
||
*******************************************************************************************************************************
|
||
### Online Assemblers
|
||
|
||
- [AZM Online Arm Assembler by Azeria](https://azeria-labs.com/azm/)
|
||
- [Online Disassembler](https://onlinedisassembler.com/odaweb/)
|
||
- [Compiler Explorer is an interactive online compiler which shows the assembly output of compiled C++, Rust, Go](https://godbolt.org/)
|
||
********************************************************************************************************************************
|
||
### ARM
|
||
|
||
- [Azeria Labs](https://azeria-labs.com/)
|
||
- [ARM EXPLOITATION FOR IoT](https://www.exploit-db.com/docs/english/43906-arm-exploitation-for-iot.pdf)
|
||
- [Damn Vulnerable ARM Router (DVAR)](https://blog.exploitlab.net/2018/01/dvar-damn-vulnerable-arm-router.html)
|
||
- [EXPLOIT.EDUCATION](https://exploit.education/)
|
||
|
||
********************************************************************************************************************************
|
||
### Pentesting Firmwares and emulating and analyzing
|
||
|
||
##### Firmware Analysis Tools
|
||
- [EMBA-An analyzer for embedded Linux firmware](https://p4cx.medium.com/emba-b370ce503602)
|
||
- [FACT-Firmware Analysis and Comparison Tool](https://github.com/fkie-cad/FACT_core)
|
||
- [Binwalk](https://github.com/ReFirmLabs/binwalk)
|
||
- [Qiling](https://github.com/qilingframework/qiling)
|
||
- [fwanalyzer](https://github.com/cruise-automation/fwanalyzer)
|
||
- [ByteSweep](https://gitlab.com/bytesweep/bytesweep)
|
||
- [Firmwalker](https://github.com/craigz28/firmwalker)
|
||
- [Checksec.sh](https://github.com/slimm609/checksec.sh)
|
||
- [QEMU](https://www.qemu.org/)
|
||
- [Firmadyne](https://github.com/firmadyne/firmadyne)
|
||
- [Firmware Modification Kit](https://code.google.com/archive/p/firmware-mod-kit/)
|
||
|
||
|
||
##### Resources
|
||
- [Firmware analysis and reversing](https://www.owasp.org/index.php/IoT_Firmware_Analysis)
|
||
- [Reversing 101](https://0xinfection.github.io/reversing/)
|
||
- [IoT Security Verification Standard (ISVS)](https://github.com/OWASP/IoT-Security-Verification-Standard-ISVS)
|
||
- [OWASP Firmware Security Testing Methodology](https://scriptingxss.gitbook.io/firmware-security-testing-methodology/)
|
||
- [Firmware emulation with QEMU](https://www.youtube.com/watch?v=G0NNBloGIvs)
|
||
- [Reversing ESP8266 Firmware](https://boredpentester.com/reversing-esp8266-firmware-part-1/)
|
||
- [Emulating Embedded Linux Devices with QEMU](https://www.novetta.com/2018/02/emulating-embedded-linux-devices-with-qemu/?__cf_chl_captcha_tk__=2167fb6cf097848dbf0dea8e4ecccc66f2a55e55-1585030085-0-AVfO7wG_mHgvnIgeIl-aiKLNW1IMb5IMLyqLOSOLydnZFzhyAyySWgfKvjvllAtYtmpbJjnaTlwyaWiO2kHXH4APqLuott0R7UReYCTZ3u--g4AJBK4eONEL2bTJcAHg3fzmXhrC-3iAqccNQC4jx1RWEz60y_MKFq63NVeoE1pC0EBYWkk7VqDWusBFbgpj6zRNv0ifKLc3oLYJck-oG13jeSbPISVLMCn6bCHVLaTp2gW7qG6GRELIWgdyfP9viyMDSAww3u-R1NmUgRQzctXIYMWH1MdL5p8lqbSpCa160cW3JaZ16IxT7iP1HkCBurx7rCOVP3DAcI8zrc19V9mi-jU9nXIW0Xf9eIpqlUP-R_txfNw4vF10PwIGKmg0Cpl2IDuY1ty3J8koQkdvxfE)
|
||
- [Emulating Embedded Linux Systems with QEMU](https://www.novetta.com/2018/02/emulating-embedded-linux-systems-with-qemu/?__cf_chl_captcha_tk__=9dd83a08cffb28fae75286f63f399c34eec56852-1585030087-0-AblGAUd4LCDVbghNgQyfL5hgPXNC8pUcLIAbPUpx2tBOb_L4gVVc1sZ7Ivg0g--06WpkdpeV-kylZu3T_Yqgr7GdFpc2cKzxATdc_bsEV7uu1ljIctFloHTW_B1vvjFAe3QXdex4kkn2D4HuQiw9WLszvO2Ff8SvvfEpHoBumOavj-c2iXcEb2dDFMoK3_HB_3-y7q_BEAX3xqDCjqz7TpcoIWt-wTSQwRfx-VuBfO87hrTsX43yzq6BNjCE9s15ZQmPp_NouYIHNMnx3augAfkwZBSUA0r43GbA--3jLmJsTe_qvcn7gMz_HAR-GpnA_Usn_cr94VqtyNpl0vEsC1OMf48oBMMoFQJA6Jjn1hGPv5hV4M4aBtJrTnFoRP2YGwxAyNTM3Df9qw1iyBB8r58)
|
||
- [Fuzzing Embedded Linux Devices](https://www.novetta.com/2018/07/fuzzing-embedded-linux-devices/?__cf_chl_captcha_tk__=f07f3f76e61b43f9ae6340e94cf4adeaec87977e-1585030089-0-AYkRNbh1wpUia0P5wBgrRfhf92Uy6Pl2mEEBOXi2FUvxROOJ9obK4ZIS78Y4iCRrMdi3umwQrJEyF0u3EPwHPu3_22f5PwOvVDFC0QwFPyw7LkY5bLuansI_8uoEunuLIEQ1VPIZHFpht1vT0_rW4YrYGc8osJZpubAhXfyZe1G7U_ibpZj9tdrUE6SwgA_Ph0io4LRfbjuvpeM03NHuc1sTTqRVdkWiw47kmr9uSAK10ZmQEvE7zpbpkEJM2slchjdYq6hziM3L5l8vB-eEm_JVxsSHbGfdDM3kSfTw3oXlYkvxvLy_llSyyefuub4yOBrqNgzV1Gj_PDTmuRTMxobGo7vZaRdr2LgOXML58kpG6NTDLb3A4YzwVw9u32ErRh4Ab89vn90RsHlWnU928Oc)
|
||
- [Emulating ARM Router Firmware](https://azeria-labs.com/emulating-arm-firmware/)
|
||
- [Reversing Firmware With Radare](https://www.bored-nerds.com/reversing/radare/automotive/2019/07/07/reversing-firmware-with-radare.html)
|
||
- [Samsung Firmware Magic - Unpacking and Decrypting](https://github.com/chrivers/samsung-firmware-magic)
|
||
- [Qiling & Binary Emulation for automatic unpacking](https://kernemporium.github.io/articles/en/auto_unpacking/m.html)
|
||
- [Reverse engineering with #Ghidra: Breaking an embedded firmware encryption scheme](https://www.youtube.com/watch?v=4urMITJKQQs&ab_channel=stacksmashing)
|
||
- [Simulating and hunting firmware vulnerabilities with Qiling](https://blog.vincss.net/2020/12/pt007-simulating-and-hunting-firmware-vulnerabilities-with-Qiling.html?m=1&s=09)
|
||
|
||
|
||
********************************************************************************************************************************
|
||
### Firmware samples to pentest
|
||
|
||
- [Download From here by firmware.center](https://firmware.center/)
|
||
|
||
********************************************************************************************************************************
|
||
### Symlinks Attacks
|
||
- [Zip Slip Vulnerability](https://security.snyk.io/research/zip-slip-vulnerability)
|
||
|
||
********************************************************************************************************************************
|
||
### Secureboot
|
||
#### Dev
|
||
- [Writing a Bootloader](http://3zanders.co.uk/2017/10/13/writing-a-bootloader/)
|
||
|
||
|
||
#### Hacking
|
||
- [Pwn the ESP32 Secure Boot](https://limitedresults.com/2019/09/pwn-the-esp32-secure-boot/)
|
||
- [Pwn the ESP32 Forever: Flash Encryption and Sec. Boot Keys Extraction](https://limitedresults.com/2019/11/pwn-the-esp32-forever-flash-encryption-and-sec-boot-keys-extraction/)
|
||
- [Amlogic S905 SoC: bypassing the (not so) Secure Boot to dump the BootROM](https://fredericb.info/2016/10/amlogic-s905-soc-bypassing-not-so.html) / [another-link](https://www.cnx-software.com/2016/10/06/hacking-arm-trustzone-secure-boot-on-amlogic-s905-soc/)
|
||
- [Defeating Secure Boot with Symlink Attacks](https://www.anvilsecure.com/blog/defeating-secure-boot-with-symlink-attacks.html)
|
||
- [PS4 Aux Hax 5 & PSVR Secure Boot Hacking with Keys by Fail0verflow!](https://www.psxhax.com/threads/ps4-aux-hax-5-psvr-secure-boot-hacking-with-keys-by-fail0verflow.12820/)
|
||
- [ECLYPSIUM DISCOVERS MULTIPLE VULNERABILITIES AFFECTING 129 DELL MODELS VIA DELL REMOTE OS RECOVERY AND FIRMWARE UPDATE CAPABILITIES](https://eclypsium.com/2021/06/24/biosdisconnect/)
|
||
- [Technical Advisory – U-Boot – Unchecked Download Size and Direction in USB DFU (CVE-2022-2347)](https://research.nccgroup.com/2023/01/20/technical-advisory-u-boot-unchecked-download-size-and-direction-in-usb-dfu-cve-2022-2347/)
|
||
- [Breaking Secure Boot on the Silicon Labs Gecko platform](https://blog.quarkslab.com/breaking-secure-boot-on-the-silicon-labs-gecko-platform.html)
|
||
|
||
********************************************************************************************************************************
|
||
|
||
### Storage Medium
|
||
|
||
#### EMMC HACKING
|
||
- [HARDWARE HACKING 101: IDENTIFYING AND DUMPING EMMC FLASH](https://www.riverloopsecurity.com/blog/2020/03/hw-101-emmc/)
|
||
- [EMMC DATA RECOVERY FROM DAMAGED SMARTPHONE](https://dangerouspayload.com/2018/10/24/emmc-data-recovery-from-damaged-smartphone/)
|
||
- [Another bunch of Atricles for EMMC](https://hackaday.com/tag/emmc/)
|
||
- [Unleash your smart-home devices: Vacuum Cleaning Robot Hacking](https://media.ccc.de/v/34c3-9147-unleash_your_smart-home_devices_vacuum_cleaning_robot_hacking#t=1810)
|
||
- [Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Part 1](https://www.rapid7.com/blog/post/2022/10/18/hands-on-iot-hacking-rapid7-at-def-con-30-iot-village-part-1/)
|
||
|
||
********************************************************************************************************************************
|
||
### Payment Device Security
|
||
|
||
#### ATM Hacking
|
||
- [Introduction to ATM Penetration Testing](https://www.youtube.com/watch?v=Ff-0zXTYhuA)
|
||
- [Pwning ATMs For Fun and Profit](https://www.youtube.com/watch?v=9cG-JL0LHYw)
|
||
- [Jackpotting Automated Teller Machines Redux](https://www.youtube.com/watch?v=4StcW9OPpPc) By Barnaby Jack
|
||
|
||
********************************************************************************************************************************
|
||
|
||
### IoT hardware Overview and Hacking
|
||
|
||
- [IoT Hardware Guide](https://www.postscapes.com/internet-of-things-hardware/)
|
||
- [Intro To Hardware Hacking - Dumping Your First Firmware](https://blog.nvisium.com/intro-to-hardware-hacking-dumping-your-first-firmware)
|
||
|
||
#### Hardware Gadgets to pentest
|
||
|
||
- [Bus Pirate](https://www.sparkfun.com/products/12942)
|
||
- [EEPROM reader/SOIC Cable](https://www.sparkfun.com/products/13153)
|
||
- [Jtagulator/Jtagenum](https://www.adafruit.com/product/1550)
|
||
- [Logic Analyzer](https://www.saleae.com/)
|
||
- [The Shikra](https://int3.cc/products/the-shikra)
|
||
- [FaceDancer21 (USB Emulator/USB Fuzzer)](https://int3.cc/products/facedancer21)
|
||
- [RfCat](https://int3.cc/products/rfcat)
|
||
- [Hak5Gear- Hak5FieldKits](https://hakshop.com/)
|
||
- [Ultra-Mini Bluetooth CSR 4.0 USB Dongle Adapter](https://www.ebay.in/itm/Ultra-Mini-Bluetooth-CSR-4-0-USB-Dongle-Adapter-Black-Golden-with-2-yr-wrnty-/332302813975)
|
||
- [Attify Badge - UART, JTAG, SPI, I2C (w/ headers)](https://www.attify-store.com/products/attify-badge-assess-security-of-iot-devices)
|
||
|
||
|
||
#### Attacking Hardware Interfaces
|
||
|
||
- [An Introduction to Hardware Hacking](https://securityboulevard.com/2020/09/an-introduction-to-hardware-hacking/)
|
||
- [Serial Terminal Basics](https://learn.sparkfun.com/tutorials/terminal-basics/all)
|
||
- [Reverse Engineering Serial Ports](http://www.devttys0.com/2012/11/reverse-engineering-serial-ports/)
|
||
- [REVERSE ENGINEERING ARCHITECTURE AND PINOUT OF CUSTOM ASICS](https://sec-consult.com/en/blog/2019/02/reverse-engineering-architecture-pinout-plc/)
|
||
- [ChipWhisperer - Hardware attacks](http://wiki.newae.com/Main_Page)
|
||
- [Hardware hacking tutorial: Dumping and reversing firmware](https://ivanorsolic.github.io/post/hardwarehacking1/)
|
||
|
||
|
||
#### SPI
|
||
|
||
- [Reading FlashROMS - Youtube](https://www.youtube.com/results?search_query=reading+chip+flash+rom)
|
||
- [Dumping the firmware From Router using BUSPIRATE - SPI Dump](https://www.iotpentest.com/2019/06/dumping-firmware-from-device-using.html)
|
||
- [How to Flash Chip of a Router With a Programmer | TP-Link Router Repair & MAC address change](https://www.youtube.com/watch?v=fbt4OJXJdOc&ab_channel=ElectricalProjects%5BCreativeLab%5D)
|
||
- [Extracting Flash Memory over SPI](https://akimbocore.com/article/extracting-flash-memory-over-spi/)
|
||
- [Extracting Firmware from Embedded Devices (SPI NOR Flash)](https://www.youtube.com/watch?v=nruUuDalNR0&ab_channel=FlashbackTeam)
|
||
- [SPI-Blogs](https://www.google.com/search?q=%22spi+dump%22&source=hp&ei=5jv9YaW6JNvl2roPgbGqMA&iflsig=AHkkrS4AAAAAYf1J9qNY6Snarz3dsHr9KXF1YSY6AKVL&ved=0ahUKEwilxY3apOb1AhXbslYBHYGYCgYQ4dUDCAg&uact=5&oq=%22spi+dump%22&gs_lcp=Cgdnd3Mtd2l6EAMyBggAEBYQHjIGCAAQFhAeMgYIABAWEB4yBggAEBYQHjIGCAAQFhAeMgYIABAWEB4yBggAEBYQHjIGCAAQFhAeMgYIABAWEB4yCAgAEBYQChAeUABYAGC-A2gAcAB4AIABYIgBYJIBATGYAQCgAQKgAQE&sclient=gws-wiz)
|
||
|
||
#### UART
|
||
|
||
- [Identifying UART interface](https://www.mikroe.com/blog/uart-serial-communication)
|
||
- [onewire-over-uart](https://github.com/dword1511/onewire-over-uart)
|
||
- [Accessing sensor via UART](http://home.wlu.edu/~levys/courses/csci250s2017/SensorsSignalsSerialSockets.pdf)
|
||
- [Using UART to connect to a chinese IP cam](https://www.davidsopas.com/using-uart-to-connect-to-a-chinese-ip-cam/)
|
||
- [A journey into IoT – Hardware hacking: UART](https://techblog.mediaservice.net/2019/03/a-journey-into-iot-hardware-hacking-uart/)
|
||
- [UARTBruteForcer](https://github.com/FireFart/UARTBruteForcer)
|
||
- [UART Connections and Dynamic analysis on Linksys e1000](https://www.youtube.com/watch?v=ix6rSV2Dj44&ab_channel=Defenceindepth)
|
||
- [Accessing and Dumping Firmware Through UART](https://www.cyberark.com/resources/threat-research-blog/accessing-and-dumping-firmware-through-uart)
|
||
- [UART Exploiter](https://github.com/exploitsecurityio/uart-exploiter)
|
||
|
||
#### JTAG
|
||
|
||
- [HARDWARE HACKING 101: INTRODUCTION TO JTAG](https://www.riverloopsecurity.com/blog/2021/05/hw-101-jtag/)
|
||
- [How To Find The JTAG Interface - Hardware Hacking Tutorial](https://www.youtube.com/watch?v=_FSM_10JXsM&ab_channel=MakeMeHack)
|
||
- [Buspirate JTAG Connections - Openocd](https://research.kudelskisecurity.com/2014/05/01/jtag-debugging-made-easy-with-bus-pirate-and-openocd/#:~:text=The%20Bus%20Pirate%20is%20an,protocols%20like%20I%C2%B2C%20and%20SPI.)
|
||
- [Extracting Firmware from External Memory via JTAG](https://www.youtube.com/watch?v=IadnBUJAvks&ab_channel=JoeGrand)
|
||
- [Analyzing JTAG](https://nse.digital/pages/guides/hardware/jtag.html)
|
||
- [The hitchhacker’s guide to iPhone Lightning & JTAG hacking](https://media.defcon.org/DEF%20CON%2030/DEF%20CON%2030%20presentations/stacksmashing%20-%20The%20hitchhackers%20guide%20to%20iPhone%20Lightning%20%20%20JTAG%20hacking.pdf)
|
||
|
||
|
||
#### SideChannel Attacks
|
||
|
||
- [Side channel attacks](https://yifan.lu/)
|
||
- [Attacks on Implementations of Secure Systems](https://github.com/Yossioren/AttacksonImplementationsCourseBook)
|
||
- [fuzzing, binary analysis, IoT security, and general exploitation](https://github.com/0xricksanchez/paper_collection)
|
||
- [Espressif ESP32: Bypassing Encrypted Secure Boot(CVE-2020-13629)](https://raelize.com/blog/espressif-esp32-bypassing-encrypted-secure-boot-cve-2020-13629/)
|
||
- [Breaking AES with ChipWhisperer - Piece of scake (Side Channel Analysis 100)](https://www.youtube.com/watch?v=FktI4qSjzaE&ab_channel=LiveOverflow)
|
||
- [Researchers use Rowhammer bit flips to steal 2048-bit crypto key](https://arstechnica.com/information-technology/2019/06/researchers-use-rowhammer-bitflips-to-steal-2048-bit-crypto-key/)
|
||
|
||
#### Glitching attacks
|
||
|
||
- [NAND Glitching Attack](http://www.brettlischalk.com/posts/nand-glitching-wink-hub-for-root)
|
||
- [Tutorial CW305-4 Voltage Glitching with Crowbars](https://wiki.newae.com/index.php?title=Tutorial_CW305-4_Voltage_Glitching_with_Crowbars&mobileaction=toggle_view_mobile)
|
||
- [Voltage Glitching Attack using SySS iCEstick Glitcher](https://www.youtube.com/watch?v=FVUhVewFmxw&feature=youtu.be&ab_channel=SySSPentestTV)
|
||
- [Samy Kamkar - FPGA Glitching & Side Channel Attacks](https://www.youtube.com/watch?v=oGndiX5tvEk)
|
||
- [Hardware Power Glitch Attack (Fault Injection) - rhme2 Fiesta (FI 100)](https://www.youtube.com/watch?v=6Pf3pY3GxBM&ab_channel=LiveOverflow)
|
||
- [Keys in flash - Glitching AES keys from an Arduino / ATmega with a camera flash](https://srfilipek.medium.com/keys-in-a-flash-3e984d0de54b)
|
||
- [Implementing Practical Electrical Glitching Attacks](blackhat.com/docs/eu-15/materials/eu-15-Giller-Implementing-Electrical-Glitching-Attacks.pdf)
|
||
|
||
********************************************************************************************************************************
|
||
### Awesome IoT Pentesting Guides
|
||
|
||
- [Shodan Pentesting Guide](https://community.turgensec.com/shodan-pentesting-guide/)
|
||
- [Car Hacking Practical Guide 101](https://medium.com/@yogeshojha/car-hacking-101-practical-guide-to-exploiting-can-bus-using-instrument-cluster-simulator-part-i-cd88d3eb4a53)
|
||
- [OWASP Firmware Security Testing Methodology
|
||
](https://scriptingxss.gitbook.io/firmware-security-testing-methodology/)
|
||
- [Awesome-bluetooth-security](https://github.com/engn33r/awesome-bluetooth-security)
|
||
|
||
********************************************************************************************************************************
|
||
|
||
### Fuzzing Things
|
||
- [OWASP Fuzzing Info](https://owasp.org/www-community/Fuzzing)
|
||
- [Fuzzing_ICS_protocols](https://1modm.github.io/Fuzzing_ICS_protocols.html)
|
||
- [Fuzzowski - the Network Protocol Fuzzer that we will want to use](https://hakin9.org/fuzzowski-the-network-protocol-fuzzer-that-we-will-want-to-use/)
|
||
- [Fuzz Testing of Application Reliability](https://pages.cs.wisc.edu/~bart/fuzz/)
|
||
- [FIRM-AFL : High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation](https://www.usenix.org/conference/usenixsecurity19/presentation/zheng)
|
||
- [Snipuzz : Black-box Fuzzing of IoT Firmware via Message Snippet Inference](https://arxiv.org/pdf/2105.05445.pdf)
|
||
- [fuzzing-iot-binaries] - [part1](https://blog.attify.com/fuzzing-iot-devices-part-1/) / [part2](https://blog.attify.com/fuzzing-iot-binaries-with-afl-part-ii/)
|
||
- [Modern Vulnerability Research Techniques on Embedded Systems](https://breaking-bits.gitbook.io/breaking-bits/vulnerability-discovery/reverse-engineering/modern-approaches-toward-embedded-research)
|
||
- [FuzzingPaper](https://github.com/wcventure/FuzzingPaper/tree/master/Paper)
|
||
- [Exercises to learn how to fuzz with American Fuzzy Lop](https://github.com/mykter/afl-training)
|
||
- [Broadcom and Cypress firmware emulation for fuzzing and further full-stack debugging](https://github.com/seemoo-lab/frankenstein)
|
||
- [Bluetooth experimentation framework for Broadcom and Cypress chips.](https://github.com/seemoo-lab/internalblue)
|
||
|
||
|
||
********************************************************************************************************************************
|
||
### FlipperZero
|
||
|
||
#### Custom firmwares
|
||
- Flipper Zero Unleashed Firmware : https://github.com/DarkFlippers/unleashed-firmware
|
||
- RogueMaster Flipper Zero Firmware : https://github.com/RogueMaster/flipperzero-firmware-wPlugins
|
||
-
|
||
#### Interesting research
|
||
- CVE-2022-40363 : [Exploiting Flipper Zero’s NFC file loader](https://vvx7.io/posts/2022/09/your-amiibos-haunted/)
|
||
|
||
#### Flipperzero101
|
||
- [Flipper Zero - Starter Guide](https://www.youtube.com/watch?v=MJd6qugqHg8&ab_channel=PenAce)
|
||
- [A collection of Awesome resources for the Flipper Zero device.](https://github.com/djsime1/awesome-flipperzero)
|
||
|
||
#### Cool Hacks
|
||
- [Flipper Zero - Starter Guide](https://www.youtube.com/watch?v=MJd6qugqHg8&ab_channel=PenAce)
|
||
|
||
********************************************************************************************************************************
|
||
### ICS
|
||
|
||
- [ICS-Security](https://github.com/V33RU/IoTSecurity101/blob/master/ICS/Industrial%20Control%20Systems.md)
|
||
|
||
|
||
********************************************************************************************************************************
|
||
### Automotive
|
||
- [Automotive-Security](https://github.com/V33RU/IoTSecurity101/blob/master/Automotive-Security.md)
|
||
|
||
|
||
********************************************************************************************************************************
|
||
### Vulnerable IoT and Hardware Applications
|
||
|
||
- IoT : https://github.com/Vulcainreo/DVID
|
||
|
||
- Safe : https://insinuator.net/2016/01/damn-vulnerable-safe/
|
||
|
||
- IoT-vulhub : https://vulntotal-team.github.io/IoT-vulhub/#%E5%AE%89%E8%A3%85
|
||
|
||
- Router : https://github.com/praetorian-code/DVRF
|
||
|
||
- SCADA : https://www.slideshare.net/phdays/damn-vulnerable-chemical-process
|
||
|
||
- PI : https://whitedome.com.au/re4son/sticky-fingers-dv-pi/
|
||
|
||
- SS7 Network: https://www.blackhat.com/asia-17/arsenal.html#damn-vulnerable-ss7-network
|
||
|
||
- VoIP : https://www.vulnhub.com/entry/hacklab-vulnvoip,40/
|
||
|
||
- Hardware Hacking 101 : https://github.com/rdomanski/hardware_hacking
|
||
|
||
- RHME-2015 : https://github.com/Riscure/RHme-2015
|
||
|
||
- RHME-2016 : https://github.com/Riscure/Rhme-2016
|
||
|
||
- RHME-2017 : https://github.com/Riscure/Rhme-2017
|
||
- ### CTF For IoT And Embeddded
|
||
|
||
#### Awesome Hardware, IoT, Firmware, ARM, and Reverse Engineering CTFs and Platforms
|
||
|
||
#### Hardware CTFs
|
||
|
||
- [BLE CTF](https://github.com/hackgnar/ble_ctf) - A framework focused on Bluetooth Low Energy security.
|
||
- [Rhme-2016](https://github.com/Riscure/Rhme-2016) - Riscure's hardware security competition for 2016.
|
||
- [Rhme-2017](https://github.com/Riscure/Rhme-2017) - Riscure's hardware security competition for 2017.
|
||
|
||
#### IoT CTFs
|
||
|
||
- [IoTGoat](https://github.com/scriptingxss/IoTGoat) - Deliberately insecure firmware based on OpenWrt for IoT security training.
|
||
- [IoT Village CTF](https://www.iotvillage.org/) - A Capture The Flag event specifically focused on IoT security.
|
||
- [IoTSec CTF](https://ctf.iotsec.io/) - Offers IoT related challenges for continuous learning.
|
||
|
||
#### Firmware CTFs
|
||
|
||
- [Damn Vulnerable ARM Router](https://blog.exploitlab.net/2018/01/dvar-damn-vulnerable-arm-router.html) - A deliberately vulnerable ARM router for exploitation practice.
|
||
- [Firmware Security Training & CTF](https://github.com/0x6d696368/RouterAnalysisToolkit) - Firmware analysis tools and challenges by Router Analysis Toolkit.
|
||
|
||
#### ARM CTFs
|
||
|
||
- [ARM-X CTF](https://github.com/therealsaumil/armx) - A set of challenges focused on ARM exploitation.
|
||
- [Azeria Labs ARM Challenges](https://azeria-labs.com/writing-arm-assembly-part-1/) - Offers ARM assembly challenges and tutorials.
|
||
|
||
#### Reverse Engineering CTFs
|
||
|
||
- [Microcorruption](https://www.microcorruption.com/) - Embedded security CTF focusing on lock systems.
|
||
- [Pwnable.kr](https://pwnable.kr/) - Offers various reverse engineering challenges.
|
||
|
||
#### Platforms for Continuous Learning
|
||
|
||
- [Hack The Box](https://www.hackthebox.eu/) - Platform offering a range of challenges, including hardware and reverse engineering.
|
||
- [Root Me](https://www.root-me.org/) - Platform with various types of challenges including hardware and reverse engineering.
|
||
- [CTFtime](https://ctftime.org/) - Lists various CTFs, including those in hardware, IoT, and firmware.
|
||
|
||
|
||
|
||
********************************************************************************************************************************
|
||
## follow the people
|
||
|
||
- [Jilles](https://twitter.com/jilles_com)
|
||
- [Joe Fitz](https://twitter.com/securelyfitz)
|
||
- [Aseem Jakhar](https://twitter.com/aseemjakhar)
|
||
- [Cybergibbons](https://twitter.com/cybergibbons)
|
||
- [Jasper](https://twitter.com/jzvw)
|
||
- [Dave Jones](https://twitter.com/eevblog)
|
||
- [bunnie](https://twitter.com/bunniestudios)
|
||
- [Ilya Shaposhnikov](https://twitter.com/drakylar)
|
||
- [Mark C.](https://twitter.com/LargeCardinal)
|
||
- [A-a-ron Guzman](https://twitter.com/scriptingxss)
|
||
- [Yashin Mehaboobe](https://twitter.com/YashinMehaboobe)
|
||
- [Arun Magesh](https://www.linkedin.com/in/marunmagesh)
|
||
- [Mr-IoT](https://twitter.com/v33riot)
|
||
- [QKaiser](https://twitter.com/qkaiser)
|
||
- [9lyph](https://twitter.com/9lyph)
|