books/awesome-connected-things-sec
1
0
Fork 0
mirror of https://github.com/V33RU/awesome-connected-things-sec.git synced 2026-04-10 12:33:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
8a17126808325e8297375f3784f931532a88ab5a
awesome-connected-things-sec/README.md
Mr-IoT 8a17126808 Update README.md
2020-05-10 20:12:53 +05:30

451 lines
28 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# IoT Pentesting 101 && IoT Security 101 ![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)
********************************************************************************************************************************
## Approach Methodology
##### 1. Network
##### 2. Web (Front & Backend and Web services
##### 3. Mobile App (Android & iOS)
##### 4. Wireless Connectivity (Zigbee , WiFi , Bluetooth , etc)
##### 5. Firmware Pentesting (OS of IoT Devices)
##### 6. Hardware Hacking & Fault Injections & SCA Attacks
##### 7. Storage Medium
##### 8. I/O Ports
********************************************************************************************************************************
### To seen Hacked devices
- https://blog.exploitee.rs/2018/10/
- https://www.exploitee.rs/
- https://forum.exploitee.rs/
- [Your Lenovo Watch X Is Watching You & Sharing What It Learns](https://www.checkmarx.com/blog/lenovo-watch-watching-you/)
- [Your Smart Scale is Leaking More than Your Weight: Privacy Issues in IoT](https://www.checkmarx.com/blog/smart-scale-privacy-issues-iot/)
- [Smart Bulb Offers Light, Color, Music, and… Data Exfiltration?](https://www.checkmarx.com/blog/smart-bulb-exfiltration/)
- [Besder-IPCamera analysis](http://blog.0x42424242.in/2019/04/besder-investigative-journey-part-1_24.html)
- [Smart Lock](https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/)
- [Subaru Head Unit Jailbreak](https://github.com/sgayou/subaru-starlink-research/blob/master/doc/README.md)
- [Jeep Hack](http://illmatics.com/Remote%20Car%20Hacking.pdf)
- [Dropcam hacking](https://www.defcon.org/images/defcon-22/dc-22-presentations/Moore-Wardle/DEFCON-22-Colby-Moore-Patrick-Wardle-Synack-DropCam-Updated.pdf)
********************************************************************************************************************************
### Chat groups for IoT Security
- <https://t.me/iotsecurity1011>
- <https://www.reddit.com/r/IoTSecurity101/>
- <https://t.me/hardwareHackingBrasil>
- <https://t.me/joinchat/JAMxOg5YzdkGjcF3HmNgQw>
- https://discord.gg/EH9dxT9
********************************************************************************************************************************
### Books For IoT Pentesting
- [Android Hacker's Handbook](https://www.amazon.in/Android-Hackers-Handbook-MISL-WILEY-Joshua/dp/812654922X)
- [Hacking the Xbox](https://www.nostarch.com/xboxfree) - Openbook
- [Car hacker's handbook](http://opengarages.org/handbook)
- [IoT Penetration Testing Cookbook](https://www.packtpub.com/networking-and-servers/iot-penetration-testing-cookbook)
- [Abusing the Internet of Things](https://www.amazon.in/Abusing-Internet-Things-Blackouts-Freakouts-ebook/dp/B013VQ7N36)
- [Hardware Hacking: Have Fun while Voiding your Warranty](https://www.elsevier.com/books/hardware-hacking/grand/978-1-932266-83-2)
- [Linksys WRT54G Ultimate Hacking](https://www.amazon.com/Linksys-WRT54G-Ultimate-Hacking-Asadoorian/dp/1597491667)
- [Linux Binary Analysis](https://www.packtpub.com/networking-and-servers/learning-linux-binary-analysis)
- [The Firmware Handbook](https://www.amazon.com/Firmware-Handbook-Embedded-Technology/dp/075067606X)
- [Hardware Hacking Handbook](https://books.google.co.in/books?id=DEqatAEACAAJ&source=gbs_navlinks_s)
- [inside radio attack and defense](https://books.google.co.in/books?id=71NSDwAAQBAJ&printsec=copyright&redir_esc=y#v=onepage&q&f=false)
- [Pentest Hardware](https://github.com/unprovable/PentestHardware/) - Openbook
- [The Art of Pcb Reverse Engineering](https://www.amazon.in/Art-Pcb-Reverse-Engineering-Unravelling/dp/1499323441)
- [Internet of Things Security Encyclopedia](https://iot-security.wiki/) - Openbook
********************************************************************************************************************************
### Blogs for iotpentest
1. https://payatu.com/blog/
2. http://jcjc-dev.com/
3. https://w00tsec.blogspot.in/
4. http://www.devttys0.com/
5. https://www.rtl-sdr.com/
6. https://keenlab.tencent.com/en/
7. https://courk.cc/
8. https://iotsecuritywiki.com/
9. https://cybergibbons.com/
10. http://firmware.re/
11. https://iotmyway.wordpress.com/
12. http://blog.k3170makan.com/
13. https://blog.tclaverie.eu/
14. http://blog.besimaltinok.com/category/iot-pentest/
15. https://ctrlu.net/
16. http://iotpentest.com/
17. https://blog.attify.com
18. https://duo.com/decipher/
19. http://www.sp3ctr3.me
20. http://blog.0x42424242.in/
21. https://dantheiotman.com/
22. https://blog.danman.eu/
23. https://quentinkaiser.be/
24. https://blog.quarkslab.com
25. https://blog.ice9.us/
26. https://labs.f-secure.com/
27. https://mg.lol/blog/
28. https://cjhackerz.net/
29. https://github.com/sponsors/bunnie/
********************************************************************************************************************************
### Awesome CheatSheets
- [Hardware Hacking](https://github.com/arunmagesh/hw_hacking_cheatsheet)
- [Nmap](https://github.com/gnebbia/nmap_tutorial)
********************************************************************************************************************************
### Search Engines for IoT Openly devices
- [Shodan](https://www.shodan.io/)
- [FOFA](https://fofa.so/?locale=en)
- [Censys](https://censys.io/)
- [Zoomeye](https://www.zoomeye.org/about)
- [ONYPHE](https://www.onyphe.io/)
********************************************************************************************************************************
### CTF For IoT's And Embeddded
- https://github.com/hackgnar/ble_ctf
- https://www.microcorruption.com/
- https://github.com/Riscure/Rhme-2016
- https://github.com/Riscure/Rhme-2017
- https://blog.exploitlab.net/2018/01/dvar-damn-vulnerable-arm-router.html
- https://github.com/scriptingxss/IoTGoat
********************************************************************************************************************************
### YouTube Channels for IoT Pentesting
- [Liveoverflow](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w)
- [Binary Adventure](https://www.youtube.com/channel/UCSLlgiYtOXZnYPba_W4bHqQ)
- [EEVBlog](https://www.youtube.com/user/EEVblog)
- [JackkTutorials](https://www.youtube.com/channel/UC64x_rKHxY113KMWmprLBPA)
- [Craig Smith](https://www.youtube.com/channel/UCxC8G4Oeed4N0-GVeDdFoSA)
- [iotpentest [Mr-IoT]](https://www.youtube.com/channel/UCe2mJv2FPRFhYJ7dvNdYR4Q)
- [Besim ALTINOK - IoT - Hardware - Wireless](https://www.youtube.com/channel/UCnIV7A3kDL4JXJEljpW6TRQ/playlists)
- [Ghidra Ninja](https://www.youtube.com/channel/UC3S8vxwRfqLBdIhgRlDRVzw)
- [Cyber Gibbons](https://www.youtube.com/channel/UC_IYERSoSwdR7AA5P41mYTA)
10. [Scanline](https://www.youtube.com/channel/UCaEgw3321ct_PE4PJvdhXEQ)
********************************************************************************************************************************
### Vehicle Security Resources
- https://github.com/jaredthecoder/awesome-vehicle-security
********************************************************************************************************************************
### IoT Vulnerabilites Checking Guides
- [Reflecting upon OWASP TOP-10 IoT Vulnerabilities](https://embedi.org/blog/reflecting-upon-owasp-top-10-iot-vulnerabilities/)
- [OWASP IoT Top 10 2018 Mapping Project](https://scriptingxss.gitbook.io/owasp-iot-top-10-mapping-project/)
- [Firmware Pentest Guide](https://scriptingxss.gitbook.io/firmware-security-testing-methodology/)
- [Hardware toolkits for IoT security analysis](https://defcon-nn.ru/0x0B/Hardware%20toolkits%20for%20IoT%20security%20analysis.pdf)
********************************************************************************************************************************
### IoT Gateway Software
- [Webthings by Mozilla - RaspberryPi](https://iot.mozilla.org/docs/gateway-getting-started-guide.html)
********************************************************************************************************************************
### Labs for Practice
- [IoT Goat](https://github.com/scriptingxss/IoTGoat)
********************************************************************************************************************************
### IoT Pentesting OSes
- [Sigint OS- LTE IMSI Catcher](https://www.sigintos.com/downloads/)
- [Instatn-gnuradio OS - For Radio Signals Testing](https://github.com/bastibl/instant-gnuradio)
- [AttifyOS - IoT Pentest OS - by Aditya Gupta](https://github.com/adi0x90/attifyos)
- [Ubutnu Best Host Linux for IoT's - Use LTS](https://www.ubuntu.com/)
- [Internet of Things - Penetration Testing OS](https://github.com/IoT-PTv)
- [Dragon OS - DEBIAN LINUX WITH PREINSTALLED OPEN SOURCE SDR SOFTWARE](https://www.rtl-sdr.com/dragonos-debian-linux-with-preinstalled-open-source-sdr-software/)
- [EmbedOS - Embedded security testing virtual machine](https://github.com/scriptingxss/EmbedOS)
- [Skywave Linux- Software Defined Radio for Global Online Listening](https://skywavelinux.com/)
- [A Small, Scalable Open Source RTOS for IoT Embedded Devices](https://www.zephyrproject.org/)
********************************************************************************************************************************
### Exploitation Tools
- [Expliot - IoT Exploitation framework - by Aseemjakhar](https://gitlab.com/expliot_framework/expliot)
- [Routersploit (Exploitation Framework for Embedded Devices)](https://github.com/threat9/routersploit)
- [IoTSecFuzz (comprehensive testing for IoT device)](https://gitlab.com/invuls/iot-projects/iotsecfuzz)
- [https://github.com/ElevenPaths/HomePWN](https://github.com/ElevenPaths/HomePWN)
- [killerbee - Zigbee exploitation](https://github.com/riverloopsec/killerbee)
- [PRET - Printer Exploitation Toolkit](https://github.com/RUB-NDS/PRET)
- [HAL The Hardware Analyzer](https://github.com/emsec/hal)
- [FwAnalyzer (Firmware Analyzer)](https://github.com/cruise-automation/fwanalyzer)
********************************************************************************************************************************
### Reverse Engineering Tools
- [IDA Pro](https://www.youtube.com/watch?v=fgMl0Uqiey8)
- [GDB](https://www.youtube.com/watch?v=fgMl0Uqiey8)
- [Radare2](https://radare.gitbooks.io/radare2book/content/) | [cutter](https://cutter.re/)
- [Ghidra](https://ghidra-sre.org/)
********************************************************************************************************************************
## Introduction
- [Introduction to IoT](https://en.wikipedia.org/wiki/Internet_of_things)
- [IoT Architecture](https://www.c-sharpcorner.com/UploadFile/f88748/internet-of-things-part-2/)
- [IoT attack surface](https://www.owasp.org/index.php/IoT_Attack_Surface_Areas)
- [IoT Protocols Overview](https://www.postscapes.com/internet-of-things-protocols/)
********************************************************************************************************************************
### IoT Web and message services
#### MQTT
- [Introduction](https://www.hivemq.com/blog/mqtt-essentials-part-1-introducing-mqtt)
- [Hacking the IoT with MQTT](https://morphuslabs.com/hacking-the-iot-with-mqtt-8edaf0d07b9b)
- [thoughts about using IoT MQTT for V2V and Connected Car from CES 2014](https://mobilebit.wordpress.com/tag/mqtt/)
- [Nmap](https://nmap.org/nsedoc/lib/mqtt.html)
- [The Seven Best MQTT Client Tools](https://www.hivemq.com/blog/seven-best-mqtt-client-tools)
- [A Guide to MQTT by Hacking a Doorbell to send Push Notifications](https://youtu.be/J_BAXVSVPVI)
- [Are smart homes vulnerable to hacking](https://blog.avast.com/mqtt-vulnerabilities-hacking-smart-homes)
#### Softwares
- [Mosquitto](https://mosquitto.org/)
- [HiveMQ](https://www.hivemq.com/)
- [MQTT Explorer](http://mqtt-explorer.com/)
#### CoAP
- [Introduction](http://coap.technology/)
- [CoAP client Tools](http://coap.technology/tools.html)
- [CoAP Pentest Tools](https://bitbucket.org/aseemjakhar/expliot_framework)
- [Nmap](https://nmap.org/nsedoc/lib/coap.html)
********************************************************************************************************************************
### Automobile
CanBus
- [Introduction and protocol Overview](https://www.youtube.com/watch?v=FqLDpHsxvf8)
- [PENTESTING VEHICLES WITH CANTOOLZ](https://www.blackhat.com/docs/eu-16/materials/eu-16-Sintsov-Pen-Testing-Vehicles-With-Cantoolz.pdf)
- [Building a Car Hacking Development Workbench: Part1](https://blog.rapid7.com/2017/07/11/building-a-car-hacking-development-workbench-part-1/)
- [CANToolz - Black-box CAN network analysis framework](https://github.com/CANToolz/CANToolz)
- [PLAYING WITH CAN BUS](https://blog.danman.eu/playing-with-can-bus/)
********************************************************************************************************************************
### Radio IoT Protocols Overview
- [SDR Notes](https://github.com/notpike/SDR-Notes)
- [Understanding Radio](https://www.taitradioacademy.com/lessons/introduction-to-radio-communications-principals/)
- [Signal Processing]()
- [Software Defined Radio](https://www.allaboutcircuits.com/technical-articles/introduction-to-software-defined-radio/)
- [Gnuradio](https://wiki.gnuradio.org/index.php/Guided_Tutorial_GRC#Tutorial:_GNU_Radio_Companion)
- [Creating a flow graph](https://blog.didierstevens.com/2017/09/19/quickpost-creating-a-simple-flow-graph-with-gnu-radio-companion/)
- [Analysing radio signals](https://www.rtl-sdr.com/analyzing-433-mhz-transmitters-rtl-sdr/)
- [Recording specific radio signal](https://www.rtl-sdr.com/freqwatch-rtl-sdr-frequency-scanner-recorder/)
- [Replay Attacks](https://www.rtl-sdr.com/tutorial-replay-attacks-with-an-rtl-sdr-raspberry-pi-and-rpitx/)
********************************************************************************************************************************
### Base transceiver station (BTS
- [what is base tranceiver station](https://en.wikipedia.org/wiki/Base_transceiver_station)
- [How to Build Your Own Rogue GSM BTS](https://www.evilsocket.net/2016/03/31/how-to-build-your-own-rogue-gsm-bts-for-fun-and-profit/)
********************************************************************************************************************************
### GSM & SS7 Pentesting
- [Introduction to GSM Security](http://www.pentestingexperts.com/introduction-to-gsm-security/)
- [GSM Security 2 ](https://www.ehacking.net/2011/02/gsm-security-2.html)
- [vulnerabilities in GSM security with USRP B200](https://ieeexplore.ieee.org/document/7581461/)
- [Security Testing 4G (LTE) Networks](https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-44con-lte-presentation-2012-09-11.pdf)
- [Case Study of SS7/SIGTRAN Assessment](https://nullcon.net/website/archives/pdf/goa-2017/case-study-of-SS7-sigtran.pdf)
- [Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP](https://github.com/SigPloiter/SigPloit)
- [ss7MAPer A SS7 pen testing toolkit](https://n0where.net/ss7-pentesting-toolkit-ss7maper)
- [Introduction to SIGTRAN and SIGTRAN Licensing](https://www.youtube.com/watch?v=XUY6pyoRKsg)
- [SS7 Network Architecture](https://youtu.be/pg47dDUL1T0)
- [Introduction to SS7 Signaling](https://www.patton.com/whitepapers/Intro_to_SS7_Tutorial.pdf)
- [Breaking LTE on Layer Two](https://alter-attack.net/)
********************************************************************************************************************************
### Zigbee & Zwave
- [Introduction and protocol Overview](http://www.informit.com/articles/article.aspx?p=1409785)
- [Hacking Zigbee Devices with Attify Zigbee Framework](https://blog.attify.com/hack-iot-devices-zigbee-sniffing-exploitation/)
- [Hands-on with RZUSBstick](https://uk.rs-online.com/web/p/radio-frequency-development-kits/6962415/)
- [ZigBee & Z-Wave Security Brief](http://www.riverloopsecurity.com/blog/2018/05/zigbee-zwave-part1/)
********************************************************************************************************************************
### BLE Intro and SW & HW Tools to pentest
- [Step By Step guide to BLE Understanding and Exploiting](https://github.com/V33RU/BLE-NullBlr)
- [Traffic Engineering in a Bluetooth Piconet](http://www.diva-portal.org/smash/get/diva2:833159/FULLTEXT01.pdf)
- [BLE Characteristics](https://devzone.nordicsemi.com/nordic/short-range-guides/b/bluetooth-low-energy/posts/ble-characteristics-a-beginners-tutorial)
#### Bluetooth and BLE Pentest Tools
- [btproxy](https://github.com/conorpp/btproxy)
- [hcitool & bluez](https://www.pcsuggest.com/linux-bluetooth-setup-hcitool-bluez)
- [Testing With GATT Tool](https://www.jaredwolff.com/blog/get-started-with-bluetooth-low-energy/)
- [Cracking encryption](https://github.com/mikeryan/crackle)
- [bettercap](https://github.com/bettercap/bettercap)
- [BtleJuice Bluetooth Smart Man-in-the-Middle framework](https://github.com/DigitalSecurity/btlejuice)
- [gattacker](https://github.com/securing/gattacker)
- [BTLEjack Bluetooth Low Energy Swiss army knife](https://github.com/virtualabs/btlejack)
#### Hardware
- [NRFCONNECT - 52840](https://www.nordicsemi.com/Software-and-tools/Development-Kits/nRF52840-Dongle)
- [EDIMAX](https://www.nordicsemi.com/Software-and-tools/Development-Kits/nRF52840-Dongle)
- [CSR 4.0](https://www.amazon.in/GENERIC-Ultra-Mini-Bluetooth-Dongle-Adapter/dp/B0117H7GZ6/ref=asc_df_B0117H7GZ6/?tag=googleshopdes-21&linkCode=df0&hvadid=396984700257&hvpos=1o1&hvnetw=g&hvrand=2179727910417729406&hvpone=&hvptwo=&hvqmt=&hvdev=c&hvdvcmdl=&hvlocint=&hvlocphy=9061998&hvtargid=pla-343685677347&psc=1&ext_vrnc=hi)
- [ESP32 - Development and learning Bluetooth](https://www.espressif.com/en/products/hardware/esp32/overview)
- [Ubertooth](https://github.com/greatscottgadgets/ubertooth/wiki/Ubertooth-One)
- [Sena 100](http://www.senanetworks.com/ud100-g03.html)
#### BLE Pentesting Tutorials
- [Bluetooth vs BLE Basics](https://github.com/V33RU/BLE-NullBlr)
- [Intel Edison as Bluetooth LE — Exploit box](https://medium.com/@arunmag/intel-edison-as-bluetooth-le-exploit-box-a63e4cad6580)
- [How I Reverse Engineered and Exploited a Smart Massager](https://medium.com/@arunmag/how-i-reverse-engineered-and-exploited-a-smart-massager-ee7c9f21bf33)
- [My journey towards Reverse Engineering a Smart Band — Bluetooth-LE RE](https://medium.com/@arunmag/my-journey-towards-reverse-engineering-a-smart-band-bluetooth-le-re-d1dea00e4de2)
- [Bluetooth Smartlocks](https://www.getkisi.com/blog/smart-locks-hacked-bluetooth-ble)
- [I hacked MiBand 3](https://medium.com/@yogeshojha/i-hacked-xiaomi-miband-3-and-here-is-how-i-did-it-43d68c272391)
- [GATTacking Bluetooth Smart Devices](https://securing.pl/en/gattacking-bluetooth-smart-devices-introducing-a-new-ble-proxy-tool/index.html)
********************************************************************************************************************************
### Mobile security (Android & iOS)
- [Android App Reverse Engineering 101](https://maddiestone.github.io/AndroidAppRE/)
- [Android Application pentesting book](https://www.packtpub.com/hardware-and-creative/learning-pentesting-android-devices)
- [Android Pentest Video Course-TutorialsPoint](https://www.youtube.com/watch?v=zHknRia3I6s&list=PLWPirh4EWFpESLreb04c4eZoCvJQJrC6H)
- [IOS Pentesting](https://web.securityinnovation.com/hubfs/iOS%20Hacking%20Guide.pdf?)
- [OWASP Mobile Security Testing Guide](https://owasp.org/www-project-mobile-security-testing-guide/)
- [Android Tamer - Android Tamer is a Virtual / Live Platform for Android Security professionals](https://androidtamer.com/)
*******************************************************************************************************************************
### Online Assemblers
- [AZM Online Arm Assembler by Azeria](https://azeria-labs.com/azm/)
- [Online Disassembler](https://onlinedisassembler.com/odaweb/)
- [Compiler Explorer is an interactive online compiler which shows the assembly output of compiled C++, Rust, Go](https://godbolt.org/)
********************************************************************************************************************************
### ARM
- [Azeria Labs](https://azeria-labs.com/)
- [ARM EXPLOITATION FOR IoT](https://www.exploit-db.com/docs/english/43906-arm-exploitation-for-iot.pdf)
- [Damn Vulnerable ARM Router (DVAR)](https://blog.exploitlab.net/2018/01/dvar-damn-vulnerable-arm-router.html)
- [EXPLOIT.EDUCATION](https://exploit.education/)
********************************************************************************************************************************
### Pentesting Firmwares and emulating and analyzing
- [Firmware analysis and reversing](https://www.owasp.org/index.php/IoT_Firmware_Analysis)
- [Firmware emulation with QEMU](https://www.youtube.com/watch?v=G0NNBloGIvs)
- [Dumping Firmware using Buspirate](http://iotpentest.com/tag/pulling-firmware/)
- [Reversing ESP8266 Firmware](https://boredpentester.com/reversing-esp8266-firmware-part-1/)
- [Emulating Embedded Linux Devices with QEMU](https://www.novetta.com/2018/02/emulating-embedded-linux-devices-with-qemu/?__cf_chl_captcha_tk__=2167fb6cf097848dbf0dea8e4ecccc66f2a55e55-1585030085-0-AVfO7wG_mHgvnIgeIl-aiKLNW1IMb5IMLyqLOSOLydnZFzhyAyySWgfKvjvllAtYtmpbJjnaTlwyaWiO2kHXH4APqLuott0R7UReYCTZ3u--g4AJBK4eONEL2bTJcAHg3fzmXhrC-3iAqccNQC4jx1RWEz60y_MKFq63NVeoE1pC0EBYWkk7VqDWusBFbgpj6zRNv0ifKLc3oLYJck-oG13jeSbPISVLMCn6bCHVLaTp2gW7qG6GRELIWgdyfP9viyMDSAww3u-R1NmUgRQzctXIYMWH1MdL5p8lqbSpCa160cW3JaZ16IxT7iP1HkCBurx7rCOVP3DAcI8zrc19V9mi-jU9nXIW0Xf9eIpqlUP-R_txfNw4vF10PwIGKmg0Cpl2IDuY1ty3J8koQkdvxfE)
- [Emulating Embedded Linux Systems with QEMU](https://www.novetta.com/2018/02/emulating-embedded-linux-systems-with-qemu/?__cf_chl_captcha_tk__=9dd83a08cffb28fae75286f63f399c34eec56852-1585030087-0-AblGAUd4LCDVbghNgQyfL5hgPXNC8pUcLIAbPUpx2tBOb_L4gVVc1sZ7Ivg0g--06WpkdpeV-kylZu3T_Yqgr7GdFpc2cKzxATdc_bsEV7uu1ljIctFloHTW_B1vvjFAe3QXdex4kkn2D4HuQiw9WLszvO2Ff8SvvfEpHoBumOavj-c2iXcEb2dDFMoK3_HB_3-y7q_BEAX3xqDCjqz7TpcoIWt-wTSQwRfx-VuBfO87hrTsX43yzq6BNjCE9s15ZQmPp_NouYIHNMnx3augAfkwZBSUA0r43GbA--3jLmJsTe_qvcn7gMz_HAR-GpnA_Usn_cr94VqtyNpl0vEsC1OMf48oBMMoFQJA6Jjn1hGPv5hV4M4aBtJrTnFoRP2YGwxAyNTM3Df9qw1iyBB8r58)
- [Fuzzing Embedded Linux Devices](https://www.novetta.com/2018/07/fuzzing-embedded-linux-devices/?__cf_chl_captcha_tk__=f07f3f76e61b43f9ae6340e94cf4adeaec87977e-1585030089-0-AYkRNbh1wpUia0P5wBgrRfhf92Uy6Pl2mEEBOXi2FUvxROOJ9obK4ZIS78Y4iCRrMdi3umwQrJEyF0u3EPwHPu3_22f5PwOvVDFC0QwFPyw7LkY5bLuansI_8uoEunuLIEQ1VPIZHFpht1vT0_rW4YrYGc8osJZpubAhXfyZe1G7U_ibpZj9tdrUE6SwgA_Ph0io4LRfbjuvpeM03NHuc1sTTqRVdkWiw47kmr9uSAK10ZmQEvE7zpbpkEJM2slchjdYq6hziM3L5l8vB-eEm_JVxsSHbGfdDM3kSfTw3oXlYkvxvLy_llSyyefuub4yOBrqNgzV1Gj_PDTmuRTMxobGo7vZaRdr2LgOXML58kpG6NTDLb3A4YzwVw9u32ErRh4Ab89vn90RsHlWnU928Oc)
- [Emulating ARM Router Firmware](https://azeria-labs.com/emulating-arm-firmware/)
- [Reversing Firmware With Radare](https://www.bored-nerds.com/reversing/radare/automotive/2019/07/07/reversing-firmware-with-radare.html)
- [Samsung Firmware Magic](https://github.com/chrivers/samsung-firmware-magic)
********************************************************************************************************************************
### Firmware samples to pentest
- [Download From here](https://firmware.center/)
********************************************************************************************************************************
### IoT hardware Overview
- [IoT Hardware Guide](https://www.postscapes.com/internet-of-things-hardware/)
********************************************************************************************************************************
### Hardware Gadgets to pentest
- [Bus Pirate](https://www.sparkfun.com/products/12942)
- [EEPROM reader/SOIC Cable](https://www.sparkfun.com/products/13153)
- [Jtagulator/Jtagenum](https://www.adafruit.com/product/1550)
- [Logic Analyzer](https://www.saleae.com/)
- [The Shikra](https://int3.cc/products/the-shikra)
- [FaceDancer21 (USB Emulator/USB Fuzzer)](https://int3.cc/products/facedancer21)
- [RfCat](https://int3.cc/products/rfcat)
- [Hak5Gear- Hak5FieldKits](https://hakshop.com/)
- [Ultra-Mini Bluetooth CSR 4.0 USB Dongle Adapter](https://www.ebay.in/itm/Ultra-Mini-Bluetooth-CSR-4-0-USB-Dongle-Adapter-Black-Golden-with-2-yr-wrnty-/332302813975)
- [Attify Badge - UART, JTAG, SPI, I2C (w/ headers)](https://www.attify-store.com/products/attify-badge-assess-security-of-iot-devices)
********************************************************************************************************************************
### Attacking Hardware Interfaces
- [Serial Terminal Basics](https://learn.sparkfun.com/tutorials/terminal-basics/all)
- [Reverse Engineering Serial Ports](http://www.devttys0.com/2012/11/reverse-engineering-serial-ports/)
- [REVERSE ENGINEERING ARCHITECTURE AND PINOUT OF CUSTOM ASICS](https://sec-consult.com/en/blog/2019/02/reverse-engineering-architecture-pinout-plc/)
- [ChipWhisperer - Hardware attacks](http://wiki.newae.com/Main_Page)
********************************************************************************************************************************
### UART
- [Identifying UART interface](https://www.mikroe.com/blog/uart-serial-communication)
- [onewire-over-uart](https://github.com/dword1511/onewire-over-uart)
- [Accessing sensor via UART](http://home.wlu.edu/~levys/courses/csci250s2017/SensorsSignalsSerialSockets.pdf)
- [Using UART to connect to a chinese IP cam](https://www.davidsopas.com/using-uart-to-connect-to-a-chinese-ip-cam/)
- [A journey into IoT Hardware hacking: UART](https://techblog.mediaservice.net/2019/03/a-journey-into-iot-hardware-hacking-uart/)
********************************************************************************************************************************
### JTAG
- [JTAG Explained (finally!)](https://blog.senr.io/blog/jtag-explained)
- [NAND Glitching Attack](http://www.brettlischalk.com/posts/nand-glitching-wink-hub-for-root)
********************************************************************************************************************************
### SideChannel Attacks
- [All Attacks](https://yifan.lu/)
********************************************************************************************************************************
### Awesome IoT Pentesting Guides
- [Shodan Pentesting Guide](https://community.turgensec.com/shodan-pentesting-guide/)
- [Car Hacking Practical Guide 101](https://medium.com/@yogeshojha/car-hacking-101-practical-guide-to-exploiting-can-bus-using-instrument-cluster-simulator-part-i-cd88d3eb4a53)
- [OWASP Firmware Security Testing Methodology
](https://scriptingxss.gitbook.io/firmware-security-testing-methodology/)
********************************************************************************************************************************
## Vulnerable IoT and Hardware Applications
- IoT : https://github.com/Vulcainreo/DVID
- Safe : https://insinuator.net/2016/01/damn-vulnerable-safe/
- Router : https://github.com/praetorian-code/DVRF
- SCADA : https://www.slideshare.net/phdays/damn-vulnerable-chemical-process
- PI : https://whitedome.com.au/re4son/sticky-fingers-dv-pi/
- SS7 Network: https://www.blackhat.com/asia-17/arsenal.html#damn-vulnerable-ss7-network
- VoIP : https://www.vulnhub.com/entry/hacklab-vulnvoip,40/
*******************************************************************************************************************************
## follow the people
- [Jilles](https://twitter.com/jilles_com)
- [Joe Fitz](https://twitter.com/securelyfitz)
- [Aseem Jakhar](https://twitter.com/aseemjakhar)
- [Cybergibbons](https://twitter.com/cybergibbons)
- [Jasper](https://twitter.com/jzvw)
- [Dave Jones](https://twitter.com/eevblog)
- [bunnie](https://twitter.com/bunniestudios)
- [Ilya Shaposhnikov](https://twitter.com/drakylar)
- [Mark C.](https://twitter.com/LargeCardinal)
- [A-a-ron Guzman](https://twitter.com/scriptingxss)
- [Arun Mane](https://twitter.com/rootkill3r)
- [Yashin Mehaboobe](https://twitter.com/YashinMehaboobe)
- [Arun Magesh](https://www.linkedin.com/in/marunmagesh)
Reference in New Issue View Git Blame Copy Permalink