books/awesome-connected-things-sec
1
0
Fork 0
mirror of https://github.com/V33RU/awesome-connected-things-sec.git synced 2026-04-10 12:33:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e8400dfacccca96ce8a39bbf86158362f2d9ed5e
awesome-connected-things-sec/README.md
Veerababu Penugonda(Mr-IoT) e8400dfacc Update README.md
2019-11-11 12:16:27 +05:30

294 lines
16 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# IoT Pentesting 101 && IoT Security 101 ![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)
## **Approach Methodology**
1. Network
2. Web (Front & Backend and Web services)
3. Mobile App(Android & iOS)
4. Wireless Connectivity
5. Firmware Pentesting(Hardware or IoT device OS)
6. Hardware Level Approach
7. Storage Areas
### ***To seen Hacked devices***
1. https://blog.exploitee.rs/2018/10/
2. https://www.exploitee.rs/
3. https://forum.exploitee.rs/
4. [Your Lenovo Watch X Is Watching You & Sharing What It Learns](https://www.checkmarx.com/blog/lenovo-watch-watching-you/)
5. [Your Smart Scale is Leaking More than Your Weight: Privacy Issues in IoT](https://www.checkmarx.com/blog/smart-scale-privacy-issues-iot/)
6. [Smart Bulb Offers Light, Color, Music, and… Data Exfiltration?](https://www.checkmarx.com/blog/smart-bulb-exfiltration/)
7. [Besder-IPCamera analysis](http://blog.0x42424242.in/2019/04/besder-investigative-journey-part-1_24.html)
8. [Smart Lock](https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/)
9. [Subaru Head Unit Jailbreak](https://github.com/sgayou/subaru-starlink-research/blob/master/doc/README.md)
10. [Jeep Hack](http://illmatics.com/Remote%20Car%20Hacking.pdf)
## Contents
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
### ***Telegram group for IoT Security***
- <https://t.me/iotsecurity1011>
### ***Discord Group for IoT Security and CTF***
- https://discord.gg/EH9dxT9
### ***Books***
- [Android Hacker's Handbook](https://www.amazon.in/Android-Hackers-Handbook-MISL-WILEY-Joshua/dp/812654922X)
- [Hacking the Xbox](https://www.nostarch.com/xboxfree)
- [Car hacker's handbook](http://opengarages.org/handbook)
- [IoT Penetration Testing Cookbook](https://www.packtpub.com/networking-and-servers/iot-penetration-testing-cookbook)
- [Abusing the Internet of Things](https://www.amazon.in/Abusing-Internet-Things-Blackouts-Freakouts-ebook/dp/B013VQ7N36)
- [Hardware Hacking: Have Fun while Voiding your Warranty](https://www.elsevier.com/books/hardware-hacking/grand/978-1-932266-83-2)
- [Linksys WRT54G Ultimate Hacking](https://www.amazon.com/Linksys-WRT54G-Ultimate-Hacking-Asadoorian/dp/1597491667)
- [Linux Binary Analysis](https://www.packtpub.com/networking-and-servers/learning-linux-binary-analysis)
- [Firmware](https://www.amazon.com/Firmware-Handbook-Embedded-Technology/dp/075067606X)
### ***Blogs for iotpentest***
1. http://iotpentest.com/
2. https://blog.attify.com
3. https://payatu.com/blog/
4. http://jcjc-dev.com/
5. https://w00tsec.blogspot.in/
6. http://www.devttys0.com/
7. https://www.rtl-sdr.com/
8. https://keenlab.tencent.com/en/
9. https://courk.cc/
10. https://iotsecuritywiki.com/
11. https://cybergibbons.com/
12. http://firmware.re/
13. https://iotmyway.wordpress.com/
14. http://blog.k3170makan.com/
15. https://blog.tclaverie.eu/
16. http://blog.besimaltinok.com/category/iot-pentest/
17. https://ctrlu.net/
18. https://duo.com/decipher/
19. http://www.sp3ctr3.me
20. http://blog.0x42424242.in/
21. https://dantheiotman.com/
22. https://blog.danman.eu/
23. https://quentinkaiser.be/
24. https://blog.quarkslab.com
25. https://blog.ice9.us/
### ***Awesome Nmap CheatSheet***
- https://github.com/gnebbia/nmap_tutorial
### ***Search Engines for IoT Devices***
1. [Shodan](https://www.shodan.io/)
2. [FOFA](https://fofa.so/?locale=en)
3. [Censys](https://censys.io/)
4. [Zoomeye](https://www.zoomeye.org/about)
5. [ONYPHE](https://www.onyphe.io/)
### ***CTF For IoT's And Embeddded***
1. https://github.com/hackgnar/ble_ctf
2. https://www.microcorruption.com/
3. https://github.com/Riscure/Rhme-2016
4. https://github.com/Riscure/Rhme-2017
5. https://blog.exploitlab.net/2018/01/dvar-damn-vulnerable-arm-router.html
6. https://github.com/scriptingxss/IoTGoat
### ***YouTube Channels for IoT Pentesting***
1. [Liveoverflow](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w)
2. [Binary Adventure](https://www.youtube.com/channel/UCSLlgiYtOXZnYPba_W4bHqQ)
3. [EEVBlog](https://www.youtube.com/user/EEVblog)
4. [JackkTutorials](https://www.youtube.com/channel/UC64x_rKHxY113KMWmprLBPA)
5. [Craig Smith](https://www.youtube.com/channel/UCxC8G4Oeed4N0-GVeDdFoSA)
6. [iotpentest [Mr-IoT]](https://www.youtube.com/channel/UCe2mJv2FPRFhYJ7dvNdYR4Q)
7. [Besim ALTINOK - IoT - Hardware - Wireless](https://www.youtube.com/channel/UCnIV7A3kDL4JXJEljpW6TRQ/playlists)
8. [Ghidra Ninja](https://www.youtube.com/channel/UC3S8vxwRfqLBdIhgRlDRVzw)
### ***IoT security vulnerabilites checking guides***
- [Reflecting upon OWASP TOP-10 IoT Vulnerabilities](https://embedi.org/blog/reflecting-upon-owasp-top-10-iot-vulnerabilities/)
- [OWASP IoT Top 10 2018 Mapping Project](https://scriptingxss.gitbook.io/owasp-iot-top-10-mapping-project/)
### ***Labs for Practice*** ####
- [IoT Goat](https://github.com/scriptingxss/IoTGoat)
### ***IoT Pentesting OSes***
- [Sigint OS- LTE IMSI Catcher](https://www.sigintos.com/downloads/)
- [Instatn-gnuradio OS - For Radio Signals Testing](https://github.com/bastibl/instant-gnuradio)
- [AttifyOS - IoT Pentest OS - by Aditya Gupta](https://github.com/adi0x90/attifyos)
- [Ubutnu Best Host Linux for IoT's - Use LTS](https://www.ubuntu.com/)
### ***Exploitation Tools***
- [Expliot - IoT Exploitation framework - by Aseemjakhar](https://gitlab.com/expliot_framework/expliot)
- [A Small, Scalable Open Source RTOS for IoT Embedded Devices](https://www.zephyrproject.org/)
- [Skywave Linux- Software Defined Radio for Global Online Listening](https://skywavelinux.com/)
- [Routersploit (Exploitation Framework for Embedded Devices)](https://github.com/threat9/routersploit)
- [IoTSecFuzz (comprehensive testing for IoT device)](https://gitlab.com/invuls/iot-projects/iotsecfuzz)
### ***Reverse Engineering Tools***
- [IDA Pro](https://www.youtube.com/watch?v=fgMl0Uqiey8)
- [GDB](https://www.youtube.com/watch?v=fgMl0Uqiey8)
- [Radare2](https://radare.gitbooks.io/radare2book/content/)
- [Ghidra](https://ghidra-sre.org/)
## ***Introduction***
- [Introduction to IoT](https://en.wikipedia.org/wiki/Internet_of_things)
- [IoT Architecture](https://www.c-sharpcorner.com/UploadFile/f88748/internet-of-things-part-2/)
- [IoT attack surface](https://www.owasp.org/index.php/IoT_Attack_Surface_Areas)
- [IoT Protocols Overview](https://www.postscapes.com/internet-of-things-protocols/)
## ***IoT Protocols Pentesting***
### ***MQTT***
- [Introduction](https://www.hivemq.com/blog/mqtt-essentials-part-1-introducing-mqtt)
- [Hacking the IoT with MQTT](https://morphuslabs.com/hacking-the-iot-with-mqtt-8edaf0d07b9b)
- [thoughts about using IoT MQTT for V2V and Connected Car from CES 2014](https://mobilebit.wordpress.com/tag/mqtt/)
- [Nmap](https://nmap.org/nsedoc/lib/mqtt.html)
- [The Seven Best MQTT Client Tools](https://www.hivemq.com/blog/seven-best-mqtt-client-tools)
- [A Guide to MQTT by Hacking a Doorbell to send Push Notifications](https://youtu.be/J_BAXVSVPVI)
### ***CoAP***
- [Introduction](http://coap.technology/)
- [CoAP client Tools](http://coap.technology/tools.html)
- [CoAP Pentest Tools](https://bitbucket.org/aseemjakhar/expliot_framework)
- [Nmap](https://nmap.org/nsedoc/lib/coap.html)
### ***Automobile***
CanBus
- [Introduction and protocol Overview](https://www.youtube.com/watch?v=FqLDpHsxvf8)
- [PENTESTING VEHICLES WITH CANTOOLZ](https://www.blackhat.com/docs/eu-16/materials/eu-16-Sintsov-Pen-Testing-Vehicles-With-Cantoolz.pdf)
- [Building a Car Hacking Development Workbench: Part1](https://blog.rapid7.com/2017/07/11/building-a-car-hacking-development-workbench-part-1/)
- [CANToolz - Black-box CAN network analysis framework](https://github.com/CANToolz/CANToolz)
- [PLAYING WITH CAN BUS](https://blog.danman.eu/playing-with-can-bus/)
### ***Radio IoT Protocols Overview***
- [Understanding Radio](https://www.taitradioacademy.com/lessons/introduction-to-radio-communications-principals/)
- [Signal Processing]()
- [Software Defined Radio](https://www.allaboutcircuits.com/technical-articles/introduction-to-software-defined-radio/)
- [Gnuradio](https://wiki.gnuradio.org/index.php/Guided_Tutorial_GRC#Tutorial:_GNU_Radio_Companion)
- [Creating a flow graph](https://blog.didierstevens.com/2017/09/19/quickpost-creating-a-simple-flow-graph-with-gnu-radio-companion/)
- [Analysing radio signals](https://www.rtl-sdr.com/analyzing-433-mhz-transmitters-rtl-sdr/)
- [Recording specific radio signal](https://www.rtl-sdr.com/freqwatch-rtl-sdr-frequency-scanner-recorder/)
- [Replay Attacks](https://www.rtl-sdr.com/tutorial-replay-attacks-with-an-rtl-sdr-raspberry-pi-and-rpitx/)
### ***Base transceiver station (BTS)***
- [what is base tranceiver station](https://en.wikipedia.org/wiki/Base_transceiver_station)
- [How to Build Your Own Rogue GSM BTS](https://www.evilsocket.net/2016/03/31/how-to-build-your-own-rogue-gsm-bts-for-fun-and-profit/)
### ***GSM & SS7 Pentesting***
- [Introduction to GSM Security](http://www.pentestingexperts.com/introduction-to-gsm-security/)
- [GSM Security 2 ](https://www.ehacking.net/2011/02/gsm-security-2.html)
- [vulnerabilities in GSM security with USRP B200](https://ieeexplore.ieee.org/document/7581461/)
- [Security Testing 4G (LTE) Networks](https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-44con-lte-presentation-2012-09-11.pdf)
- [Case Study of SS7/SIGTRAN Assessment](https://nullcon.net/website/archives/pdf/goa-2017/case-study-of-SS7-sigtran.pdf)
- [Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP](https://github.com/SigPloiter/SigPloit)
- [ss7MAPer A SS7 pen testing toolkit](https://n0where.net/ss7-pentesting-toolkit-ss7maper)
- [Introduction to SIGTRAN and SIGTRAN Licensing](https://www.youtube.com/watch?v=XUY6pyoRKsg)
- [SS7 Network Architecture](https://youtu.be/pg47dDUL1T0)
- [Introduction to SS7 Signaling](https://www.patton.com/whitepapers/Intro_to_SS7_Tutorial.pdf)
- [Breaking LTE on Layer Two](https://alter-attack.net/)
### ***Zigbee & Zwave***
- [Introduction and protocol Overview](http://www.informit.com/articles/article.aspx?p=1409785)
- [Hacking Zigbee Devices with Attify Zigbee Framework](https://blog.attify.com/hack-iot-devices-zigbee-sniffing-exploitation/)
- [Hands-on with RZUSBstick](https://uk.rs-online.com/web/p/radio-frequency-development-kits/6962415/)
- [ZigBee & Z-Wave Security Brief](http://www.riverloopsecurity.com/blog/2018/05/zigbee-zwave-part1/)
### ***BLE Intro and Tools***
- [Step By Step guide to BLE Understanding and Exploiting](https://github.com/V33RU/BLE-NullBlr)
- [Traffic Engineering in a Bluetooth Piconet](http://www.diva-portal.org/smash/get/diva2:833159/FULLTEXT01.pdf)
- [BLE Characteristics](https://devzone.nordicsemi.com/tutorials/b/bluetooth-low-energy/posts/ble-characteristics-a-beginners-tutorial0)
Reconnaissance (Active and Passive) with HCI Tools
- [btproxy](https://github.com/conorpp/btproxy)
- [hcitool & bluez](https://www.pcsuggest.com/linux-bluetooth-setup-hcitool-bluez)
- [Testing With GATT Tool](https://www.jaredwolff.com/blog/get-started-with-bluetooth-low-energy/)
- [Cracking encryption](https://github.com/mikeryan/crackle)
- [bettercap](https://github.com/bettercap/bettercap)
- [BtleJuice Bluetooth Smart Man-in-the-Middle framework](https://github.com/DigitalSecurity/btlejuice)
- [gattacker](https://github.com/securing/gattacker)
- [BTLEjack Bluetooth Low Energy Swiss army knife](https://github.com/virtualabs/btlejack)
### ***BLE Pentesting Tutorials***
- [Bluetooth vs BLE Basics](https://github.com/V33RU/BLE-NullBlr)
- [Intel Edison as Bluetooth LE — Exploit box](https://medium.com/@arunmag/intel-edison-as-bluetooth-le-exploit-box-a63e4cad6580)
- [How I Reverse Engineered and Exploited a Smart Massager](https://medium.com/@arunmag/how-i-reverse-engineered-and-exploited-a-smart-massager-ee7c9f21bf33)
- [My journey towards Reverse Engineering a Smart Band — Bluetooth-LE RE](https://medium.com/@arunmag/my-journey-towards-reverse-engineering-a-smart-band-bluetooth-le-re-d1dea00e4de2)
- [Bluetooth Smartlocks](https://www.getkisi.com/blog/smart-locks-hacked-bluetooth-ble)
- [I hacked MiBand 3](https://medium.com/@yogeshojha/i-hacked-xiaomi-miband-3-and-here-is-how-i-did-it-43d68c272391)
- [GATTacking Bluetooth Smart Devices](https://securing.pl/en/gattacking-bluetooth-smart-devices-introducing-a-new-ble-proxy-tool/index.html)
### ***Mobile security (Android & iOS)***
- [Android](https://www.packtpub.com/hardware-and-creative/learning-pentesting-android-devices)
- [Android Pentest Video Course](https://www.youtube.com/watch?v=zHknRia3I6s&list=PLWPirh4EWFpESLreb04c4eZoCvJQJrC6H)
- [IOS Pentesting](https://web.securityinnovation.com/hubfs/iOS%20Hacking%20Guide.pdf?)
### ***ARM***
- [Azeria Labs](https://azeria-labs.com/)
- [ARM EXPLOITATION FOR IoT](https://www.exploit-db.com/docs/english/43906-arm-exploitation-for-iot.pdf)
- [Static Binary analysis ARMV7](https://github.com/CJHackerz/easy_iotsec-arm)
- [Damn Vulnerable ARM Router (DVAR)](https://blog.exploitlab.net/2018/01/dvar-damn-vulnerable-arm-router.html)
- [EXPLOIT.EDUCATION](https://exploit.education/)
### ***Firmware Pentest***
- [Firmware analysis and reversing](https://www.owasp.org/index.php/IoT_Firmware_Analysis)
- [Firmware emulation with QEMU](https://www.youtube.com/watch?v=G0NNBloGIvs)
- [Dumping Firmware using Buspirate](http://iotpentest.com/tag/pulling-firmware/)
- [Reversing ESP8266 Firmware](https://boredpentester.com/reversing-esp8266-firmware-part-1/)
### ***Firmware to pentest***
- [Download From here](https://firmware.center/)
### ***IoT hardware Overview***
- [IoT Hardware Guide](https://www.postscapes.com/internet-of-things-hardware/)
### ***Hardware Gadgets to pentest***
- [Bus Pirate](https://www.sparkfun.com/products/12942)
- [EEPROM readers](https://www.ebay.com/bhp/eeprom-reader)
- [Jtagulator / Jtagenum](https://www.adafruit.com/product/1550)
- [Logic Analyzer](https://www.saleae.com/)
- [The Shikra](https://int3.cc/products/the-shikra)
- [FaceDancer21 (USB Emulator/USB Fuzzer)](https://int3.cc/products/facedancer21)
- [RfCat](https://int3.cc/products/rfcat)
- [Hak5Gear- Hak5FieldKits](https://hakshop.com/)
- [Ultra-Mini Bluetooth CSR 4.0 USB Dongle Adapter](https://www.ebay.in/itm/Ultra-Mini-Bluetooth-CSR-4-0-USB-Dongle-Adapter-Black-Golden-with-2-yr-wrnty-/332302813975)
- [Attify Badge - UART, JTAG, SPI, I2C (w/ headers)](https://www.attify-store.com/products/attify-badge-assess-security-of-iot-devices)
- [Ubertooth](https://github.com/greatscottgadgets/ubertooth/wiki/Ubertooth-One)
### ***Attacking Hardware Interfaces***
- [Serial Terminal Basics](https://learn.sparkfun.com/tutorials/terminal-basics/all)
- [Reverse Engineering Serial Ports](http://www.devttys0.com/2012/11/reverse-engineering-serial-ports/)
- [REVERSE ENGINEERING ARCHITECTURE AND PINOUT OF CUSTOM ASICS](https://sec-consult.com/en/blog/2019/02/reverse-engineering-architecture-pinout-plc/)
### ***UART***
- [Identifying UART interface](https://www.mikroe.com/blog/uart-serial-communication)
- [onewire-over-uart](https://github.com/dword1511/onewire-over-uart)
- [Accessing sensor via UART](http://home.wlu.edu/~levys/courses/csci250s2017/SensorsSignalsSerialSockets.pdf)
- [Using UART to connect to a chinese IP cam](https://www.davidsopas.com/using-uart-to-connect-to-a-chinese-ip-cam/)
- [A journey into IoT Hardware hacking: UART](https://techblog.mediaservice.net/2019/03/a-journey-into-iot-hardware-hacking-uart/)
### ***JTAG***
- [Identifying JTAG interface](https://blog.senr.io/blog/jtag-explained)
- [NAND Glitching Attack](http://www.brettlischalk.com/posts/nand-glitching-wink-hub-for-root)
### ***SideChannel Attacks***
- [All Attacks](https://yifan.lu/)
## ***Vulnerable IoT and Hardware Applications***
- IoT : https://github.com/Vulcainreo/DVID
- Safe : https://insinuator.net/2016/01/damn-vulnerable-safe/
- Router : https://github.com/praetorian-code/DVRF
- SCADA : https://www.slideshare.net/phdays/damn-vulnerable-chemical-process
- PI : https://whitedome.com.au/re4son/sticky-fingers-dv-pi/
- SS7 Network: https://www.blackhat.com/asia-17/arsenal.html#damn-vulnerable-ss7-network
- VoIP : https://www.vulnhub.com/entry/hacklab-vulnvoip,40/
Reference in New Issue View Git Blame Copy Permalink