awesome-connected-things-sec/README.md

• A Collection for IoT Security Resources

• You are welcome to fork and contribute

• Other Interesting Areas

  • ICS-Security
  • Automotive-Security

---

🛠️ Approach Methodology

• 🌐 1. Network
• 🌐 2. Web (Front & Backend and Web services)
• 📱 3. Mobile App (Android & iOS)
• 📡 4. Wireless Connectivity (Zigbee, WiFi, Bluetooth, etc)
• 💽 5. Firmware Pentesting (Static and Dynamic analysis, OS of IoT Devices)
• 🛠️ 6. Hardware Hacking & Fault Injections & SCA Attacks
• 💾 7. Storage Medium
• 🔌 8. I/O Ports

📑 Contents Overview

🛡️ IoT Security Information

• 👥 Community and Discussion Platforms
• 🎓 IoT and Hardware Security Trainings
• 🔍 Technical Research and Hacking
• 💻 Proof of Concepts: Known Device Vulnerabilities
• 📚 Books for IoT Penetration Testing
• 🖋️ Blogs for IoT Pentest
• 📋 Awesome Cheatsheets
• 🔍 Search Engines for Exposed IoT Devices Worldwide
• 🚩 CTF: Vulnerable IoT and Hardware Applications
• 📺 YouTube Channels for IoT Pentesting
• ⚒️ Exploitation Tools
• 🖥️ IoT Pentesting OSes
• 📘 IoT Vulnerabilities Checking Guides
• 🔬 IoT Labs
• 📖 Awesome IoT Pentesting Guides
• 🐛 Fuzzing Things
• 🏢 IoT Lab Setup Guide for Corporate/Individual
• 🔧 FlipperZero
• 🏘 Villages

Specific Topics

🌐 Network

🌐 Web IoT Message Protocols

• 📨 MQTT
• 📬 CoAP

📱 Mobile App

• 🛡️ Mobile Security (Android & iOS)

📡 Wireless Protocols

• 📻 Radio Hacking Starting Guide
• 📡 Cellular Hacking GSM BTS
• 🐝 Zigbee
• 🔵 Bluetooth
• 📞 DECT
• 📲 NFC

💽 Firmware

• 🔍 Reverse Engineering Tools
• 💻 Online Assemblers
• 💪 ARM
• 🔨 Pentesting Firmwares: Emulating and Analyzing
• 🔬 Firmware Samples to Pentest
• 🔒 Secureboot
• 🔍 Binary Analysis

🛠️ Hardware

• 🔎 IoT Hardware Intro
• 🛠️ Required Hardware to Pentest IoT
• 🔌 Hardware Interfaces
• 🔌 SPI
• 🔌 UART
• 🔌 JTAG
• 🛠️ SideChannel Attacks & Glitching Attacks

💾 Storage Medium

• 📀 EMMC

💳 Payment Security

• 💵 ATM Hacking

---

Technical Research and Hacking

• Subaru Head Unit Jailbreak
• Jeep Hack
• Dropcam Hacking
• Printer Hacking Live Sessions - Gamozo Labs
• LED Light Hacking
• PS4 Jailbreak – the current status
• Your Lenovo Watch X Is Watching You & Sharing What It Learns
• Your Smart Scale is Leaking More than Your Weight: Privacy Issues in IoT
• Besder 6024PB-XMA501 IP camera security analysis
• Smart Lock Vulnerabilities

---

Proof of Concepts known Device Vulnerabilities

• IoT-Vuln-with CVE and PoC of tenda and dlink

---

Community and Discussion Platforms

• IoTSecurity101 Telegram
• IoTSecurity101 Reddit
• IoTSecurity101 Discord
• Hardware Hacking Telegram
• RFID Discord Group
• ICS Discord Group

---

IoT and Hardware Security Trainings

• opensecuritytraining 2

---

Books for IoT Penetration Testing

2004

• The Firmware Handbook (Embedded Technology) 1st Edition by Jack Ganssle
• Hardware Hacking: Have Fun while Voiding your Warranty 1st Edition

2007

• Linksys WRT54G Ultimate Hacking 1st Edition by Paul Asadoorian

2013

• Hacking the Xbox - An Introduction to Reverse Engineering HACKING THE XBOX by Andrew “bunnie” Huang
• Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure by Eric D. Knapp , Raj Samani

2014

• Android Hacker's Handbook by Joshua J. Drake

2015

• The Art of Pcb Reverse Engineering: Unravelling the Beauty of the Original Design
• Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts 1st Edition, by Nitesh Dhanjani

2016

• Learning Linux Binary Analysis By Ryan "elfmaster" O'Neill
• Car hacker's handbook by Craig Smith

2017

• IoT Penetration Testing Cookbook By Aaron Guzman , Aditya Gupta

2018

• Inside Radio: An Attack and Defense Guide by Authors: Yang, Qing, Huang, Lin
• Pentest Hardware
• Gray Hat Hacking: The Ethical Hacker's Handbook, Fifth Edition 5th Edition by Daniel Regalado , Shon Harris , Allen Harper , Chris Eagle , Jonathan Ness , Branko Spasojevic , Ryan Linn , Stephen Sims

2021

• Practical Hardware Pentesting
• The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks Front Cover Jasper van Woudenberg, Colin O'Flynn
• Practical IoT Hacking-The Definitive Guide to Attacking the Internet of Things by Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, Beau Woods
• Manual PCB-RE: The Essentials

2022

• PatrIoT: practical and agile threat research for IoT by Emre Süren

2023

• Practical Hardware Pentesting - Second Edition
• Blue Fox: Arm Assembly Internals & Reverse Engineering
• Fuzzing Against the Machine: Automate vulnerability research with emulated IoT devices on QEMU
• Hardware Security Training, Hands-on!
• Automotive Cybersecurity Engineering Handbook: The automotive engineer's roadmap to cyber-resilient vehicles Series
• Embedded Systems Security and TrustZone

---

Awesome CheatSheets

• Hardware Hacking cheat sheet
• Nmap

---

Search Engines for Internet-Connected Devices

• Shodan
• Censys
• ZoomEye
• BinaryEdge
• Thingful
• Wigle
• Hunter.io
• BuiltWith
• NetDB
• Recon-ng
• PublicWWW

---

YouTube Channels for IoT Pentesting

• Joe Grand
• Liveoverflow
• Binary Adventure
• EEVBlog
• Craig Smith
• iotpentest [Mr-IoT]
• Besim ALTINOK - IoT - Hardware - Wireless
• Ghidra Ninja
• Cyber Gibbons
• Scanline
• Aaron Christophel
• Valerio Di Giampietro

---

Vehicle Security Resources

• https://github.com/jaredthecoder/awesome-vehicle-security

---

IoT Vulnerabilites Checking Guides

• Reflecting upon OWASP TOP-10 IoT Vulnerabilities
• OWASP IoT Top 10 2018 Mapping Project
• Hardware toolkits for IoT security analysis

---

IoT Gateway Software

• Webthings by Mozilla - RaspberryPi

---

IoT Pentesting OSes

• Sigint OS- LTE IMSI Catcher
• Instatn-gnuradio OS - For Radio Signals Testing
• Ubutnu Best Host Linux for IoT's - Use LTS
• Internet of Things - Penetration Testing OS v1
• Dragon OS - DEBIAN LINUX WITH PREINSTALLED OPEN SOURCE SDR SOFTWARE
• EmbedOS - Embedded security testing virtual machine
• Skywave Linux- Software Defined Radio for Global Online Listening
• A Small, Scalable Open Source RTOS for IoT Embedded Devices
• ICS - Controlthings.io
• AttifyOS - IoT Pentest OS - by Aditya Gupta

---

Exploitation Tools

• Expliot - IoT Exploitation framework - by Aseemjakhar
• Routersploit (Exploitation Framework for Embedded Devices)
• IoTSecFuzz (comprehensive testing for IoT device)
• HomePwn - Swiss Army Knife for Pentesting of IoT Devices
• killerbee - Zigbee exploitation
• PRET - Printer Exploitation Toolkit
• HAL – The Hardware Analyzer
• FwAnalyzer (Firmware Analyzer)
• ISF(Industrial Security Exploitation Framework
• PENIOT: Penetration Testing Tool for IoT
• MQTT-PWN

---

Reverse Engineering Tools

• IDA Pro
• GDB
• Radare2 | cutter
• Ghidra

---

Introduction

• Introduction to IoT
• IoT Architecture
• IoT attack surface
• IoT Protocols Overview

---

IoT Web and message services

MQTT

• Introduction
• Hacking the IoT with MQTT
• thoughts about using IoT MQTT for V2V and Connected Car from CES 2014
• Nmap
• The Seven Best MQTT Client Tools
• A Guide to MQTT by Hacking a Doorbell to send Push Notifications
• Are smart homes vulnerable to hacking
• Deep Learning UDF for KSQL / ksqlDB for Streaming Anomaly Detection of MQTT IoT Sensor Data
• Authenticating & Authorizing Devices using MQTT with Auth0
• Development information for the MQTT with hardware
• Understanding the MQTT Protocol Packet Structure
• R7-2019-18: Multiple Hickory Smart Lock Vulnerabilities
• IoT Live Demo: 100.000 Connected Cars With Kubernetes, Kafka, MQTT, TensorFlow

Softwares

• Mosquitto-An open source MQTT broker
• HiveMQ
• MQTT Explorer
• MQTT proxy - IoXY
• MQTT Broker Security - 101
• Welcome to MQTT-PWN!

CoAP

• Introduction
• CoAP client Tools
• CoAP Pentest Tools
• Nmap - NSE for coap

---

RADIO HACKER QUICK START GUIDE

• Complete course in Software Defined Radio (SDR) by Michael Ossmann
• SDR Notes - Radio IoT Protocols Overview
• Understanding Radio
• Introduction to Software Defined Radio
• Introduction Gnuradio companion
• Creating a flow graph in gunradiocompanion
• Analysing radio signals 433Mhz
• Recording specific radio signal
• Replay Attacks with raspberrypi -rpitx

Cellular Hacking GSM BTS

BTS

• Awesome-Cellular-Hacking
• what is base tranceiver station
• How to Build Your Own Rogue GSM BTS

GSM SS7 Pentesting

• 5Ghoul - 5G NR Attacks & 5G OTA Fuzzing
• Introduction to GSM Security
• GSM Security 2
• vulnerabilities in GSM security with USRP B200
• Security Testing 4G (LTE) Networks
• Case Study of SS7/SIGTRAN Assessment
• Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP
• ss7MAPer – A SS7 pen testing toolkit
• Introduction to SIGTRAN and SIGTRAN Licensing
• SS7 Network Architecture
• Introduction to SS7 Signaling
• Breaking LTE on Layer Two

Hardware Tools

• Fake BTS Detector (SCL-8521)

---

NFC-RFID

• List of RFID/NFC Security & Privacy talks

---

Zigbee ALL Stuff

• Introduction and protocol Overview
• Hacking Zigbee Devices with Attify Zigbee Framework
• Hands-on with RZUSBstick
• ZigBee & Z-Wave Security Brief
• Hacking ZigBee Networks
• Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes
• Security Analysis of Zigbee Networks with Zigator and GNU Radio
• Low-Cost ZigBee Selective Jamming

SW Tools

• zigbear
• ZigDiggity
• Zigator
• Z3sec

Hardware Tools for Zigbee

• APIMOTE IEEE 802.15.4/ZIGBEE SNIFFING HARDWARE
• RaspBee-The Raspberry Pi Zigbee gateway
• USRP SDR 2
• ATUSB IEEE 802.15.4 USB Adapter
• nRF52840-Dongle

---

BLE Intro and SW-HW Tools to pentest

• Step By Step guide to BLE Understanding and Exploiting
• Traffic Engineering in a Bluetooth Piconet
• BLE Characteristics

Bluetooth and BLE Pentest Tools

• btproxy
• hcitool & bluez
• Testing With GATT Tool
• crackle-Cracking encryption
• bettercap
• BtleJuice Bluetooth Smart Man-in-the-Middle framework
• gattacker
• BTLEjack Bluetooth Low Energy Swiss army knife
• bluing-An intelligence gathering tool for hacking Bluetooth
• DEDSEC-Bluetooth-exploit

Hardware for bluetooth hacking

• NRFCONNECT - 52840
• EDIMAX
• CSR 4.0
• ESP32 - Development and learning Bluetooth
• Ubertooth
• Sena 100
• ESP-WROVER-KIT-VB

BLE Pentesting Tutorials

• Blue2thprinting (blue-[tooth)-printing]: answering the question of 'WTF am I even looking at?!'
• Open Wounds: The last 5 years have left Bluetooth to bleed
• It Was Harder to Sniff Bluetooth Through My Mask During the Pandemic...
• Bluetooth vs BLE Basics
• examining-the-august-smart-lock
• Finding bugs in Bluetooth
• Intel Edison as Bluetooth LE — Exploit box
• How I Reverse Engineered and Exploited a Smart Massager
• My journey towards Reverse Engineering a Smart Band — Bluetooth-LE RE
• Bluetooth Smartlocks
• I hacked MiBand 3
• GATTacking Bluetooth Smart Devices
• blueooth beacon vulnerability
• Sweyntooth Vulnerabilties
• AIRDROP_LEAK - sniffs BLE traffic and displays status messages from Apple devices
• BRAKTOOTH: Causing Havoc on Bluetooth Link Manager
• Practical Introduction to BLE GATT Reverse Engineering: Hacking the Domyos EL500
• MojoBox - yet another not so smartlock
• bluetooth-hacking

---

DECT (Digital Enhanced Cordless Telecommunications)

• Real Time Interception And Monitoring Of A DECT Cordless Telephone
• Eavesdropping On Unencrypted DECT Voice Traffic
• Decoding DECT Voice Traffic: In-depth Explanation

Software Tools && Hardware Tools

Software

Hardware

---

Mobile security (Android & iOS)

• Android App Reverse Engineering 101
• Android Application pentesting book
• Android Pentest Video Course-TutorialsPoint
• IOS Pentesting
• OWASP Mobile Security Testing Guide
• Android Tamer - Android Tamer is a Virtual / Live Platform for Android Security professionals

---

Villages

• Payment Villages
• ICS Village
• IoT Villages
• RF hackers
• Car Hacking Village

---

Online Assemblers

• AZM Online Arm Assembler by Azeria
• Online Disassembler
• Compiler Explorer is an interactive online compiler which shows the assembly output of compiled C++, Rust, Go

---

ARM

• Azeria Labs
• ARM EXPLOITATION FOR IoT
• Damn Vulnerable ARM Router (DVAR)
• EXPLOIT.EDUCATION

---

Pentesting Firmwares and emulating and analyzing

Firmware Analysis Tools

• EMBA-An analyzer for embedded Linux firmware
• FACT-Firmware Analysis and Comparison Tool
• Binwalk
• Qiling
• fwanalyzer
• ByteSweep
• Firmwalker
• Checksec.sh
• QEMU
• Firmadyne
• Firmware Modification Kit

Resources

• Firmware analysis and reversing
• Reversing 101
• IoT Security Verification Standard (ISVS)
• OWASP Firmware Security Testing Methodology
• Firmware emulation with QEMU
• Reversing ESP8266 Firmware
• Emulating ARM Router Firmware
• Reversing Firmware With Radare
• Samsung Firmware Magic - Unpacking and Decrypting
• Qiling & Binary Emulation for automatic unpacking
• Reverse engineering with #Ghidra: Breaking an embedded firmware encryption scheme
• Simulating and hunting firmware vulnerabilities with Qiling

Firmware Dev && Firmware Emulation

• IoT binary analysis & emulation part -1
• ross debugging for ARM / MIPS ELF with QEMU/toolchain
• Qemu + buildroot 101

---

Firmware samples to pentest

• Download From here by firmware.center

---

Binary Analysis

• Reverse Engineering For Everyone!
• https://www.coalfire.com/the-coalfire-blog/reverse-engineering-and-patching-with-ghidra
• Part two: Reverse engineering and patching with Ghidra
• Automating binary vulnerability discovery with Ghidra and Semgrep

---

Symlinks Attacks

• Zip Slip Vulnerability

---

Secureboot

Dev

• Writing a Bootloader

Hacking

• Pwn the ESP32 Secure Boot
• Pwn the ESP32 Forever: Flash Encryption and Sec. Boot Keys Extraction
• Amlogic S905 SoC: bypassing the (not so) Secure Boot to dump the BootROM / Alternative Link
• Defeating Secure Boot with Symlink Attacks
• PS4 Aux Hax 5 & PSVR Secure Boot Hacking with Keys by Fail0verflow!
• Eclypsium Discovers Multiple Vulnerabilities Affecting 129 Dell Models Via Dell Remote OS Recovery And Firmware Update Capabilities
• Technical Advisory – U-Boot – Unchecked Download Size and Direction in USB DFU (CVE-2022-2347)
• Breaking Secure Boot on the Silicon Labs Gecko platform

---

Storage Medium

EMMC Protocol and Techniques

Explore the world of EMMC hacking with these curated resources. Whether you're new to hardware hacking or an experienced practitioner, these links provide valuable insights into EMMC protocol, data recovery, and practical hacking techniques.

• EMMC Protocol
• RPMB, a secret place inside the eMMC
• Hardware Hacking 101: Identifying And Dumping EMMC Flash
• EMMC Data Recovery From Damaged Smartphone
• Another Bunch Of Articles For EMMC
• Unleash Your Smart-Home Devices: Vacuum Cleaning Robot Hacking
• Hands-On IoT Hacking: Rapid7 At DEF CON 30 IoT Village, Part 1

---

Payment Device Security

ATM Hacking

• Introduction to ATM Penetration Testing
• Pwning ATMs For Fun and Profit
• Jackpotting Automated Teller Machines Redux By Barnaby Jack

---

IoT hardware Overview and Hacking

• IoT Hardware Guide
• Intro To Hardware Hacking - Dumping Your First Firmware

Hardware Gadgets to pentest

• Bus Pirate
• EEPROM reader/SOIC Cable
• Jtagulator/Jtagenum
• Logic Analyzer
• The Shikra
• FaceDancer21 (USB Emulator/USB Fuzzer)
• RfCat
• Hak5Gear- Hak5FieldKits
• Ultra-Mini Bluetooth CSR 4.0 USB Dongle Adapter
• Attify Badge - UART, JTAG, SPI, I2C (w/ headers)

Attacking Hardware Interfaces

• An Introduction to Hardware Hacking
• Serial Terminal Basics
• Reverse Engineering Serial Ports
• REVERSE ENGINEERING ARCHITECTURE AND PINOUT OF CUSTOM ASICS
• ChipWhisperer - Hardware attacks
• Hardware hacking tutorial: Dumping and reversing firmware

SPI

• Dumping the firmware From Router using BUSPIRATE - SPI Dump
• How to Flash Chip of a Router With a Programmer | TP-Link Router Repair & MAC address change
• Extracting Flash Memory over SPI
• Extracting Firmware from Embedded Devices (SPI NOR Flash)
• SPI-Blogs
• Reading FlashROMS - Youtube

UART

• Identifying UART interface
• onewire-over-uart
• Accessing sensor via UART
• Using UART to connect to a chinese IP cam
• A journey into IoT – Hardware hacking: UART
• UARTBruteForcer
• UART Connections and Dynamic analysis on Linksys e1000
• Accessing and Dumping Firmware Through UART
• UART Exploiter

JTAG

• HARDWARE HACKING 101: INTRODUCTION TO JTAG
• How To Find The JTAG Interface - Hardware Hacking Tutorial
• Buspirate JTAG Connections - Openocd
• Extracting Firmware from External Memory via JTAG
• Analyzing JTAG
• The hitchhacker’s guide to iPhone Lightning & JTAG hacking

SideChannel Attacks

• Side channel attacks
• Attacks on Implementations of Secure Systems
• fuzzing, binary analysis, IoT security, and general exploitation
• Espressif ESP32: Bypassing Encrypted Secure Boot(CVE-2020-13629)
• Breaking AES with ChipWhisperer - Piece of scake (Side Channel Analysis 100)
• Researchers use Rowhammer bit flips to steal 2048-bit crypto key

Glitching and Fault Injection Resources

Tutorials and Case Studies

1. NAND Glitching Attack - Gaining root access to a Wink Hub through NAND glitching.
2. Tutorial CW305-4 Voltage Glitching with Crowbars - Detailed tutorial on voltage glitching using crowbars.
3. Voltage Glitching Attack using SySS iCEstick Glitcher - A demonstration of a voltage glitching attack by SySS PentestTV.
4. Samy Kamkar - FPGA Glitching & Side Channel Attacks - Samy Kamkar's insights on FPGA glitching and side channel attacks.
5. Hardware Power Glitch Attack - rhme2 Fiesta (FI 100) - A hardware power glitch attack demonstration by LiveOverflow.

Specific Techniques and Experiments

6. Keys in flash - Glitching AES keys from an Arduino / ATmega - Extracting AES keys from an Arduino using glitching.
7. Implementing Practical Electrical Glitching Attacks - Guide on implementing electrical glitching attacks.
8. How To Voltage Fault Injection - A comprehensive guide on voltage fault injection techniques.

---

Awesome IoT Pentesting Guides

• Shodan Pentesting Guide
• Car Hacking Practical Guide 101
• OWASP Firmware Security Testing Methodology
• Awesome-bluetooth-security
• awesome-embedded-fuzzing

---

Fuzzing Things

• OWASP Fuzzing Info
• Fuzzing_ICS_protocols
• Fuzzowski - the Network Protocol Fuzzer that we will want to use
• Fuzz Testing of Application Reliability
• FIRM-AFL : High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation
• Snipuzz : Black-box Fuzzing of IoT Firmware via Message Snippet Inference
• [fuzzing-iot-binaries] - part1 / part2
• Modern Vulnerability Research Techniques on Embedded Systems
• FuzzingPaper
• Exercises to learn how to fuzz with American Fuzzy Lop
• Broadcom and Cypress firmware emulation for fuzzing and further full-stack debugging
• Bluetooth experimentation framework for Broadcom and Cypress chips.
• Fuzzing Forum

---

FlipperZero

Custom firmwares

• Flipper Zero Unleashed Firmware : https://github.com/DarkFlippers/unleashed-firmware
• RogueMaster Flipper Zero Firmware : https://github.com/RogueMaster/flipperzero-firmware-wPlugins

Interesting research

• CVE-2022-40363 : Exploiting Flipper Zero’s NFC file loader

Flipperzero101

• Flipper Zero - Starter Guide
• A collection of Awesome resources for the Flipper Zero device.

Cool Hacks

• Flipper Zero - Starter Guide
• gaylord M FOCker - ready to pwn your MIFARE tags

---

ICS

• ICS-Security

---

Automotive

• Automotive-Security

---

Vulnerable IoT and Hardware Applications

• IoT : https://github.com/Vulcainreo/DVID

• Safe : https://insinuator.net/2016/01/damn-vulnerable-safe/

• IoT-vulhub : https://vulntotal-team.github.io/IoT-vulhub/#%E5%AE%89%E8%A3%85

• Router : https://github.com/praetorian-code/DVRF

• SCADA : https://www.slideshare.net/phdays/damn-vulnerable-chemical-process

• PI : https://whitedome.com.au/re4son/sticky-fingers-dv-pi/

• SS7 Network: https://www.blackhat.com/asia-17/arsenal.html#damn-vulnerable-ss7-network

• VoIP : https://www.vulnhub.com/entry/hacklab-vulnvoip,40/

• Hardware Hacking 101 : https://github.com/rdomanski/hardware_hacking

• RHME-2015 : https://github.com/Riscure/RHme-2015

• RHME-2016 : https://github.com/Riscure/Rhme-2016

• RHME-2017 : https://github.com/Riscure/Rhme-2017

• CTF For IoT And Embeddded

Awesome Hardware, IoT, Firmware, ARM, and Reverse Engineering CTFs and Platforms

Hardware CTFs

• BLE CTF - A framework focused on Bluetooth Low Energy security.
• Rhme-2016 - Riscure's hardware security competition for 2016.
• Rhme-2017 - Riscure's hardware security competition for 2017.

IoT CTFs

• IoTGoat - Deliberately insecure firmware based on OpenWrt for IoT security training.
• IoT Village CTF - A Capture The Flag event specifically focused on IoT security.
• IoTSec CTF - Offers IoT related challenges for continuous learning.

Firmware CTFs

• Damn Vulnerable ARM Router - A deliberately vulnerable ARM router for exploitation practice.
• Firmware Security Training & CTF - Firmware analysis tools and challenges by Router Analysis Toolkit.

ARM CTFs

• ARM-X CTF - A set of challenges focused on ARM exploitation.
• Azeria Labs ARM Challenges - Offers ARM assembly challenges and tutorials.

Reverse Engineering CTFs

• Microcorruption - Embedded security CTF focusing on lock systems.
• Pwnable.kr - Offers various reverse engineering challenges.

Platforms for Continuous Learning

• Hack The Box - Platform offering a range of challenges, including hardware and reverse engineering.
• Root Me - Platform with various types of challenges including hardware and reverse engineering.
• CTFtime - Lists various CTFs, including those in hardware, IoT, and firmware.

---

follow the people

• Jilles
• Joe Fitz
• Aseem Jakhar
• Cybergibbons
• Jasper
• Dave Jones
• bunnie
• Ilya Shaposhnikov
• Mark C.
• A-a-ron Guzman
• Yashin Mehaboobe
• Arun Magesh
• Mr-IoT
• QKaiser
• 9lyph

---

Blogs for IoT Pentest

• Exploitee.rs Website
• Jilles.com
• Syss Tech Blog
• Payatu Blog
• Raelize Blog
• JCJC Dev Blog
• W00tsec Blog
• Devttys0 Blog (Use Wayback Machine to check old blogs)
• Wrongbaud Blog
• Embedded Bits Blog
• RTL-SDR Blog
• Keenlab Blog
• Courk.cc
• IoT Security Wiki
• Cybergibbons Blog
• Firmware.RE
• K3170makan Blog
• Tclaverie Blog
• Besimaltinok Blog
• Ctrlu Blog
• IoT Pentest Blog
• Duo Decipher Blog
• Sp3ctr3 Blog
• 0x42424242.in Blog
• Dantheiotman Blog
• Danman Blog
• Quentinkaiser Blog
• Quarkslab Blog
• Ice9 Blog
• F-Secure Labs Blog
• MG.lol Blog
• CJHackerz Blog
• Bunnie's Blog
• IoT My Way Blog
• Synacktiv Publications
• Cr4.sh Blog
• Ktln2 Blog
• Naehrdine Blog
• Limited Results Blog
• Fail0verflow Blog
• Exploit Security Blog
• Attify Blog