books/awesome-connected-things-sec
1
0
Fork 0
mirror of https://github.com/V33RU/awesome-connected-things-sec.git synced 2026-04-10 12:33:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
fca5ea234c4e8d9c2e133cb97a30768835eb2699
awesome-connected-things-sec/README.md
Veerababu Penugonda(Mr-IoT) fca5ea234c Update README.md
2018-09-25 13:11:34 +05:30

196 lines
10 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# IoT Pentesting 101 && IoT security 101
Approach Methodology
1. Network
2. Web (Front & Backend and Web services)
3. Mobile App(Android & iOS)
4. Wireless Connectivity
5. Firmware Pentesting(Hardware or IoT device OS)
6. Hardware Level Approach
## Contents
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
### Telegram group for IoT Security
- https://t.me/iotsecurity1011
### Books
- [Android Hacker's Handbook](https://www.amazon.in/Android-Hackers-Handbook-MISL-WILEY-Joshua/dp/812654922X)
- [Hacking the Xbox](https://www.nostarch.com/xboxfree)
- [Car hacker's handbook](http://opengarages.org/handbook)
- [IoT Penetration Testing Cookbook](https://www.packtpub.com/networking-and-servers/iot-penetration-testing-cookbook)
- [Abusing the Internet of Things](https://www.amazon.in/Abusing-Internet-Things-Blackouts-Freakouts-ebook/dp/B013VQ7N36)
- [Hardware Hacking: Have Fun while Voiding your Warranty](https://www.elsevier.com/books/hardware-hacking/grand/978-1-932266-83-2)
- [Linksys WRT54G Ultimate Hacking](https://www.amazon.com/Linksys-WRT54G-Ultimate-Hacking-Asadoorian/dp/1597491667)
- [Linux Binary Analysis](https://www.packtpub.com/networking-and-servers/learning-linux-binary-analysis)
- [Firmware](https://www.amazon.com/Firmware-Handbook-Embedded-Technology/dp/075067606X)
-
### Blogs for iotpentest
1. http://iotpentest.com/
2. https://blog.attify.com
3. https://payatu.com/blog/
4. http://jcjc-dev.com/
5. https://w00tsec.blogspot.in/
6. http://www.devttys0.com/
7. https://www.rtl-sdr.com/
8. https://keenlab.tencent.com/en/
9. https://courk.cc/
10. https://iotsecuritywiki.com/
11. https://cybergibbons.com/
12. http://firmware.re/
### CTF For IoT's And Embeddded
1. https://github.com/hackgnar/ble_ctf
2. https://www.microcorruption.com/
3. https://github.com/Riscure/Rhme-2016
4. https://github.com/Riscure/Rhme-2017
### YouTube Channels for Embedded hacking
1. [Liveoverflow](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w)
2. [Binary Adventure](https://www.youtube.com/channel/UCSLlgiYtOXZnYPba_W4bHqQ)
3. [EEVBlog](https://www.youtube.com/user/EEVblog)
4. [JackkTutorials](https://www.youtube.com/channel/UC64x_rKHxY113KMWmprLBPA)
5. [Craig Smith](https://www.youtube.com/channel/UCxC8G4Oeed4N0-GVeDdFoSA)
### IoT security vulnerabilites checking guides
- [Reflecting upon OWASP TOP-10 IoT Vulnerabilities](https://embedi.com/blog/reflecting-upon-owasp-top-10-iot-vulnerabilities/)
### Exploitation Tools & OS
- [Expliot - IoT Exploitation framework - by Aseemjakhar](https://gitlab.com/expliot_framework/expliot)
- [AttifyOS - IoT Pentest OS - by Aditya Gupta](https://github.com/adi0x90/attifyos)
- [Ubutnu Best Host Linux for IoT's - Use LTS](https://www.ubuntu.com/)
- [A Small, Scalable Open Source RTOS for IoT Embedded Devices](https://www.zephyrproject.org/)
- [Skywave Linux- Software Defined Radio for Global Online Listening](https://skywavelinux.com/)
- [Routersploit (Exploitation Framework for Embedded Devices)](https://github.com/threat9/routersploit)
### Reverse Enginnering Tools
- [IDA Pro](https://www.youtube.com/watch?v=fgMl0Uqiey8)
- [GDB](https://www.youtube.com/watch?v=fgMl0Uqiey8)
- [Radare2](https://radare.gitbooks.io/radare2book/content/)
### Introduction
- [Introduction to IoT](https://en.wikipedia.org/wiki/Internet_of_things)
- [IoT Architecture](https://www.c-sharpcorner.com/UploadFile/f88748/internet-of-things-part-2/)
- [IoT attack surface](https://www.owasp.org/index.php/IoT_Attack_Surface_Areas)
- [IoT Protocols Overview](https://www.postscapes.com/internet-of-things-protocols/)
### IoT Protocols Pentesting
#### MQTT
- [Introduction](https://www.hivemq.com/blog/mqtt-essentials-part-1-introducing-mqtt)
- [Hacking the IoT with MQTT](https://morphuslabs.com/hacking-the-iot-with-mqtt-8edaf0d07b9b)
- [thoughts about using IoT MQTT for V2V and Connected Car from CES 2014](https://mobilebit.wordpress.com/tag/mqtt/)
- [Nmap](https://nmap.org/nsedoc/lib/mqtt.html)
- [The Seven Best MQTT Client Tools](https://www.hivemq.com/blog/seven-best-mqtt-client-tools)
- [A Guide to MQTT by Hacking a Doorbell to send Push Notifications](https://youtu.be/J_BAXVSVPVI)
#### CoAP
- [Introduction](http://coap.technology/)
- [CoAP client Tools](http://coap.technology/tools.html)
- [CoAP Pentest Tools](https://bitbucket.org/aseemjakhar/expliot_framework)
- [Nmap](https://nmap.org/nsedoc/lib/coap.html)
#### Automobile
CanBus
- [Introduction and protocol Overview](https://www.youtube.com/watch?v=FqLDpHsxvf8)
- [PENTESTING VEHICLES WITH CANTOOLZ](https://www.blackhat.com/docs/eu-16/materials/eu-16-Sintsov-Pen-Testing-Vehicles-With-Cantoolz.pdf)
- [Building a Car Hacking Development Workbench: Part1](https://blog.rapid7.com/2017/07/11/building-a-car-hacking-development-workbench-part-1/)
- [CANToolz - Black-box CAN network analysis framework](https://github.com/CANToolz/CANToolz)
#### Radio IoT Protocols Overview
- [Understanding Radio](https://www.taitradioacademy.com/lessons/introduction-to-radio-communications-principals/)
- [Signal Processing]()
- [Software Defined Radio](https://www.allaboutcircuits.com/technical-articles/introduction-to-software-defined-radio/)
- [Gnuradio](https://wiki.gnuradio.org/index.php/Guided_Tutorial_GRC#Tutorial:_GNU_Radio_Companion)
- [Creating a flow graph](https://blog.didierstevens.com/2017/09/19/quickpost-creating-a-simple-flow-graph-with-gnu-radio-companion/)
- [Analysing radio signals](https://www.rtl-sdr.com/analyzing-433-mhz-transmitters-rtl-sdr/)
- [Recording specific radio signal](https://www.rtl-sdr.com/freqwatch-rtl-sdr-frequency-scanner-recorder/)
- [Replay Attacks](https://www.rtl-sdr.com/tutorial-replay-attacks-with-an-rtl-sdr-raspberry-pi-and-rpitx/)
#### Base transceiver station (BTS)
- [what is base tranceiver station](https://en.wikipedia.org/wiki/Base_transceiver_station)
- [How to Build Your Own Rogue GSM BTS](https://www.evilsocket.net/2016/03/31/how-to-build-your-own-rogue-gsm-bts-for-fun-and-profit/)
#### GSM & SS7 Pentesting
- [Introduction to GSM Security](http://www.pentestingexperts.com/introduction-to-gsm-security/)
- [GSM Security 2 ](https://www.ehacking.net/2011/02/gsm-security-2.html)
- [vulnerabilities in GSM security with USRP B200](https://ieeexplore.ieee.org/document/7581461/)
- [Security Testing 4G (LTE) Networks](https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-44con-lte-presentation-2012-09-11.pdf)
- [Case Study of SS7/SIGTRAN Assessment](https://nullcon.net/website/archives/pdf/goa-2017/case-study-of-SS7-sigtran.pdf)
- [Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP](https://github.com/SigPloiter/SigPloit)
- [ss7MAPer A SS7 pen testing toolkit](https://n0where.net/ss7-pentesting-toolkit-ss7maper)
- [Introduction to SIGTRAN and SIGTRAN Licensing](https://www.youtube.com/watch?v=XUY6pyoRKsg)
- [SS7 Network Architecture](https://youtu.be/pg47dDUL1T0)
- [Introduction to SS7 Signaling](https://www.patton.com/whitepapers/Intro_to_SS7_Tutorial.pdf)
#### Zigbee & Zwave
- [Introduction and protocol Overview](http://www.informit.com/articles/article.aspx?p=1409785)
- [Hacking Zigbee Devices with Attify Zigbee Framework](https://blog.attify.com/hack-iot-devices-zigbee-sniffing-exploitation/)
- [Hands-on with RZUSBstick](https://uk.rs-online.com/web/p/radio-frequency-development-kits/6962415/)
- [ZigBee & Z-Wave Security Brief](http://www.riverloopsecurity.com/blog/2018/05/zigbee-zwave-part1/)
#### BLE
- [Traffic Engineering in a Bluetooth Piconet](http://www.diva-portal.org/smash/get/diva2:833159/FULLTEXT01.pdf)
- [BLE Characteristics](https://devzone.nordicsemi.com/tutorials/b/bluetooth-low-energy/posts/ble-characteristics-a-beginners-tutorial0)
Reconnaissance (Active and Passive) with HCI Tools
- [btproxy](https://github.com/conorpp/btproxy)
- [hcitool & bluez](https://www.pcsuggest.com/linux-bluetooth-setup-hcitool-bluez)
- [Testing With GATT Tool](https://www.jaredwolff.com/blog/get-started-with-bluetooth-low-energy/)
- [Cracking encryption](https://github.com/mikeryan/crackle)
#### Mobile security (Android & iOS)
- [Android](https://www.packtpub.com/hardware-and-creative/learning-pentesting-android-devices)
- [Android Pentest Video Course](https://www.youtube.com/watch?v=zHknRia3I6s&list=PLWPirh4EWFpESLreb04c4eZoCvJQJrC6H)
- [IOS Pentesting](https://web.securityinnovation.com/hubfs/iOS%20Hacking%20Guide.pdf?)
#### ARM
- [Azeria Labs](https://azeria-labs.com/)
- [ARM EXPLOITATION FOR IoT](https://www.exploit-db.com/docs/english/43906-arm-exploitation-for-iot.pdf)
#### Firmware Pentest
- [Firmware analysis and reversing](https://www.youtube.com/watch?v=G0NNBloGIvs)
- [Firmware emulation with QEMU](https://www.youtube.com/watch?v=G0NNBloGIvs)
- [Dumping Firmware using Buspirate](http://iotpentest.com/tag/pulling-firmware/)
### IoT hardware Overview
- [IoT Hardware Guide](https://www.postscapes.com/internet-of-things-hardware/)
#### Hardware Gadgets to pentest
- [Bus Pirate](https://www.sparkfun.com/products/12942)
- [EEPROM readers](https://www.ebay.com/bhp/eeprom-reader)
- [Jtagulator / Jtagenum](https://www.adafruit.com/product/1550)
- [Logic Analyzer](https://www.saleae.com/)
- [The Shikra](https://int3.cc/products/the-shikra)
- [FaceDancer21 (USB Emulator/USB Fuzzer)](https://int3.cc/products/facedancer21)
- [RfCat](https://int3.cc/products/rfcat)
- [IoT Exploitation Learning Kit](https://www.attify.com/attify-store/iot-exploitation-learning-kit)
- [Hak5Gear- Hak5FieldKits](https://hakshop.com/)
- [Ultra-Mini Bluetooth CSR 4.0 USB Dongle Adapter](https://www.ebay.in/itm/Ultra-Mini-Bluetooth-CSR-4-0-USB-Dongle-Adapter-Black-Golden-with-2-yr-wrnty-/332302813975)
- [Attify Badge - UART, JTAG, SPI, I2C (w/ headers)](https://www.attify-store.com/products/attify-badge-assess-security-of-iot-devices)
#### Attacking Hardware Interfaces
- [Serial Terminal Basics](https://learn.sparkfun.com/tutorials/terminal-basics/all)
- [Reverse Engineering Serial Ports](http://www.devttys0.com/2012/11/reverse-engineering-serial-ports/)
#### UART
- [Identifying UART interface](https://www.mikroe.com/blog/uart-serial-communication)
- [onewire-over-uart](https://github.com/dword1511/onewire-over-uart)
- [Accessing sensor via UART](http://home.wlu.edu/~levys/courses/csci250s2017/SensorsSignalsSerialSockets.pdf)
#### JTAG
- [Identifying JTAG interface](https://blog.senr.io/blog/jtag-explained)
- [NAND Glitching Attack](http://www.brettlischalk.com/posts/nand-glitching-wink-hub-for-root)
Reference in New Issue View Git Blame Copy Permalink