IoTSecurity101

IoT Security Guide

A curated collection of IoT security resources and guides

A Curated list of IoT Security Resources

GitHub

3k stars
114 watching
501 forks
last commit: 12 months ago
awesomeawesome-iotawesome-listawesome-listsembedded-devicesfirmwarefirmware-pentestinghardwarehardware-hackingiotiot-deviceiot-securitylinuxpentesting-guidesradio

Screenshot of V33RU/IoTSecurity101 website

v33ru.github.io/IoTSecurity101/

contribute 2,750 12 months ago You are welcome to fork and
ICS-Security 2,750 12 months ago
Automotive-Security 2,750 12 months ago

๐Ÿ› ๏ธ Approach Methodology / ๐Ÿ“‘ Contents Overview / ๐Ÿ›ก๏ธ IoT Security Information
๐Ÿข IoT Lab Setup Guide for Corporate/Individual

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / Technical Research and Hacking
Subaru Head Unit Jailbreak 558 about 5 years ago
Jeep Hack
Dropcam Hacking
Printer Hacking Live Sessions - Gamozo Labs
LED Light Hacking
PS4 Jailbreak โ€“ the current status
Your Lenovo Watch X Is Watching You & Sharing What It Learns
Your Smart Scale is Leaking More than Your Weight: Privacy Issues in IoT
Besder 6024PB-XMA501 IP camera security analysis 21 about 3 years ago
Smart Lock Vulnerabilities

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / Proof of Concepts known Device Vulnerabilities
IoT-Vuln-with CVE and PoC of tenda and dlink 22 over 1 year ago

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / Community and Discussion Platforms
IoTSecurity101 Telegram
IoTSecurity101 Reddit
IoTSecurity101 Discord
Hardware Hacking Telegram
RFID Discord Group
ICS Discord Group

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / IoT and Hardware Security Trainings
opensecuritytraining 2

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / Books for IoT Penetration Testing
The Firmware Handbook (Embedded Technology) 1st Edition by Jack Ganssle
Hardware Hacking: Have Fun while Voiding your Warranty 1st Edition
Linksys WRT54G Ultimate Hacking 1st Edition by Paul Asadoorian
Hacking the Xbox - An Introduction to Reverse Engineering HACKING THE XBOX by Andrew โ€œbunnieโ€ Huang
Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure by Eric D. Knapp , Raj Samani
Android Hacker's Handbook by Joshua J. Drake
The Art of Pcb Reverse Engineering: Unravelling the Beauty of the Original Design
Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts 1st Edition, by Nitesh Dhanjani
Learning Linux Binary Analysis By Ryan "elfmaster" O'Neill
Car hacker's handbook by Craig Smith
IoT Penetration Testing Cookbook By Aaron Guzman , Aditya Gupta
Inside Radio: An Attack and Defense Guide by Authors: Yang, Qing, Huang, Lin
Pentest Hardware 491 over 6 years ago
Gray Hat Hacking: The Ethical Hacker's Handbook, Fifth Edition 5th Edition by Daniel Regalado , Shon Harris , Allen Harper , Chris Eagle , Jonathan Ness , Branko Spasojevic , Ryan Linn , Stephen Sims
Practical Hardware Pentesting
The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks Front Cover Jasper van Woudenberg, Colin O'Flynn
Practical IoT Hacking-The Definitive Guide to Attacking the Internet of Things by Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, Beau Woods
Manual PCB-RE: The Essentials
PatrIoT: practical and agile threat research for IoT by Emre Sรผren
Practical Hardware Pentesting - Second Edition
Blue Fox: Arm Assembly Internals & Reverse Engineering
Fuzzing Against the Machine: Automate vulnerability research with emulated IoT devices on QEMU
Hardware Security Training, Hands-on!
Automotive Cybersecurity Engineering Handbook: The automotive engineer's roadmap to cyber-resilient vehicles Series
Embedded Systems Security and TrustZone
Microcontroller Exploits
Metasploit, 2nd Edition
Engineering Secure Devices
The Ultimate Hardware Hacking Gear Guide 182 over 1 year ago

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / Awesome CheatSheets
Hardware Hacking cheat sheet 147 over 1 year ago
Nmap 113 over 1 year ago

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / Search Engines for Internet-Connected Devices
Shodan
Censys
ZoomEye
BinaryEdge
Thingful
Wigle
Hunter.io
BuiltWith
NetDB
Recon-ng 4,183 about 1 year ago
PublicWWW

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / YouTube Channels for IoT Pentesting
Joe Grand
Liveoverflow
Binary Adventure
EEVBlog
Craig Smith
iotsecurity101
Besim ALTINOK - IoT - Hardware - Wireless
Ghidra Ninja
Cyber Gibbons
Scanline
Aaron Christophel
Valerio Di Giampietro

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / Vehicle Security Resources
https://github.com/jaredthecoder/awesome-vehicle-security 3,211 about 1 year ago

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / IoT Vulnerabilites Checking Guides
Reflecting upon OWASP TOP-10 IoT Vulnerabilities
OWASP IoT Top 10 2018 Mapping Project
Hardware toolkits for IoT security analysis

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / IoT Gateway Software
Webthings by Mozilla - RaspberryPi

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / IoT Pentesting OSes
Sigint OS- LTE IMSI Catcher
Instatn-gnuradio OS - For Radio Signals Testing 163 over 1 year ago
Ubutnu Best Host Linux for IoT's - Use LTS
Internet of Things - Penetration Testing OS v1
Dragon OS - DEBIAN LINUX WITH PREINSTALLED OPEN SOURCE SDR SOFTWARE
EmbedOS - Embedded security testing virtual machine 152 about 5 years ago
Skywave Linux- Software Defined Radio for Global Online Listening
A Small, Scalable Open Source RTOS for IoT Embedded Devices
ICS - Controlthings.io
AttifyOS - IoT Pentest OS - by Aditya Gupta 956 about 4 years ago

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / Exploitation Tools
Expliot - IoT Exploitation framework - by Aseemjakhar
Routersploit (Exploitation Framework for Embedded Devices) 12,253 about 1 year ago
IoTSecFuzz (comprehensive testing for IoT device)
HomePwn - Swiss Army Knife for Pentesting of IoT Devices 884 almost 3 years ago
killerbee - Zigbee exploitation 767 about 2 years ago
PRET - Printer Exploitation Toolkit 3,963 over 1 year ago
HAL โ€“ The Hardware Analyzer 631 11 months ago
FwAnalyzer (Firmware Analyzer) 496 about 2 years ago
ISF(Industrial Security Exploitation Framework 248 about 5 years ago
PENIOT: Penetration Testing Tool for IoT 211 over 3 years ago
MQTT-PWN 370 over 1 year ago

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / Reverse Engineering Tools
IDA Pro : An interactive disassembler that provides extensive information about binary code and is widely used for static analysis
GDB : The GNU Project Debugger allows you to see what is going on 'inside' another program while it executes or what another program was doing at the moment it crashed
Radare2 : An open-source framework for reverse engineering and analyzing binaries; includes a disassembler for multiple architectures
Cutter : A Qt and C++ GUI for Radare2, aiming to provide a more user-friendly interface as well as additional features
Ghidra : A software reverse engineering suite of tools developed by NSA that includes a decompiler, assembler, disassembler, and other tools to analyze binaries
Binary Ninja : A reverse engineering platform that is an alternative to IDA Pro, with a focus on binary analysis for security research and reverse engineering
OllyDbg : An x86 debugger that emphasizes binary code analysis, which is useful for reverse engineering and finding security vulnerabilities
x64dbg : An open-source x64/x32 debugger for windows with a focus on plugin support and scriptability
Hopper : A reverse engineering tool for macOS and Linux that lets you disassemble, decompile and debug your applications
Immunity Debugger : A powerful debugger for analyzing malware and reverse engineering with an integrated Python scripting interface for automation
PEiD : A tool that detects most common packers, cryptors, and compilers for PE files and is useful for reverse engineering of malware

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / Introduction
Introduction to IoT
IoT Architecture
IoT attack surface
IoT Protocols Overview

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / IoT Web and Message Services
Introduction to MQTT
MQTT Broker Security - 101
Hacking the IoT with MQTT
Are Smart Homes Vulnerable to Hacking?
Servisnet Tessa - MQTT Credentials Dump (Unauthenticated) (Metasploit)
Eclipse Mosquitto MQTT broker 2.0.9 - 'mosquitto' Unquoted Service Path
IoT Security: RCE in MQTT Protocol
Penetration testing of Sesame Smart door lock
CVE-2020-13849 : A vulnerability in MQTT protocol 3.1.1, allowing remote attackers to cause a denial of service. CVSS score: 7.5 (High)
CVE-2023-3028 : Involves insufficient authentication in MQTT backend, leading to potential data access and manipulation. CVSS score: 9.8 (Critical)
CVE-2021-0229 : Pertains to uncontrolled resource consumption in Juniper Networks Junos OS MQTT server. CVSS score: 5.3 (Medium)
CVE-2019-5432 : A malformed MQTT Subscribe packet can crash MQTT Brokers. CVSS score: 7.5 (High)
Using IoT MQTT for V2V and Connected Car
MQTT with Hardware Development Information
IoT Live Demo: 100,000 Connected Cars with Kubernetes, Kafka, MQTT, TensorFlow
Nmap MQTT Library
The Seven Best MQTT Client Tools
A Guide to MQTT by Hacking a Doorbell to Send Push Notifications (Video)
Understanding the MQTT Protocol Packet Structure
Authenticating & Authorizing Devices Using MQTT with Auth0
Deep Learning UDF for MQTT IoT Sensor Data Anomaly Detection 291 almost 2 years ago
IoXY - MQTT Intercepting Proxy
Mosquitto - An Open Source MQTT Broker
HiveMQ
MQTT Explorer
Welcome to MQTT-PWN!
WailingCrab Malware Evolves Using MQTT for Stealthier C2 Communication
Alert: New WailingCrab Malware Loader
MQTT on Snapcraft
Introduction
CoAP client Tools
CoAP Pentest Tools
Nmap - NSE for coap

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / RADIO HACKER QUICK START GUIDE
Complete course in Software Defined Radio (SDR) by Michael Ossmann
SDR Notes - Radio IoT Protocols Overview 160 almost 2 years ago
Understanding Radio
Introduction to Software Defined Radio
Introduction Gnuradio companion
Creating a flow graph in gunradiocompanion
Analysing radio signals 433Mhz
Recording specific radio signal
Replay Attacks with raspberrypi -rpitx

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / Cellular Hacking GSM BTS
Awesome-Cellular-Hacking 2,954 about 1 year ago
what is base tranceiver station
How to Build Your Own Rogue GSM BTS
5Ghoul - 5G NR Attacks & 5G OTA Fuzzing 526 about 1 year ago
Introduction to GSM Security
GSM Security 2
vulnerabilities in GSM security with USRP B200
Security Testing 4G (LTE) Networks
Case Study of SS7/SIGTRAN Assessment
Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP 103 almost 6 years ago
ss7MAPer โ€“ A SS7 pen testing toolkit
Introduction to SIGTRAN and SIGTRAN Licensing
SS7 Network Architecture
Introduction to SS7 Signaling
Breaking LTE on Layer Two
LTE Sniffer 1,815 about 1 year ago
Fake BTS Detector (SCL-8521)

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / NFC-RFID
List of RFID/NFC Security & Privacy talks 138 12 months ago

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / Zigbee ALL Stuff
Introduction and protocol Overview
Hacking Zigbee Devices with Attify Zigbee Framework
Hands-on with RZUSBstick
ZigBee & Z-Wave Security Brief
Hacking ZigBee Networks
Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes
Security Analysis of Zigbee Networks with Zigator and GNU Radio
Low-Cost ZigBee Selective Jamming
zigbear 27 almost 6 years ago
ZigDiggity 265 about 4 years ago
Zigator 29 over 2 years ago
Z3sec 109 almost 8 years ago
APIMOTE IEEE 802.15.4/ZIGBEE SNIFFING HARDWARE
RaspBee-The Raspberry Pi Zigbee gateway
USRP SDR 2
ATUSB IEEE 802.15.4 USB Adapter
nRF52840-Dongle

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / BLE Intro and SW-HW Tools to pentest
awesome-bluetooth-security 521 almost 2 years ago
BLE-NullBlr: Step By Step guide to BLE Understanding and Exploiting 8 about 6 years ago
Traffic Engineering in a Bluetooth Piconet (PDF)
BLE Characteristics: A Beginner's Tutorial
Bluing - An intelligence gathering tool for hacking Bluetooth 768 over 2 years ago
btproxy 516 over 5 years ago
hcitool & bluez
Testing With GATT Tool
crackle - Cracking encryption 849 about 4 years ago
bettercap 16,919 12 months ago
BtleJuice Bluetooth Smart Man-in-the-Middle framework 754 about 7 years ago
gattacker 715 almost 4 years ago
BTLEjack Bluetooth Low Energy Swiss army knife 1,932 over 1 year ago
DEDSEC-Bluetooth-exploit 32 over 1 year ago
BrakTooth Proof of Concept-Blutooth Classic Attacks 454 about 1 year ago
sweyntooth_bluetooth_low_energy_attacks Public 285 almost 4 years ago
esp32_bluetooth_classic_sniffer Public 514 over 2 years ago
NRFCONNECT - 52840
EDIMAX
CSR 4.0
ESP32 - Development and learning Bluetooth
Ubertooth 1,956 almost 2 years ago
Sena 100
ESP-WROVER-KIT-VB
Blue2thprinting: Answering the Question of 'WTF am I even looking at?!'
Open Wounds: The Last 5 Years Have Left Bluetooth to Bleed
It Was Harder to Sniff Bluetooth Through My Mask During the Pandemic...
Bluetooth vs BLE Basics 8 about 6 years ago
Examining the August Smart Lock
Finding Bugs in Bluetooth
Intel Edison as Bluetooth LE โ€” Exploit Box
How I Reverse Engineered and Exploited a Smart Massager
My Journey Towards Reverse Engineering a Smart Band โ€” Bluetooth-LE RE
Bluetooth Smartlocks
I Hacked MiBand 3
GATTacking Bluetooth Smart Devices
Bluetooth Beacon Vulnerability
Sweyntooth Vulnerabilities
AIRDROP_LEAK - Sniffs BLE Traffic and Displays Status Messages from Apple Devices 2,101 about 2 years ago
BRAKTOOTH: Causing Havoc on Bluetooth Link Manager
Practical Introduction to BLE GATT Reverse Engineering: Hacking the Domyos EL500
MojoBox - Yet Another Not So Smartlock
Bluetooth-Hacking 135 over 1 year ago
Bluetooth Forward and Future Secrecy Attacks and Defenses (BLUFFS) [CVE 2023-24023] 500 almost 2 years ago

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / DECT (Digital Enhanced Cordless Telecommunications)
Real Time Interception And Monitoring Of A DECT Cordless Telephone
Eavesdropping On Unencrypted DECT Voice Traffic
Decoding DECT Voice Traffic: In-depth Explanation

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / Mobile security (Android & iOS)
Android App Reverse Engineering 101 A comprehensive guide to reverse engineering Android applications
Android Application Pentesting Book A detailed book on penetration testing techniques for Android devices
Android Pentest Video Course - TutorialsPoint A series of video tutorials on Android penetration testing
Android Tamer A Virtual/Live Platform for Android Security professionals, offering tools and environment for Android security
iOS Pentesting A guide to penetration testing in iOS environments
OWASP Mobile Security Testing Guide The Open Web Application Security Project's guide for mobile security testing, applicable to iOS

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / Villages
Payment Villages
ICS Village
IoT Villages
RF hackers
Car Hacking Village

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / Online Assemblers
AZM Online Arm Assembler by Azeria
Online Disassembler
Compiler Explorer is an interactive online compiler which shows the assembly output of compiled C++, Rust, Go

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / ARM
Azeria Labs
ARM EXPLOITATION FOR IoT
Damn Vulnerable ARM Router (DVAR)
EXPLOIT.EDUCATION

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / Pentesting Firmwares and emulating and analyzing
EMBA-An analyzer for embedded Linux firmware
FACT-Firmware Analysis and Comparison Tool 1,260 11 months ago
Binwalk-v3 11,530 11 months ago
fwhunt-scanner-Tools for analyzing UEFI firmware and checking UEFI modules with FwHunt rules 216 about 1 year ago
Qiling 5,208 12 months ago
fwanalyzer 496 about 2 years ago
ByteSweep
Firmwalker 1,073 about 2 years ago
Checksec.sh 2,061 11 months ago
QEMU
Firmadyne 1,842 over 1 year ago
Firmware Modification Kit
Firmware analysis and reversing
Reversing 101
IoT Security Verification Standard (ISVS) 137 almost 3 years ago
OWASP Firmware Security Testing Methodology
Firmware emulation with QEMU
Reversing ESP8266 Firmware
Emulating ARM Router Firmware
Reversing Firmware With Radare
Samsung Firmware Magic - Unpacking and Decrypting 212 over 4 years ago
Qiling & Binary Emulation for automatic unpacking
Reverse engineering with #Ghidra: Breaking an embedded firmware encryption scheme
Simulating and hunting firmware vulnerabilities with Qiling
Using Symbolic Execution to Detect UEFI Firmware Vulnerabilities
Binarly Finds Six High Severity Firmware Vulnerabilities in HP Enterprise Devices
Emulating and Exploiting UEFI Firmware
IoT binary analysis & emulation part -1
ross debugging for ARM / MIPS ELF with QEMU/toolchain
Qemu + buildroot 101
Emulating IoT Firmware Made Easy: Start Hacking Without the Physical Device
Adaptive Emulation Framework for Multi-Architecture IoT Firmware Testing
Automatic Firmware Emulation through Invalidity-guided Knowledge Inference
Debugging D-Link: Emulating firmware and hacking hardware

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / Firmware samples to pentest
Download From here by firmware.center

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / Binary Analysis
Reverse Engineering For Everyone!
https://www.coalfire.com/the-coalfire-blog/reverse-engineering-and-patching-with-ghidra
Part two: Reverse engineering and patching with Ghidra
Automating binary vulnerability discovery with Ghidra and Semgrep
Zip Slip Vulnerability

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / Secureboot
Writing a Bootloader
Pwn the ESP32 Secure Boot
Pwn the ESP32 Forever: Flash Encryption and Sec. Boot Keys Extraction
Amlogic S905 SoC: bypassing the (not so) Secure Boot to dump the BootROM /
Defeating Secure Boot with Symlink Attacks
PS4 Aux Hax 5 & PSVR Secure Boot Hacking with Keys by Fail0verflow!
Eclypsium Discovers Multiple Vulnerabilities Affecting 129 Dell Models Via Dell Remote OS Recovery And Firmware Update Capabilities
Technical Advisory โ€“ U-Boot โ€“ Unchecked Download Size and Direction in USB DFU (CVE-2022-2347)
Breaking Secure Boot on the Silicon Labs Gecko platform

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / Storage Medium
EMMC Protocol
RPMB, a secret place inside the eMMC
Hardware Hacking 101: Identifying And Dumping EMMC Flash
EMMC Data Recovery From Damaged Smartphone
Another Bunch Of Articles For EMMC
Unleash Your Smart-Home Devices: Vacuum Cleaning Robot Hacking
Hands-On IoT Hacking: Rapid7 At DEF CON 30 IoT Village, Part 1

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / Payment Device Security
Introduction to ATM Penetration Testing
Pwning ATMs For Fun and Profit
Jackpotting Automated Teller Machines Redux By Barnaby Jack

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / IoT hardware Overview and Hacking
IoT Hardware Guide
Intro To Hardware Hacking - Dumping Your First Firmware
Bus Pirate
EEPROM reader/SOIC Cable
Jtagulator/Jtagenum
Logic Analyzer
The Shikra
FaceDancer21 (USB Emulator/USB Fuzzer)
RfCat
Hak5Gear- Hak5FieldKits
Ultra-Mini Bluetooth CSR 4.0 USB Dongle Adapter
Attify Badge - UART, JTAG, SPI, I2C (w/ headers)
An Introduction to Hardware Hacking
Serial Terminal Basics
Reverse Engineering Serial Ports
REVERSE ENGINEERING ARCHITECTURE AND PINOUT OF CUSTOM ASICS
ChipWhisperer - Hardware attacks
Hardware hacking tutorial: Dumping and reversing firmware
Dumping the firmware From Router using BUSPIRATE - SPI Dump
TPM 2.0: Extracting Bitlocker keys through SPI
How to Flash Chip of a Router With a Programmer
Extracting Flash Memory over SPI
Extracting Firmware from Embedded Devices (SPI NOR Flash)
SPI-Blogs
Reading FlashROMS - Youtube
Intro to Embedded RE: UART Discovery and Firmware Extraction via UBoot
Router Analysis Part 1: UART Discovery and SPI Flash Extraction
Identifying UART interface
onewire-over-uart 155 over 8 years ago
Accessing sensor via UART
Using UART to connect to a chinese IP cam
A journey into IoT โ€“ Hardware hacking: UART
UARTBruteForcer 16 almost 10 years ago
UART Connections and Dynamic analysis on Linksys e1000
Accessing and Dumping Firmware Through UART
UART Exploiter 5 over 2 years ago
HARDWARE HACKING 101: INTRODUCTION TO JTAG
How To Find The JTAG Interface - Hardware Hacking Tutorial
Buspirate JTAG Connections - Openocd
Extracting Firmware from External Memory via JTAG
Analyzing JTAG
The hitchhackerโ€™s guide to iPhone Lightning & JTAG hacking
Debugging 8-bit AVRยฎ microcontrollers trhough JTAG and AVR-gdb
Introduction to TPM (Trusted Platform Module)
Trusted platform module security defeated in 30 minutes, no soldering required
Side channel attacks
Attacks on Implementations of Secure Systems 227 11 months ago
fuzzing, binary analysis, IoT security, and general exploitation 1,240 about 1 year ago
Espressif ESP32: Bypassing Encrypted Secure Boot(CVE-2020-13629)
Breaking AES with ChipWhisperer - Piece of scake (Side Channel Analysis 100)
Researchers use Rowhammer bit flips to steal 2048-bit crypto key

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / Awesome IoT Pentesting Guides
Shodan Pentesting Guide
Car Hacking Practical Guide 101
OWASP Firmware Security Testing Methodology
Awesome-bluetooth-security 521 almost 2 years ago
awesome-embedded-fuzzing 36 over 3 years ago

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / Fuzzing Things
OWASP Fuzzing Info
Fuzzing_ICS_protocols
Fuzzowski - the Network Protocol Fuzzer that we will want to use
Fuzz Testing of Application Reliability
FIRM-AFL : High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation
Snipuzz : Black-box Fuzzing of IoT Firmware via Message Snippet Inference
part1 [fuzzing-iot-binaries] - /
Modern Vulnerability Research Techniques on Embedded Systems
FuzzingPaper 2,498 12 months ago
Exercises to learn how to fuzz with American Fuzzy Lop 1,233 about 3 years ago
Broadcom and Cypress firmware emulation for fuzzing and further full-stack debugging 439 almost 2 years ago
Bluetooth experimentation framework for Broadcom and Cypress chips. 694 about 1 year ago
Fuzzing Forum 3,545 about 1 year ago

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / FlipperZero
Flipper Zero Unleashed Firmware 17,871 11 months ago
RogueMaster Flipper Zero Firmware 5,367 11 months ago
Exploiting Flipper Zeroโ€™s NFC file loader CVE-2022-40363:
Flipper Zero - Starter Guide (YouTube)
Awesome Resources for Flipper Zero 19,227 about 1 year ago
Gaylord M FOCker - Pwn MIFARE Tags

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / ICS
ICS-Security 2,750 12 months ago

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / Automotive
Automotive-Security 2,750 12 months ago

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / Vulnerable IoT and Hardware Applications
DVID 192 over 1 year ago IoT: -
Damn Vulnerable Safe Safe: -
IoT-vulhub IoT-vulhub: -
DVRF 675 over 4 years ago Router: -
Damn Vulnerable Chemical Process SCADA: -
Sticky Fingers DV-Pi PI: -
Damn Vulnerable SS7 Network SS7 Network: -
Hacklab VulnVoIP VoIP: -
Hardware Hacking 101 47 over 6 years ago Hardware Hacking 101: -
RHme-2015 0 about 1 year ago RHME-2015: -
Rhme-2016 2 about 1 year ago RHME-2016: -
Rhme-2017 0 about 1 year ago RHME-2017: -

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / CTF For IoT And Embeddded
BLE CTF 679 over 1 year ago A framework focused on Bluetooth Low Energy security
Rhme-2016 2 about 1 year ago Riscure's hardware security competition for 2016
Rhme-2017 0 about 1 year ago Riscure's hardware security competition for 2017
IoTGoat 181 over 5 years ago Deliberately insecure firmware based on OpenWrt for IoT security training
IoT Village CTF A Capture The Flag event specifically focused on IoT security
IoTSec CTF Offers IoT related challenges for continuous learning
Emulate to Exploitate
Damn Vulnerable ARM Router A deliberately vulnerable ARM router for exploitation practice
Firmware Security Training & CTF Firmware analysis tools and challenges by Router Analysis Toolkit
ARM-X CTF 699 11 months ago A set of challenges focused on ARM exploitation
Azeria Labs ARM Challenges Offers ARM assembly challenges and tutorials
Microcorruption Embedded security CTF focusing on lock systems
Pwnable.kr Offers various reverse engineering challenges
Hack The Box Platform offering a range of challenges, including hardware and reverse engineering
Root Me Platform with various types of challenges including hardware and reverse engineering
CTFtime Lists various CTFs, including those in hardware, IoT, and firmware

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / follow the people
Jilles
Joe Fitz
Aseem Jakhar
Cybergibbons
Jasper
Dave Jones
bunnie
Ilya Shaposhnikov
Mark C.
A-a-ron Guzman
Yashin Mehaboobe
Arun Magesh
Mr-IoT
QKaiser
9lyph

๐Ÿ› ๏ธ Approach Methodology / Specific Topics in IoT Security / Blogs for IoT Pentest
Team82 Research
wrongbaud
Firmware Analysis
voidstarsec
Exploitee.rs Website
Jilles.com
Syss Tech Blog
Payatu Blog
Raelize Blog
JCJC Dev Blog
W00tsec Blog
Devttys0 Blog (Use Wayback Machine for old blogs)
Wrongbaud Blog
Embedded Bits Blog
RTL-SDR Blog
Keenlab Blog
Courk.cc
IoT Security Wiki
Cybergibbons Blog
Firmware.RE
K3170makan Blog
Tclaverie Blog
Besimaltinok Blog
Ctrlu Blog
IoT Pentest Blog
Duo Decipher Blog
Sp3ctr3 Blog
0x42424242.in Blog
Dantheiotman Blog
Danman Blog
Quentinkaiser Blog
Quarkslab Blog
Ice9 Blog
F-Secure Labs Blog
MG.lol Blog
CJHackerz Blog
Bunnie's Blog
Synacktiv Publications
Cr4.sh Blog
Ktln2 Blog
Naehrdine Blog
Limited Results Blog
Fail0verflow Blog
Exploit Security Blog
Attify Blog