A Collection for IoT Security Resources
- You are welcome to fork and contribute
Other Interesting Areas:
- 🌐 1. Network
- 🌐 2. Web (Front & Backend and Web services)
- 📱 3. Mobile App (Android & iOS)
- 📡 4. Wireless Connectivity (Zigbee, WiFi, Bluetooth, etc)
- 💽 5. Firmware Pentesting (Static and Dynamic analysis, OS of IoT Devices)
- 🛠️ 6. Hardware Hacking & Fault Injections & SCA Attacks
- 💾 7. Storage Medium
- 🔌 8. I/O Ports
- 👥 Community and Discussion Platforms
- 🎓 IoT and Hardware Security Trainings
- 🔍 Technical Research and Hacking
- 💻 Proof of Concepts: Known Device Vulnerabilities
- 📚 Books for IoT Penetration Testing
- 🖋️ Blogs for IoT Pentest
- 📋 Awesome Cheatsheets
- 🔍 Search Engines for Exposed IoT Devices Worldwide
- 🚩 CTF: Vulnerable IoT and Hardware Applications
- 📺 YouTube Channels for IoT Pentesting
- ⚒️ Exploitation Tools
- 🖥️ IoT Pentesting OSes
- 📘 IoT Vulnerabilities Checking Guides
- 🔬 IoT Labs
- 📖 Awesome IoT Pentesting Guides
- 🐛 Fuzzing Things
- 🏢 IoT Lab Setup Guide for Corporate/Individual
- 🔧 FlipperZero
- 🏘 Villages
- 🔍 Reverse Engineering Tools
- 💻 Online Assemblers
- 💪 ARM
- 🔨 Pentesting Firmwares: Emulating and Analyzing
- 🔬 Firmware Samples to Pentest
- 🔒 Secureboot
- 🔍 Binary Analysis
- 🔎 IoT Hardware Intro
- 🛠️ Required Hardware to Pentest IoT
- 🔌 Hardware Interfaces
- 🛠️ Side Channel Attacks & Glitching Attacks
- Subaru Head Unit Jailbreak
- Jeep Hack
- Dropcam Hacking
- Printer Hacking Live Sessions - Gamozo Labs
- LED Light Hacking
- PS4 Jailbreak – the current status
- Your Lenovo Watch X Is Watching You & Sharing What It Learns
- Your Smart Scale is Leaking More than Your Weight: Privacy Issues in IoT
- Besder 6024PB-XMA501 IP camera security analysis
- Smart Lock Vulnerabilities
- IoTSecurity101 Telegram
- IoTSecurity101 Reddit
- IoTSecurity101 Discord
- Hardware Hacking Telegram
- RFID Discord Group
- ICS Discord Group
- The Firmware Handbook (Embedded Technology) 1st Edition by Jack Ganssle
- Hardware Hacking: Have Fun while Voiding your Warranty 1st Edition
- Hacking the Xbox - An Introduction to Reverse Engineering HACKING THE XBOX by Andrew “bunnie” Huang
- Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure by Eric D. Knapp , Raj Samani
- The Art of Pcb Reverse Engineering: Unravelling the Beauty of the Original Design
- Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts 1st Edition, by Nitesh Dhanjani
- Inside Radio: An Attack and Defense Guide by Authors: Yang, Qing, Huang, Lin
- Pentest Hardware
- Gray Hat Hacking: The Ethical Hacker's Handbook, Fifth Edition 5th Edition by Daniel Regalado , Shon Harris , Allen Harper , Chris Eagle , Jonathan Ness , Branko Spasojevic , Ryan Linn , Stephen Sims
- Practical Hardware Pentesting
- The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks Front Cover Jasper van Woudenberg, Colin O'Flynn
- Practical IoT Hacking-The Definitive Guide to Attacking the Internet of Things by Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, Beau Woods
- Manual PCB-RE: The Essentials
- Practical Hardware Pentesting - Second Edition
- Blue Fox: Arm Assembly Internals & Reverse Engineering
- Fuzzing Against the Machine: Automate vulnerability research with emulated IoT devices on QEMU
- Hardware Security Training, Hands-on!
- Automotive Cybersecurity Engineering Handbook: The automotive engineer's roadmap to cyber-resilient vehicles Series
- Embedded Systems Security and TrustZone
- Joe Grand
- Liveoverflow
- Binary Adventure
- EEVBlog
- Craig Smith
- iotsecurity101
- Besim ALTINOK - IoT - Hardware - Wireless
- Ghidra Ninja
- Cyber Gibbons
- Scanline
- Aaron Christophel
- Valerio Di Giampietro
- Reflecting upon OWASP TOP-10 IoT Vulnerabilities
- OWASP IoT Top 10 2018 Mapping Project
- Hardware toolkits for IoT security analysis
- Sigint OS- LTE IMSI Catcher
- Instatn-gnuradio OS - For Radio Signals Testing
- Ubutnu Best Host Linux for IoT's - Use LTS
- Internet of Things - Penetration Testing OS v1
- Dragon OS - DEBIAN LINUX WITH PREINSTALLED OPEN SOURCE SDR SOFTWARE
- EmbedOS - Embedded security testing virtual machine
- Skywave Linux- Software Defined Radio for Global Online Listening
- A Small, Scalable Open Source RTOS for IoT Embedded Devices
- ICS - Controlthings.io
- AttifyOS - IoT Pentest OS - by Aditya Gupta
- Expliot - IoT Exploitation framework - by Aseemjakhar
- Routersploit (Exploitation Framework for Embedded Devices)
- IoTSecFuzz (comprehensive testing for IoT device)
- HomePwn - Swiss Army Knife for Pentesting of IoT Devices
- killerbee - Zigbee exploitation
- PRET - Printer Exploitation Toolkit
- HAL – The Hardware Analyzer
- FwAnalyzer (Firmware Analyzer)
- ISF(Industrial Security Exploitation Framework
- PENIOT: Penetration Testing Tool for IoT
- MQTT-PWN
- IDA Pro: An interactive disassembler that provides extensive information about binary code and is widely used for static analysis.
- GDB: The GNU Project Debugger allows you to see what is going on 'inside' another program while it executes or what another program was doing at the moment it crashed.
- Radare2: An open-source framework for reverse engineering and analyzing binaries; includes a disassembler for multiple architectures.
- Cutter: A Qt and C++ GUI for Radare2, aiming to provide a more user-friendly interface as well as additional features.
- Ghidra: A software reverse engineering suite of tools developed by NSA that includes a decompiler, assembler, disassembler, and other tools to analyze binaries.
- Binary Ninja: A reverse engineering platform that is an alternative to IDA Pro, with a focus on binary analysis for security research and reverse engineering.
- OllyDbg: An x86 debugger that emphasizes binary code analysis, which is useful for reverse engineering and finding security vulnerabilities.
- x64dbg: An open-source x64/x32 debugger for windows with a focus on plugin support and scriptability.
- Hopper: A reverse engineering tool for macOS and Linux that lets you disassemble, decompile and debug your applications.
- Immunity Debugger: A powerful debugger for analyzing malware and reverse engineering with an integrated Python scripting interface for automation.
- PEiD: A tool that detects most common packers, cryptors, and compilers for PE files and is useful for reverse engineering of malware.
- MQTT Broker Security - 101
- Hacking the IoT with MQTT
- Are Smart Homes Vulnerable to Hacking? -Servisnet Tessa - MQTT Credentials Dump (Unauthenticated) (Metasploit)
- Eclipse Mosquitto MQTT broker 2.0.9 - 'mosquitto' Unquoted Service Path
- IoT Security: RCE in MQTT Protocol
- Penetration testing of Sesame Smart door lock
- CVE-2020-13849: A vulnerability in MQTT protocol 3.1.1, allowing remote attackers to cause a denial of service. CVSS score: 7.5 (High).
- CVE-2023-3028: Involves insufficient authentication in MQTT backend, leading to potential data access and manipulation. CVSS score: 9.8 (Critical).
- CVE-2021-0229: Pertains to uncontrolled resource consumption in Juniper Networks Junos OS MQTT server. CVSS score: 5.3 (Medium).
- CVE-2019-5432: A malformed MQTT Subscribe packet can crash MQTT Brokers. CVSS score: 7.5 (High).
- Using IoT MQTT for V2V and Connected Car
- MQTT with Hardware Development Information
- IoT Live Demo: 100,000 Connected Cars with Kubernetes, Kafka, MQTT, TensorFlow
- A Guide to MQTT by Hacking a Doorbell to Send Push Notifications (Video)
- Understanding the MQTT Protocol Packet Structure
- Authenticating & Authorizing Devices Using MQTT with Auth0
- IoXY - MQTT Intercepting Proxy
- Mosquitto - An Open Source MQTT Broker
- HiveMQ
- MQTT Explorer
- Welcome to MQTT-PWN!
- WailingCrab Malware Evolves Using MQTT for Stealthier C2 Communication
- Alert: New WailingCrab Malware Loader
- MQTT on Snapcraft
- Complete course in Software Defined Radio (SDR) by Michael Ossmann
- SDR Notes - Radio IoT Protocols Overview
- Understanding Radio
- Introduction to Software Defined Radio
- Introduction Gnuradio companion
- Creating a flow graph in gunradiocompanion
- Analysing radio signals 433Mhz
- Recording specific radio signal
- Replay Attacks with raspberrypi -rpitx
- 5Ghoul - 5G NR Attacks & 5G OTA Fuzzing
- Introduction to GSM Security
- GSM Security 2
- vulnerabilities in GSM security with USRP B200
- Security Testing 4G (LTE) Networks
- Case Study of SS7/SIGTRAN Assessment
- Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP
- ss7MAPer – A SS7 pen testing toolkit
- Introduction to SIGTRAN and SIGTRAN Licensing
- SS7 Network Architecture
- Introduction to SS7 Signaling
- Breaking LTE on Layer Two
- Introduction and protocol Overview
- Hacking Zigbee Devices with Attify Zigbee Framework
- Hands-on with RZUSBstick
- ZigBee & Z-Wave Security Brief
- Hacking ZigBee Networks
- Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes
- Security Analysis of Zigbee Networks with Zigator and GNU Radio
- Low-Cost ZigBee Selective Jamming
- APIMOTE IEEE 802.15.4/ZIGBEE SNIFFING HARDWARE
- RaspBee-The Raspberry Pi Zigbee gateway
- USRP SDR 2
- ATUSB IEEE 802.15.4 USB Adapter
- nRF52840-Dongle
- btproxy
- hcitool & bluez
- Testing With GATT Tool
- crackle - Cracking encryption
- bettercap
- BtleJuice Bluetooth Smart Man-in-the-Middle framework
- gattacker
- BTLEjack Bluetooth Low Energy Swiss army knife
- bluing - An intelligence gathering tool for hacking Bluetooth
- DEDSEC-Bluetooth-exploit
- BrakTooth Proof of Concept-Blutooth Classic Attacks
- sweyntooth_bluetooth_low_energy_attacks Public
- esp32_bluetooth_classic_sniffer Public
- NRFCONNECT - 52840
- EDIMAX
- CSR 4.0
- ESP32 - Development and learning Bluetooth
- Ubertooth
- Sena 100
- ESP-WROVER-KIT-VB
- Blue2thprinting: Answering the Question of 'WTF am I even looking at?!'
- Open Wounds: The Last 5 Years Have Left Bluetooth to Bleed
- It Was Harder to Sniff Bluetooth Through My Mask During the Pandemic...
- Bluetooth vs BLE Basics
- Examining the August Smart Lock
- Finding Bugs in Bluetooth
- Intel Edison as Bluetooth LE — Exploit Box
- How I Reverse Engineered and Exploited a Smart Massager
- My Journey Towards Reverse Engineering a Smart Band — Bluetooth-LE RE
- Bluetooth Smartlocks
- I Hacked MiBand 3
- GATTacking Bluetooth Smart Devices
- Bluetooth Beacon Vulnerability
- Sweyntooth Vulnerabilities
- AIRDROP_LEAK - Sniffs BLE Traffic and Displays Status Messages from Apple Devices
- BRAKTOOTH: Causing Havoc on Bluetooth Link Manager
- Practical Introduction to BLE GATT Reverse Engineering: Hacking the Domyos EL500
- MojoBox - Yet Another Not So Smartlock
- Bluetooth-Hacking
- Bluetooth Forward and Future Secrecy Attacks and Defenses (BLUFFS) [CVE 2023-24023]
- Real Time Interception And Monitoring Of A DECT Cordless Telephone
- Eavesdropping On Unencrypted DECT Voice Traffic
- Decoding DECT Voice Traffic: In-depth Explanation
- Android App Reverse Engineering 101 - A comprehensive guide to reverse engineering Android applications.
- Android Application Pentesting Book - A detailed book on penetration testing techniques for Android devices.
- Android Pentest Video Course - TutorialsPoint - A series of video tutorials on Android penetration testing.
- Android Tamer - A Virtual/Live Platform for Android Security professionals, offering tools and environment for Android security.
- iOS Pentesting - A guide to penetration testing in iOS environments.
- OWASP Mobile Security Testing Guide - The Open Web Application Security Project's guide for mobile security testing, applicable to iOS.
- AZM Online Arm Assembler by Azeria
- Online Disassembler
- Compiler Explorer is an interactive online compiler which shows the assembly output of compiled C++, Rust, Go
- EMBA-An analyzer for embedded Linux firmware
- FACT-Firmware Analysis and Comparison Tool
- Binwalk
- Qiling
- fwanalyzer
- ByteSweep
- Firmwalker
- Checksec.sh
- QEMU
- Firmadyne
- Firmware Modification Kit
- Firmware analysis and reversing
- Reversing 101
- IoT Security Verification Standard (ISVS)
- OWASP Firmware Security Testing Methodology
- Firmware emulation with QEMU
- Reversing ESP8266 Firmware
- Emulating ARM Router Firmware
- Reversing Firmware With Radare
- Samsung Firmware Magic - Unpacking and Decrypting
- Qiling & Binary Emulation for automatic unpacking
- Reverse engineering with #Ghidra: Breaking an embedded firmware encryption scheme
- Simulating and hunting firmware vulnerabilities with Qiling
- IoT binary analysis & emulation part -1
- ross debugging for ARM / MIPS ELF with QEMU/toolchain
- Qemu + buildroot 101
- Reverse Engineering For Everyone!
- https://www.coalfire.com/the-coalfire-blog/reverse-engineering-and-patching-with-ghidra
- Part two: Reverse engineering and patching with Ghidra
- Automating binary vulnerability discovery with Ghidra and Semgrep
- Pwn the ESP32 Secure Boot
- Pwn the ESP32 Forever: Flash Encryption and Sec. Boot Keys Extraction
- Amlogic S905 SoC: bypassing the (not so) Secure Boot to dump the BootROM / Alternative Link
- Defeating Secure Boot with Symlink Attacks
- PS4 Aux Hax 5 & PSVR Secure Boot Hacking with Keys by Fail0verflow!
- Eclypsium Discovers Multiple Vulnerabilities Affecting 129 Dell Models Via Dell Remote OS Recovery And Firmware Update Capabilities
- Technical Advisory – U-Boot – Unchecked Download Size and Direction in USB DFU (CVE-2022-2347)
- Breaking Secure Boot on the Silicon Labs Gecko platform
Explore the world of EMMC hacking with these curated resources. Whether you're new to hardware hacking or an experienced practitioner, these links provide valuable insights into EMMC protocol, data recovery, and practical hacking techniques.
- EMMC Protocol
- RPMB, a secret place inside the eMMC
- Hardware Hacking 101: Identifying And Dumping EMMC Flash
- EMMC Data Recovery From Damaged Smartphone
- Another Bunch Of Articles For EMMC
- Unleash Your Smart-Home Devices: Vacuum Cleaning Robot Hacking
- Hands-On IoT Hacking: Rapid7 At DEF CON 30 IoT Village, Part 1
- Introduction to ATM Penetration Testing
- Pwning ATMs For Fun and Profit
- Jackpotting Automated Teller Machines Redux By Barnaby Jack
- Bus Pirate
- EEPROM reader/SOIC Cable
- Jtagulator/Jtagenum
- Logic Analyzer
- The Shikra
- FaceDancer21 (USB Emulator/USB Fuzzer)
- RfCat
- Hak5Gear- Hak5FieldKits
- Ultra-Mini Bluetooth CSR 4.0 USB Dongle Adapter
- Attify Badge - UART, JTAG, SPI, I2C (w/ headers)
- An Introduction to Hardware Hacking
- Serial Terminal Basics
- Reverse Engineering Serial Ports
- REVERSE ENGINEERING ARCHITECTURE AND PINOUT OF CUSTOM ASICS
- ChipWhisperer - Hardware attacks
- Hardware hacking tutorial: Dumping and reversing firmware
- Dumping the firmware From Router using BUSPIRATE - SPI Dump: A tutorial on how to use Bus Pirate, a universal bus interface, to dump firmware from a router via SPI
- How to Flash Chip of a Router With a Programmer
- Extracting Flash Memory over SPI
- Extracting Firmware from Embedded Devices (SPI NOR Flash)
- SPI-Blogs
- Reading FlashROMS - Youtube
- Identifying UART interface
- onewire-over-uart
- Accessing sensor via UART
- Using UART to connect to a chinese IP cam
- A journey into IoT – Hardware hacking: UART
- UARTBruteForcer
- UART Connections and Dynamic analysis on Linksys e1000
- Accessing and Dumping Firmware Through UART
- UART Exploiter
- HARDWARE HACKING 101: INTRODUCTION TO JTAG
- How To Find The JTAG Interface - Hardware Hacking Tutorial
- Buspirate JTAG Connections - Openocd
- Extracting Firmware from External Memory via JTAG
- Analyzing JTAG
- The hitchhacker’s guide to iPhone Lightning & JTAG hacking
- Introduction to TPM (Trusted Platform Module)
- Trusted platform module security defeated in 30 minutes, no soldering required
- Side channel attacks
- Attacks on Implementations of Secure Systems
- fuzzing, binary analysis, IoT security, and general exploitation
- Espressif ESP32: Bypassing Encrypted Secure Boot(CVE-2020-13629)
- Breaking AES with ChipWhisperer - Piece of scake (Side Channel Analysis 100)
- Researchers use Rowhammer bit flips to steal 2048-bit crypto key
-
NAND Glitching Attack - Gaining root access to a Wink Hub through NAND glitching.
-
Tutorial CW305-4 Voltage Glitching with Crowbars - Detailed tutorial on voltage glitching using crowbars.
-
Voltage Glitching Attack using SySS iCEstick Glitcher - A demonstration of a voltage glitching attack by SySS PentestTV.
-
Samy Kamkar - FPGA Glitching & Side Channel Attacks - Insights on FPGA glitching and side channel attacks from Samy Kamkar.
-
Hardware Power Glitch Attack - rhme2 Fiesta (FI 100) - A hardware power glitch attack demonstration by LiveOverflow.
-
Keys in flash - Glitching AES keys from an Arduino / ATmega - Extracting AES keys from an Arduino using glitching.
-
Implementing Practical Electrical Glitching Attacks - A guide on implementing electrical glitching attacks, presented at Black Hat Europe 2015.
-
How To Voltage Fault Injection - A comprehensive guide on voltage fault injection techniques.
- Shodan Pentesting Guide
- Car Hacking Practical Guide 101
- OWASP Firmware Security Testing Methodology
- Awesome-bluetooth-security
- awesome-embedded-fuzzing
- OWASP Fuzzing Info
- Fuzzing_ICS_protocols
- Fuzzowski - the Network Protocol Fuzzer that we will want to use
- Fuzz Testing of Application Reliability
- FIRM-AFL : High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation
- Snipuzz : Black-box Fuzzing of IoT Firmware via Message Snippet Inference
- [fuzzing-iot-binaries] - part1 / part2
- Modern Vulnerability Research Techniques on Embedded Systems
- FuzzingPaper
- Exercises to learn how to fuzz with American Fuzzy Lop
- Broadcom and Cypress firmware emulation for fuzzing and further full-stack debugging
- Bluetooth experimentation framework for Broadcom and Cypress chips.
- Fuzzing Forum
- CVE-2022-40363: Exploiting Flipper Zero’s NFC file loader
- IoT: DVID -
Deliberately vulnerable IoT device firmware for training and educational purposes.
- Safe: Damn Vulnerable Safe -
A physical safe designed to be vulnerable, intended for security training.
- IoT-vulhub: IoT-vulhub -
Collection of Dockerized vulnerable IoT applications for learning about IoT security.
- Router: DVRF -
Damn Vulnerable Router Firmware project for understanding router vulnerabilities.
- SCADA: Damn Vulnerable Chemical Process -
A presentation on a vulnerable SCADA system for learning purposes.
- PI: Sticky Fingers DV-Pi -
A vulnerable Raspberry Pi project for educational use.
- SS7 Network: Damn Vulnerable SS7 Network -
Demonstrates vulnerabilities in SS7 networks.
- VoIP: Hacklab VulnVoIP -
A vulnerable VoIP application for learning and training.
- Hardware Hacking 101: Hardware Hacking 101 -
A repository for learning the basics of hardware hacking.
- RHME-2015: RHme-2015 -
Archive of the RHme-2015 hardware hacking competition.
- RHME-2016: Rhme-2016 -
Archive of the RHme-2016 hardware hacking competition.
- RHME-2017: Rhme-2017 -
Archive of the RHme-2017 hardware hacking competition.
- BLE CTF - A framework focused on Bluetooth Low Energy security.
- Rhme-2016 - Riscure's hardware security competition for 2016.
- Rhme-2017 - Riscure's hardware security competition for 2017.
- IoTGoat - Deliberately insecure firmware based on OpenWrt for IoT security training.
- IoT Village CTF - A Capture The Flag event specifically focused on IoT security.
- IoTSec CTF - Offers IoT related challenges for continuous learning.
- Damn Vulnerable ARM Router - A deliberately vulnerable ARM router for exploitation practice.
- Firmware Security Training & CTF - Firmware analysis tools and challenges by Router Analysis Toolkit.
- ARM-X CTF - A set of challenges focused on ARM exploitation.
- Azeria Labs ARM Challenges - Offers ARM assembly challenges and tutorials.
- Microcorruption - Embedded security CTF focusing on lock systems.
- Pwnable.kr - Offers various reverse engineering challenges.
- Hack The Box - Platform offering a range of challenges, including hardware and reverse engineering.
- Root Me - Platform with various types of challenges including hardware and reverse engineering.
- CTFtime - Lists various CTFs, including those in hardware, IoT, and firmware.
- Jilles
- Joe Fitz
- Aseem Jakhar
- Cybergibbons
- Jasper
- Dave Jones
- bunnie
- Ilya Shaposhnikov
- Mark C.
- A-a-ron Guzman
- Yashin Mehaboobe
- Arun Magesh
- Mr-IoT
- QKaiser
- 9lyph
- Exploitee.rs Website
- Jilles.com
- Syss Tech Blog
- Payatu Blog
- Raelize Blog
- JCJC Dev Blog
- W00tsec Blog
- Devttys0 Blog (Use Wayback Machine for old blogs)
- Wrongbaud Blog
- Embedded Bits Blog
- RTL-SDR Blog
- Keenlab Blog
- Courk.cc
- IoT Security Wiki
- Cybergibbons Blog
- Firmware.RE
- K3170makan Blog
- Tclaverie Blog
- Besimaltinok Blog
- Ctrlu Blog
- IoT Pentest Blog
- Duo Decipher Blog
- Sp3ctr3 Blog
- 0x42424242.in Blog
- Dantheiotman Blog
- Danman Blog
- Quentinkaiser Blog
- Quarkslab Blog
- Ice9 Blog
- F-Secure Labs Blog
- MG.lol Blog
- CJHackerz Blog
- Bunnie's Blog
- Synacktiv Publications
- Cr4.sh Blog
- Ktln2 Blog
- Naehrdine Blog
- Limited Results Blog
- Fail0verflow Blog
- Exploit Security Blog
- Attify Blog