-
A Collection for IoT Security Resources
-
You are welcome to fork and contribute
-
Other Interesting Areas
- 🌐 1. Network
- 🌐 2. Web (Front & Backend and Web services)
- 📱 3. Mobile App (Android & iOS)
- 📡 4. Wireless Connectivity (Zigbee, WiFi, Bluetooth, etc)
- 💽 5. Firmware Pentesting (OS of IoT Devices)
- 🛠️ 6. Hardware Hacking & Fault Injections & SCA Attacks
- 💾 7. Storage Medium
- 🔌 8. I/O Ports
-
🛡️ IoT Security information
- 👥 IoT Security Chat groups
- 🎓 IoT and Hardware Security Trainings
- 📚 Books
- 🖋️ Blogs
- 📋 Cheatsheets
- 🔍 Search Engines
- 🚩 CTF
- 📺 Youtube
- ⚒️ Exploitation Tools
- 🖥️ IoT Pentesting OSes
- 📘 IoT Vulnerabilities Checking Guides
- 🔬 IoT Labs
- 📖 Awesome IoT Pentesting Guides
- 🐛 Fuzzing Things
- 🏢 IoT Lab Setup guide for corporate/individual
- 🔧 FlipperZero
-
🌐 Network
-
🌐 Web IoT Message Protocols
-
📱 Mobile app
-
📡 Wireless Protocols
-
💽 Firmware
-
🛠️ Hardware
-
💾 Storage Medium
-
💳 Payment Security
- Exploitee.rs Blog
- Exploitee.rs Website
- Exploitee.rs Forum
- Your Lenovo Watch X Is Watching You & Sharing What It Learns
- Your Smart Scale is Leaking More than Your Weight: Privacy Issues in IoT
- Smart Bulb Offers Light, Color, Music, and… Data Exfiltration?
- Besder-IPCamera Analysis
- Smart Lock Vulnerabilities
- Subaru Head Unit Jailbreak
- Jeep Hack
- Dropcam Hacking
- Printer Hacking Live Sessions - Gamozo Labs
- LED Light Hacking
- IoTSecurity101 Telegram
- IoTSecurity101 Reddit
- IoTSecurity101 Discord
- Hardware Hacking Telegram
- RFID Discord Group
- ICS Discord Group
- The Firmware Handbook (Embedded Technology) 1st Edition by Jack Ganssle
- Hardware Hacking: Have Fun while Voiding your Warranty 1st Edition
- Hacking the Xbox - An Introduction to Reverse Engineering HACKING THE XBOX by Andrew “bunnie” Huang
- Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure by Eric D. Knapp , Raj Samani
- The Art of Pcb Reverse Engineering: Unravelling the Beauty of the Original Design
- Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts 1st Edition, by Nitesh Dhanjani
- Inside Radio: An Attack and Defense Guide by Authors: Yang, Qing, Huang, Lin
- Pentest Hardware
- Gray Hat Hacking: The Ethical Hacker's Handbook, Fifth Edition 5th Edition by Daniel Regalado , Shon Harris , Allen Harper , Chris Eagle , Jonathan Ness , Branko Spasojevic , Ryan Linn , Stephen Sims
- Practical Hardware Pentesting
- The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks Front Cover Jasper van Woudenberg, Colin O'Flynn
- Practical IoT Hacking-The Definitive Guide to Attacking the Internet of Things by Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, Beau Woods
- Practical Hardware Pentesting - Second Edition
- Blue Fox: Arm Assembly Internals & Reverse Engineering
- Fuzzing Against the Machine: Automate vulnerability research with emulated IoT devices on QEMU
- Hardware Security Training, Hands-on!
- Manual PCB-RE: The Essentials
- Jilles.com
- Payatu Blog
- Raelize Blog
- JCJC Dev Blog
- W00tsec Blog
- Devttys0 Blog
- Wrongbaud Blog
- Embedded Bits Blog
- RTL-SDR Blog
- Keenlab Blog
- Courk.cc
- IoT Security Wiki
- Cybergibbons Blog
- Firmware.RE
- K3170makan Blog
- Tclaverie Blog
- Besimaltinok Blog
- Ctrlu Blog
- IoT Pentest Blog
- Duo Decipher Blog
- Sp3ctr3 Blog
- 0x42424242.in Blog
- Dantheiotman Blog
- Danman Blog
- Quentinkaiser Blog
- Quarkslab Blog
- Ice9 Blog
- F-Secure Labs Blog
- MG.lol Blog
- CJHackerz Blog
- Bunnie's Blog
- IoT My Way Blog
- Synacktiv Publications
- Cr4.sh Blog
- Ktln2 Blog
- Naehrdine Blog
- Limited Results Blog
- Fail0verflow Blog
- Exploit Security Blog
- Attify Blog
- Joe Grand
- Liveoverflow
- Binary Adventure
- EEVBlog
- Craig Smith
- iotpentest [Mr-IoT]
- Besim ALTINOK - IoT - Hardware - Wireless
- Ghidra Ninja
- Cyber Gibbons
- Scanline
- Aaron Christophel
- Valerio Di Giampietro
- Reflecting upon OWASP TOP-10 IoT Vulnerabilities
- OWASP IoT Top 10 2018 Mapping Project
- Hardware toolkits for IoT security analysis
- Sigint OS- LTE IMSI Catcher
- Instatn-gnuradio OS - For Radio Signals Testing
- Ubutnu Best Host Linux for IoT's - Use LTS
- Internet of Things - Penetration Testing OS v1
- Dragon OS - DEBIAN LINUX WITH PREINSTALLED OPEN SOURCE SDR SOFTWARE
- EmbedOS - Embedded security testing virtual machine
- Skywave Linux- Software Defined Radio for Global Online Listening
- A Small, Scalable Open Source RTOS for IoT Embedded Devices
- ICS - Controlthings.io
- AttifyOS - IoT Pentest OS - by Aditya Gupta
- Expliot - IoT Exploitation framework - by Aseemjakhar
- Routersploit (Exploitation Framework for Embedded Devices)
- IoTSecFuzz (comprehensive testing for IoT device)
- HomePwn - Swiss Army Knife for Pentesting of IoT Devices
- killerbee - Zigbee exploitation
- PRET - Printer Exploitation Toolkit
- HAL – The Hardware Analyzer
- FwAnalyzer (Firmware Analyzer)
- ISF(Industrial Security Exploitation Framework
- PENIOT: Penetration Testing Tool for IoT
- MQTT-PWN
- Introduction
- Hacking the IoT with MQTT
- thoughts about using IoT MQTT for V2V and Connected Car from CES 2014
- Nmap
- The Seven Best MQTT Client Tools
- A Guide to MQTT by Hacking a Doorbell to send Push Notifications
- Are smart homes vulnerable to hacking
- Deep Learning UDF for KSQL / ksqlDB for Streaming Anomaly Detection of MQTT IoT Sensor Data
- Authenticating & Authorizing Devices using MQTT with Auth0
- Development information for the MQTT with hardware
- Understanding the MQTT Protocol Packet Structure
- R7-2019-18: Multiple Hickory Smart Lock Vulnerabilities
- IoT Live Demo: 100.000 Connected Cars With Kubernetes, Kafka, MQTT, TensorFlow
- Mosquitto-An open source MQTT broker
- HiveMQ
- MQTT Explorer
- MQTT proxy - IoXY
- MQTT Broker Security - 101
- Welcome to MQTT-PWN!
- Complete course in Software Defined Radio (SDR) by Michael Ossmann
- SDR Notes - Radio IoT Protocols Overview
- Understanding Radio
- Introduction to Software Defined Radio
- Introduction Gnuradio companion
- Creating a flow graph in gunradiocompanion
- Analysing radio signals 433Mhz
- Recording specific radio signal
- Replay Attacks with raspberrypi -rpitx
- Introduction to GSM Security
- GSM Security 2
- vulnerabilities in GSM security with USRP B200
- Security Testing 4G (LTE) Networks
- Case Study of SS7/SIGTRAN Assessment
- Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP
- ss7MAPer – A SS7 pen testing toolkit
- Introduction to SIGTRAN and SIGTRAN Licensing
- SS7 Network Architecture
- Introduction to SS7 Signaling
- Breaking LTE on Layer Two
- Introduction and protocol Overview
- Hacking Zigbee Devices with Attify Zigbee Framework
- Hands-on with RZUSBstick
- ZigBee & Z-Wave Security Brief
- Hacking ZigBee Networks
- Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes
- Security Analysis of Zigbee Networks with Zigator and GNU Radio
- Low-Cost ZigBee Selective Jamming
- APIMOTE IEEE 802.15.4/ZIGBEE SNIFFING HARDWARE
- RaspBee-The Raspberry Pi Zigbee gateway
- USRP SDR 2
- ATUSB IEEE 802.15.4 USB Adapter
- nRF52840-Dongle
- Step By Step guide to BLE Understanding and Exploiting
- Traffic Engineering in a Bluetooth Piconet
- BLE Characteristics
- btproxy
- hcitool & bluez
- Testing With GATT Tool
- crackle-Cracking encryption
- bettercap
- BtleJuice Bluetooth Smart Man-in-the-Middle framework
- gattacker
- BTLEjack Bluetooth Low Energy Swiss army knife
- bluing-An intelligence gathering tool for hacking Bluetooth
- DEDSEC-Bluetooth-exploit
- NRFCONNECT - 52840
- EDIMAX
- CSR 4.0
- ESP32 - Development and learning Bluetooth
- Ubertooth
- Sena 100
- ESP-WROVER-KIT-VB
- Bluetooth vs BLE Basics
- examining-the-august-smart-lock
- Finding bugs in Bluetooth
- Intel Edison as Bluetooth LE — Exploit box
- How I Reverse Engineered and Exploited a Smart Massager
- My journey towards Reverse Engineering a Smart Band — Bluetooth-LE RE
- Bluetooth Smartlocks
- I hacked MiBand 3
- GATTacking Bluetooth Smart Devices
- blueooth beacon vulnerability
- Sweyntooth Vulnerabilties
- AIRDROP_LEAK - sniffs BLE traffic and displays status messages from Apple devices
- BRAKTOOTH: Causing Havoc on Bluetooth Link Manager
- Practical Introduction to BLE GATT Reverse Engineering: Hacking the Domyos EL500
- MojoBox - yet another not so smartlock
- bluetooth-hacking
- Real Time Interception And Monitoring Of A DECT Cordless Telephone
- Eavesdropping On Unencrypted DECT Voice Traffic
- Decoding DECT Voice Traffic: In-depth Explanation
- Android App Reverse Engineering 101
- Android Application pentesting book
- Android Pentest Video Course-TutorialsPoint
- IOS Pentesting
- OWASP Mobile Security Testing Guide
- Android Tamer - Android Tamer is a Virtual / Live Platform for Android Security professionals
- AZM Online Arm Assembler by Azeria
- Online Disassembler
- Compiler Explorer is an interactive online compiler which shows the assembly output of compiled C++, Rust, Go
- EMBA-An analyzer for embedded Linux firmware
- FACT-Firmware Analysis and Comparison Tool
- Binwalk
- Qiling
- fwanalyzer
- ByteSweep
- Firmwalker
- Checksec.sh
- QEMU
- Firmadyne
- Firmware Modification Kit
- Firmware analysis and reversing
- Reversing 101
- IoT Security Verification Standard (ISVS)
- OWASP Firmware Security Testing Methodology
- Firmware emulation with QEMU
- Reversing ESP8266 Firmware
- Emulating Embedded Linux Devices with QEMU
- Emulating Embedded Linux Systems with QEMU
- Fuzzing Embedded Linux Devices
- Emulating ARM Router Firmware
- Reversing Firmware With Radare
- Samsung Firmware Magic - Unpacking and Decrypting
- Qiling & Binary Emulation for automatic unpacking
- Reverse engineering with #Ghidra: Breaking an embedded firmware encryption scheme
- Simulating and hunting firmware vulnerabilities with Qiling
- Pwn the ESP32 Secure Boot
- Pwn the ESP32 Forever: Flash Encryption and Sec. Boot Keys Extraction
- Amlogic S905 SoC: bypassing the (not so) Secure Boot to dump the BootROM / another-link
- Defeating Secure Boot with Symlink Attacks
- PS4 Aux Hax 5 & PSVR Secure Boot Hacking with Keys by Fail0verflow!
- ECLYPSIUM DISCOVERS MULTIPLE VULNERABILITIES AFFECTING 129 DELL MODELS VIA DELL REMOTE OS RECOVERY AND FIRMWARE UPDATE CAPABILITIES
- Technical Advisory – U-Boot – Unchecked Download Size and Direction in USB DFU (CVE-2022-2347)
- Breaking Secure Boot on the Silicon Labs Gecko platform
- HARDWARE HACKING 101: IDENTIFYING AND DUMPING EMMC FLASH
- EMMC DATA RECOVERY FROM DAMAGED SMARTPHONE
- Another bunch of Atricles for EMMC
- Unleash your smart-home devices: Vacuum Cleaning Robot Hacking
- Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Part 1
- Introduction to ATM Penetration Testing
- Pwning ATMs For Fun and Profit
- Jackpotting Automated Teller Machines Redux By Barnaby Jack
- Bus Pirate
- EEPROM reader/SOIC Cable
- Jtagulator/Jtagenum
- Logic Analyzer
- The Shikra
- FaceDancer21 (USB Emulator/USB Fuzzer)
- RfCat
- Hak5Gear- Hak5FieldKits
- Ultra-Mini Bluetooth CSR 4.0 USB Dongle Adapter
- Attify Badge - UART, JTAG, SPI, I2C (w/ headers)
- An Introduction to Hardware Hacking
- Serial Terminal Basics
- Reverse Engineering Serial Ports
- REVERSE ENGINEERING ARCHITECTURE AND PINOUT OF CUSTOM ASICS
- ChipWhisperer - Hardware attacks
- Hardware hacking tutorial: Dumping and reversing firmware
- Reading FlashROMS - Youtube
- Dumping the firmware From Router using BUSPIRATE - SPI Dump
- How to Flash Chip of a Router With a Programmer | TP-Link Router Repair & MAC address change
- Extracting Flash Memory over SPI
- Extracting Firmware from Embedded Devices (SPI NOR Flash)
- SPI-Blogs
- Identifying UART interface
- onewire-over-uart
- Accessing sensor via UART
- Using UART to connect to a chinese IP cam
- A journey into IoT – Hardware hacking: UART
- UARTBruteForcer
- UART Connections and Dynamic analysis on Linksys e1000
- Accessing and Dumping Firmware Through UART
- UART Exploiter
- HARDWARE HACKING 101: INTRODUCTION TO JTAG
- How To Find The JTAG Interface - Hardware Hacking Tutorial
- Buspirate JTAG Connections - Openocd
- Extracting Firmware from External Memory via JTAG
- Analyzing JTAG
- The hitchhacker’s guide to iPhone Lightning & JTAG hacking
- Side channel attacks
- Attacks on Implementations of Secure Systems
- fuzzing, binary analysis, IoT security, and general exploitation
- Espressif ESP32: Bypassing Encrypted Secure Boot(CVE-2020-13629)
- Breaking AES with ChipWhisperer - Piece of scake (Side Channel Analysis 100)
- Researchers use Rowhammer bit flips to steal 2048-bit crypto key
- NAND Glitching Attack
- Tutorial CW305-4 Voltage Glitching with Crowbars
- Voltage Glitching Attack using SySS iCEstick Glitcher
- Samy Kamkar - FPGA Glitching & Side Channel Attacks
- Hardware Power Glitch Attack (Fault Injection) - rhme2 Fiesta (FI 100)
- Keys in flash - Glitching AES keys from an Arduino / ATmega with a camera flash
- Implementing Practical Electrical Glitching Attacks
- Shodan Pentesting Guide
- Car Hacking Practical Guide 101
- OWASP Firmware Security Testing Methodology
- Awesome-bluetooth-security
- OWASP Fuzzing Info
- Fuzzing_ICS_protocols
- Fuzzowski - the Network Protocol Fuzzer that we will want to use
- Fuzz Testing of Application Reliability
- FIRM-AFL : High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation
- Snipuzz : Black-box Fuzzing of IoT Firmware via Message Snippet Inference
- [fuzzing-iot-binaries] - part1 / part2
- Modern Vulnerability Research Techniques on Embedded Systems
- FuzzingPaper
- Exercises to learn how to fuzz with American Fuzzy Lop
- Broadcom and Cypress firmware emulation for fuzzing and further full-stack debugging
- Bluetooth experimentation framework for Broadcom and Cypress chips.
- Flipper Zero Unleashed Firmware : https://github.com/DarkFlippers/unleashed-firmware
- RogueMaster Flipper Zero Firmware : https://github.com/RogueMaster/flipperzero-firmware-wPlugins
- CVE-2022-40363 : Exploiting Flipper Zero’s NFC file loader
-
IoT-vulhub : https://vulntotal-team.github.io/IoT-vulhub/#%E5%AE%89%E8%A3%85
-
SCADA : https://www.slideshare.net/phdays/damn-vulnerable-chemical-process
-
SS7 Network: https://www.blackhat.com/asia-17/arsenal.html#damn-vulnerable-ss7-network
-
Hardware Hacking 101 : https://github.com/rdomanski/hardware_hacking
-
RHME-2015 : https://github.com/Riscure/RHme-2015
-
RHME-2016 : https://github.com/Riscure/Rhme-2016
-
RHME-2017 : https://github.com/Riscure/Rhme-2017
- BLE CTF - A framework focused on Bluetooth Low Energy security.
- Rhme-2016 - Riscure's hardware security competition for 2016.
- Rhme-2017 - Riscure's hardware security competition for 2017.
- IoTGoat - Deliberately insecure firmware based on OpenWrt for IoT security training.
- IoT Village CTF - A Capture The Flag event specifically focused on IoT security.
- IoTSec CTF - Offers IoT related challenges for continuous learning.
- Damn Vulnerable ARM Router - A deliberately vulnerable ARM router for exploitation practice.
- Firmware Security Training & CTF - Firmware analysis tools and challenges by Router Analysis Toolkit.
- ARM-X CTF - A set of challenges focused on ARM exploitation.
- Azeria Labs ARM Challenges - Offers ARM assembly challenges and tutorials.
- Microcorruption - Embedded security CTF focusing on lock systems.
- Pwnable.kr - Offers various reverse engineering challenges.
- Hack The Box - Platform offering a range of challenges, including hardware and reverse engineering.
- Root Me - Platform with various types of challenges including hardware and reverse engineering.
- CTFtime - Lists various CTFs, including those in hardware, IoT, and firmware.