awesome-connected-things-sec
A Curated list of Security Resources for all connected things
https://github.com/V33RU/awesome-connected-things-sec
Last synced: 3 days ago
JSON representation
-
Industrial and Automotive
-
Automotive Security
- Awesome Vehicle Security
- Car Hacking Village
- CAN Injection: keyless car theft
- Subaru Head Unit Jailbreak
- Car Hacking Practical Guide 101
- How I Hacked my Car Series - Parts 1-6
- Jeep Hack
- How I Also Hacked my Car
- Extracting Secure Onboard Communication (SecOC) keys from a 2021 Toyota RAV4 Prime
- Recovering an ECU firmware using disassembler and branches
- Automotive Memory Protection Units: Uncovering Hidden Vulnerabilities
-
ICS/SCADA
-
EV Chargers
-
-
Tools
-
Pentesting Operating Systems
-
Hardware Tools
- Logic Analyzer - Saleae
- RTL-SDR
- Flipper Zero
- HackRF
- The Shikra
- FaceDancer21
- ST-Link
- JTAGulator
- RfCat
- RouterSploit
- PRET - Printer Exploitation Toolkit
- Expliot Framework
- HAL - Hardware Analyzer
- IoTSecFuzz
- Samsung Firmware Magic
- Firmware Analysis Toolkit (FAT)
- PENIOT
- ISF - Industrial Security Framework
- Segger J-Link
- Bus Pirate 5: The Swiss ARRRmy Knife of Hardware Hacking
- An In-Depth Look at the ICE-V Wireless FPGA Development Board
- FTDI-based Adapters
- Black Magic Probe
- Shambles: The Next-Generation IoT Reverse Engineering Tool
- NullSec Flipper Suite - Comprehensive Flipper Zero payload collection for RF analysis, RFID/NFC cloning, BadUSB attacks, infrared, and wireless pentesting.
- NullSec Pineapple Suite - 60+ WiFi Pineapple payloads for wireless pentesting including deauth, evil twin, handshake capture, PMKID extraction, and network reconnaissance.
- NullSec Ducky Payloads - Rubber Ducky BadUSB payloads for WiFi credential extraction, reverse shells, and automated recon on Windows, macOS & Linux.
- PineFlip - Professional Flipper Zero companion app for Linux with GTK4/libadwaita UI, screen mirroring, file manager, and firmware management.
- BlueSploit
- HomePwn
-
Search Engines
-
Fuzzing Tools
- OWASP Fuzzing Info
- Fuzzing ICS Protocols
- Fuzz Testing of Application Reliability
- FIRM-AFL: High-Throughput IoT Firmware Fuzzing
- Fuzzing IoT Binaries Part 1
- FuzzingPaper Collection
- Frankenstein - Broadcom/Cypress Firmware Emulation for Fuzzing
- Google Fuzzing Forum
- Boofuzz
- AFL Training Exercises
- Syzkaller - Kernel Fuzzer
- Dr. Memory
- Awesome Embedded Fuzzing
- parking-game-fuzzer
- Snipuzz: Black-box Fuzzing of IoT Firmware
- The art of Fuzzing: Introduction
- A LibAFL Introductory Workshop
- The Blitz Tutorial Lab on Fuzzing with AFL++
- State of Linux Snapshot Fuzzing
- Fuzzing between the lines in popular barcode software
- Fuzzing IoT Binaries Part 2
-
-
Firmware Security
-
Reverse Engineering Tools
- GDB
- x64dbg
- Hopper
- Binary Ninja
- Immunity Debugger
- Reversing Firmware with Radare
- Reverse Engineering with Ghidra: Breaking Firmware Encryption
- Radare2
- PEiD
- Reversing ESP8266 Firmware
- Finding Bugs in Netgear Router
- Automating Binary Vulnerability Discovery with Ghidra and Semgrep
- Diaphora - Binary Diffing
- Ghidra
- RetDec - Decompiler
- Frida - Dynamic Instrumentation
- Cutter - GUI for Radare2
- Angr - Binary Analysis
- Ret-sync
- OllyDbg
- Ghidriff - Ghidra Binary Diffing Engine
- The rev.ng decompiler goes open source
- Intro to Cutter
- pyghidra-mcp: Headless Ghidra MCP Server
- Mindshare: Using Binary Ninja API to Detect Potential Use-after-free Vulnerabilities
- Ghidra 101: Cursor Text Highlighting
- Ghidra 101: Decoding Stack Strings
- Extending Ghidra Part 1: Setting up a Development Environment
- Binary type inference in Ghidra
- Writing a Ghidra processor module
- Reverse Engineering and Patching with Ghidra
- Debugger Ghidra Class
- Expanding the Dragon: Adding an ISA to Ghidra
- Ghidra nanoMIPS ISA module
-
Online Assemblers
-
Dynamic Analysis and Emulation
- QEMU
- Debugging D-Link: Emulating Firmware and Hacking Hardware
- Firmware Emulation with QEMU
- Emulating ARM Router Firmware - Azeria Labs
- Qiling and Binary Emulation for Automatic Unpacking
- IoT Binary Analysis and Emulation Part 1
- Cross Debugging for ARM/MIPS with QEMU
- QEMU + Buildroot 101
- Emulating IoT Firmware Made Easy
- Adaptive Emulation Framework for Multi-Architecture IoT
- Automatic Firmware Emulation through Invalidity-guided Knowledge Inference
- Firmadyne - Automated Firmware Emulation
- Renode - Embedded Systems Emulator
- Unicorn Engine - CPU Emulator
- Qiling Framework
- PANDA - Architecture-Neutral Dynamic Analysis
- Avatar2 - Dynamic Firmware Analysis
- S2E - Selective Symbolic Execution
- FirmWire - Baseband Firmware Emulation
- SAME70 Emulator
- Emulating RH850 architecture with Unicorn Engine
- Icicle: A Re-designed Emulator for Grey-Box Firmware Fuzzing
- Challenges and Pitfalls while Emulating Six Current Icelandic Household Routers
- My Emulation Goes to the Moon... Until False Flag
- How to Emulate Android Native Libraries Using Qiling
- FirmAE - Firmware Analysis and Emulation
- HALucinator
- SymQEMU
- Bochs - x86 Emulator
- Emulate Until You Make it
- Simulating and Hunting Firmware Vulnerabilities with Qiling
- Icicle: A Re-designed Emulator for Grey-Box Firmware Fuzzing
- How to Emulate Android Native Libraries Using Qiling
-
Binary Analysis
-
ARM Exploitation
- Azeria Labs ARM Tutorials
- Exploit Education
- ARM Exploitation for IoT
- Damn Vulnerable ARM Router (DVAR)
- ARMv8 AArch64/ARM64 Full Beginner's Assembly Tutorial
- A Noobs Guide to ARM Exploitation
- ARM64 Reversing And Exploitation Series (8ksec) - Parts 1-10
- AArch64 memory and paging
- We are ARMed no more ROPpery Here
- A Guide to ARM64 / AArch64 Assembly on Linux
- A Noobs Guide to ARM Exploitation
-
Router Exploitation
- Rooting Xiaomi WiFi Routers
- The Last Breath of Our Netgear RAX30 Bugs
- Pulling MikroTik into the Limelight
- Hunting for Unauthenticated n-days in Asus Routers
- Patch Diffing a Cisco RV110W Firmware Update - Part 1
- Flashback Connects - Cisco RV340 SSL VPN RCE
- PwnAgent: A One-Click WAN-side RCE in Netgear RAX Routers
- Pwn2Own Tokyo 2020: Defeating the TP-Link AC1750
- ROPing our way to RCE
- Exploiting MikroTik RouterOS Hardware with CVE-2023-30799
- Route to Safety: Navigating Router Pitfalls
- ROPing Routers from scratch: Tenda Ac8v4
- Reversing, Discovering, And Exploiting A TP-Link Router Vulnerability — CVE-2024–54887
- Exploiting Zero-Day (CVE-2025–9961) Vulnerability in the TP-Link AX10 Router
- FiberGateway GR241AG - Full Exploit Chain
- Blackbox-Fuzzing of IoT Devices Using the Router TL-WR902AC
- Rooting the TP-Link Tapo C200 Rev.5
- Netgear Orbi: Introduction, UART Access, Recon
- Netgear Orbi: Crashes in SOAP-API
- Netgear Orbi: NDay Exploit CVE-2020-27861
- TP-Link TDDP Buffer Overflow Vulnerability
- TP-Link Tapo c200 Camera Unauthenticated RCE (CVE-2021-4045)
- CVE-2024-20356: Jailbreaking a Cisco appliance to run DOOM
- Exploiting MikroTik RouterOS Hardware with CVE-2023-30799
- Puckungfu 2: Another NETGEAR WAN Command Injection
- Netgear Orbi: Introduction, UART Access, Recon
- Netgear Orbi: Crashes in SOAP-API
- CVE-2024-20356: Jailbreaking a Cisco appliance to run DOOM
-
Router Firmware Analysis
- A Journey into IoT: Discover Components and Ports
- A Journey into IoT: Firmware Dump and Analysis
- A Journey into IoT: Radio Communications
- A Journey into IoT: Internal Communications
- Dynamic Analysis of Firmware Components in IoT Devices
- RV130X Firmware Analysis
- TP-Link Firmware Decryption C210 V2 cloud camera bootloaders
- A Journey into IoT: Firmware Dump and Analysis
- A Journey into IoT: Radio Communications
- A Journey into IoT: Internal Communications
-
UEFI Security
- For Science! - Using an Unimpressive Bug in EDK II
- PixieFail: Nine vulnerabilities in Tianocore's EDK II IPv6 network stack
- Emulating and Exploiting UEFI Firmware
- The Dark Side of UEFI: A technical Deep-Dive into Cross-Silicon Exploitation
- Inside the LogoFAIL PoC: From Integer Overflow to Arbitrary Code Execution
- Hydroph0bia: SecureBoot bypass for Insyde H2O
- Using Symbolic Execution to Detect UEFI Vulnerabilities
- HP Enterprise UEFI Vulnerabilities
-
Static Analysis Tools
- EMBA - Embedded Linux Firmware Analyzer
- unblob - Extraction Framework
- Firmwalker
- fwanalyzer
- FACT - Firmware Analysis and Comparison Tool
- fwhunt-scan - UEFI Firmware Analysis
- ByteSweep
- BINSEC
- Binwalk v3
- QueryX - Static Taint Tracking
- FirmGraph
- fchk - Security Checks for Firmware
- Firmware Modification Kit
-
Extraction
- Firmware Samples - firmware.center
- Hardware Hacking Tutorial: Dumping and Reversing Firmware
- Router Analysis Part 1: UART Discovery and SPI Flash Extraction
- Retrofitting encrypted firmware is a Bad Idea
- BasicFUN Series: Hardware Analysis / SPI Flash Extraction
- BasicFUN Series: Reverse Engineering Firmware / Reflashing SPI Flash
-
Symlink Attacks
-
Secure Boot
- Pwn the ESP32 Secure Boot
- Pwn ESP32 Forever: Flash Encryption and Secure Boot Keys Extraction
- Amlogic S905 SoC: Bypassing Secure Boot
- Defeating Secure Boot with Symlink Attacks
- PS4 Secure Boot Hacking - Fail0verflow
- Breaking Secure Boot on Silicon Labs Gecko
- ESP32 Secure Boot Bypass (CVE-2020-13629)
- U-Boot USB DFU Vulnerability (CVE-2022-2347)
- Writing a Bootloader
- Dell BIOS Vulnerabilities - BIOSDisconnect
-
Secure Boot Bypasses
-
RTOS Security
- Zephyr RTOS GitHub
- Zephyr Vulnerabilities List
- NCC Group Zephyr and MCUboot Security Assessment
- 26 Flaws in Zephyr and MCUboot
- Tackling Security in Zephyr RTOS
- Enhancing Security with Zephyr RTOS
- FreeRTOS 13 Vulnerabilities in TCP/IP Stack
- Exploiting Memory Corruption in FreeRTOS - ShmooCon
- RTOS Security Analysis - USENIX
- Dynamic Vulnerability Patching for RTOS
- NCC Group Zephyr and MCUboot Security Assessment
- FreeRTOS 13 Vulnerabilities in TCP/IP Stack
- AWS FreeRTOS Vulnerabilities
-
Fundamentals
-
OTA Update Security
- IoT Firmware Security and Update Mechanisms
- Implementing OTA Updates for IoT Devices
- Secure OTA Boot Chains and Firmware Verification
- The Key to Firmware Security in Connected IoT Devices
- Security Considerations for OTA Updates - Stack Overflow
- Top 10 IoT Vulnerabilities - OTA Update Attacks
- Updating IoT Devices 2025: Best Practices
- Review of IoT Firmware Vulnerabilities and Auditing Techniques
- Security Considerations for OTA Updates - Stack Overflow
- Secure OTA Firmware Update Mechanism (PDF)
-
-
Network and Web Protocols
-
MQTT
- Mosquitto - Open Source MQTT Broker
- HiveMQ
- MQTT Explorer
- MQTT Broker Security 101
- Hacking the IoT with MQTT
- Are Smart Homes Vulnerable to Hacking?
- Servisnet Tessa - MQTT Credentials Dump (Metasploit)
- Eclipse Mosquitto Unquoted Service Path
- Penetration Testing Sesame Smart Door Lock
- CVE-2020-13849 - DoS vulnerability (CVSS 7.5)
- CVE-2023-3028 - Insufficient authentication (CVSS 9.8)
- CVE-2021-0229 - Resource consumption (CVSS 5.3)
- CVE-2019-5432 - Malformed packet crash (CVSS 7.5)
- Using IoT MQTT for V2V and Connected Cars
- MQTT Hardware Development Projects
- 100,000 Connected Cars with Kubernetes, Kafka, MQTT, TensorFlow
- Nmap MQTT Library
- IoXY - MQTT Intercepting Proxy
- MQTT-PWN
- Alert: New WailingCrab Malware Loader
- Deep Learning UDF for MQTT IoT Anomaly Detection
- Understanding the MQTT Protocol Packet Structure
- IoT Security: RCE in MQTT Protocol
- Introduction to MQTT
- Seven Best MQTT Client Tools
- Authenticating Devices Using MQTT with Auth0
- Guide to MQTT: Hacking a Doorbell
- WailingCrab Malware Using MQTT for C2
- MQTT on Snapcraft
-
CoAP
- RFC 8323 - CoAP over TCP
- CoAP NSE (Nmap)
- libcoap CLI Tools
- Scapy CoAP Plugin
- Copper - Firefox CoAP Plugin
- IETF Security Protocol Comparison
- EMQX on CoAP and IoT Security (2024)
- Peach Fuzzer
- Zolertia
- SpectralOps - Top IoT Protocol Security Issues
- CoAP Exposure Study (2024)
- RFC 8613 - OSCORE
- RFC 8824 - SCHC Header Compression
- Nordic Boards
- Radware - CoAP Protocol Overview
- OpenMote
- Radware - CoAP Protocol Overview
- Eclipse Californium (Java)
- Raspberry Pi / Arduino + 6LoWPAN
- OpenMote
- IoT Pentest Lab Setup Guide (2025)
-
IoT Protocols Overview
-
mTLS
- github.com/sensepost/objection
- github.com/droe/sslsplit
- github.com/NVISOsecurity/MagiskTrustUserCerts
- github.com/nmatt0/mitmrouter
- github.com/shroudedcode/apk-mitm
- github.com/fungaren/mtls-intercept
- ecapture.cc
- wiki.wireshark.org/TLS
- github.com/httptoolkit/frida-android-unpinning
- github.com/NEU-SNS/IoTLS
- mTLS: When Certificate Authentication is Done Wrong
- mTLS Authentication in IoT: Enhancing Security for Connected Devices
- Hands On IoT MitM Part 1 – AWS IoT MQTT + mTLS Interception
- OWASP MASTG-TECH-0012: Bypassing Certificate Pinning in Android IoT Companion Apps
- Theory to Practice: mTLS in Action Part 1
- Firmware Analysis for IoT Penetration Testing
- Configuring mTLS on Mosquitto MQTT Broker
- AWS IoT Docs: X.509 Client Certificates and Fleet Provisioning
- Azure IoT Hub: mTLS X.509 CA Authentication Concept
- Evaluation of TLS and mTLS in Internet of Things Systems - MIUN DiVA, 2024
- Atlas: Enabling Cross-Vendor mTLS Authentication for IoT - arXiv 2025
- Lightweight mTLS Authentication for Industrial IoT - PMC/NIH 2023
- Quantum-Enhanced mTLS for IoT Battlefield Networks - IJPSAT
- AI vs. IoT Security: Fingerprinting and Defenses Against TLS Attacks - IEEE Xplore 2025
- Intercepting IoT Device Traffic with ARP Poisoning + mitmproxy TLS Intercept
- Using Linux to Intercept IoT Device Traffic with mitmrouter
- Mutual TLS - The Backend Engineering Show Deep Dive
- Intercepting SSL/TLS - Fiddler and MITMProxy Decrypt Walkthrough
- Decrypting Kubernetes mTLS Traffic - eCapture, Custom CA, eBPF Methods
- Mastering mTLS: Stop MITM Attacks and Boost API/IoT Security
- Introduction to IoT Penetration Testing Webinar - CyberWarFare Labs
-
-
Labs and CTFs
-
Continuous Learning Platforms
-
CTF Competitions
-
Vulnerable Applications
-
Lab Setup
-
-
Wireless Protocols
-
Bluetooth / BLE
- Sweyntooth Vulnerabilities
- BrakTooth: Causing Havoc on Bluetooth Link Manager
- Reverse Engineering BLE Devices
- BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution
- Hacking Bluetooth to Brew Coffee from Github Actions - Part 1
- Practical Introduction to BLE GATT Reverse Engineering
- ESP-WROVER-KIT
- Blue2thprinting: WTF Am I Even Looking At?
- Open Wounds: Last 5 Years Have Left Bluetooth to Bleed
- Sniffing Bluetooth Through My Mask During the Pandemic
- Examining the August Smart Lock
- Finding Bugs in Bluetooth
- Intel Edison as Bluetooth LE Exploit Box
- Reverse Engineering and Exploiting a Smart Massager
- My Journey Towards Reverse Engineering a Smart Band — Bluetooth-LE RE
- Bluetooth Smartlocks
- I Hacked MiBand 3
- GATTacking Bluetooth Smart Devices
- Bluetooth Beacon Vulnerability
- MojoBox - Yet Another Not So Smartlock
- NFC Relay Attack on Tesla Model Y
- bettercap
- InternalBlue - Bluetooth Experimentation Framework
- Awesome Bluetooth Security
- AirDrop Leak - Sniffing BLE Traffic from Apple Devices
- crackle - Cracking BLE Encryption
- GATTacker
- BTLEjack - BLE Swiss Army Knife
- Bluing - Intelligence Gathering for Bluetooth
- BrakTooth ESP32 PoC
- SweynTooth BLE Attacks
- btproxy
- ice9-bluetooth-sniffer
- BlueToolkit - Bluetooth Classic Vulnerability Testing
- ESP32
- Intro to Bluetooth Low Energy (PDF)
- Bluetooth LE Security Study Guide
- nRF52840 Dongle
- BLE-NullBlr: Step by Step Guide to BLE Understanding and Exploiting
- Traffic Engineering in a Bluetooth Piconet
- BLE Characteristics: A Beginner's Tutorial
- BtleJuice - Bluetooth Smart MITM Framework
- DEDSEC Bluetooth Exploit
- ESP32 Bluetooth Classic Sniffer
- Bluetooth Hacking Collection
- BLUFFS: Bluetooth Forward and Future Secrecy Attacks (CVE-2023-24023)
- Denial of Pleasure: Attacking Unusual BLE Targets with a Flipper Zero
- Grand Theft Auto: A peek of BLE relay attack
- How I Hacked Smart Lights: CVE-2022-47758
- BRAKTOOTH: Causing Havoc on Bluetooth Link Manager (PDF)
- Norec Attack: Stripping BLE encryption from Nordic's Library (CVE-2020-15509)
- CSR 4.0 Bluetooth Dongle
- Hacking Bluetooth to Brew Coffee from Github Actions - Part 2
- Hacking Bluetooth to Brew Coffee from Github Actions - Part 3
-
Wi-Fi
- Over The Air: Exploiting Broadcom's Wi-Fi Stack (Part 1)
- Over The Air: Exploiting Broadcom's Wi-Fi Stack (Part 2)
- Over The Air: Exploiting The Wi-Fi Stack on Apple Devices
- Exploiting Qualcomm WLAN and Modem Over the Air
- Windows Wi-Fi Driver RCE Vulnerability – CVE-2024-30078
- Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues
- Man-in-the-Middle Attacks without Rogue AP: When WPAs Meet ICMP Redirects
- WPAxFuzz: Sniffing Out Vulnerabilities in Wi-Fi Implementations
- Untangling the Knot: Breaking Access Control in Home Wireless Mesh Networks
- Reverse-engineering Broadcom wireless chipsets
- When a Wi-Fi SSID Gives You Root on an MT02 Repeater - Part 1
- When a Wi-Fi SSID Gives You Root on an MT02 Repeater - Part 2
- Reverse Engineering WiFi on RISC-V BL602
- Unveiling secrets of the ESP32: creating an open-source MAC Layer
- Unveiling secrets of the ESP32: reverse engineering RX
-
Matter / Thread
- Matter Standard - CSA-IoT
- Matter Protocol Complete Guide 2025
- How to Secure Smart Home Devices with Matter
- Smart Home Device Solutions for Matter - DigiCert
- Security Vulnerabilities and Attack Scenarios in Smart Home with Matter
- Trust Matters: Uncovering Vulnerabilities in Matter Protocol - Nozomi
- Matter over Thread Security
- State-of-the-Art Review on IoT Wireless PAN Protocol Security
- Matter Smart Home - Krasamo
-
USB
-
RF Fundamentals
- Complete Course in Software Defined Radio - Michael Ossmann
- Understanding Radio
- Introduction to GNU Radio Companion
- Creating a Flow Graph in GNU Radio Companion
- Analyzing Radio Signals 433MHz
- Recording Specific Radio Signals
- Replay Attacks with Raspberry Pi and rpitx
- GRCON 2021 - Capture the Signal
- SDR Notes - Radio IoT Protocols Overview
- Introduction to Software Defined Radio
- Reverse Engineering a Car Key Fob Signal
-
Cellular (GSM/LTE/5G)
- What is Base Transceiver Station
- How to Build Your Own Rogue GSM BTS
- GSM Security Part 2
- GSM Vulnerabilities with USRP B200
- Security Testing 4G (LTE) Networks
- Case Study of SS7/SIGTRAN Assessment
- Introduction to SIGTRAN
- LTE Sniffer
- SigPloit - Telecom Signaling Exploitation Framework
- 5Ghoul - 5G NR Attacks and Fuzzing
- Introduction to GSM Security
- ss7MAPer - SS7 Pentesting Toolkit
- Introduction to SS7 Signaling
- Exploiting CSN.1 Bugs in MediaTek Basebands
- SIM Hijacking
-
Zigbee / Z-Wave
-
NFC/RFID
-
LoRa / LoRaWAN
- ChirpOTLE - LoRaWAN Security Framework
- LoRaWAN Security Overview - Tektelic
- Security Vulnerabilities in LoRaWAN
- Low Powered and High Risk: Attacks on LoRaWAN Devices
- LAF - LoRaWAN Auditing Framework
- LoRaWAN Security Survey - ScienceDirect
- LoRaWAN - Wikipedia
- Millions of Devices Using LoRaWAN Exposed - SecurityWeek
- Do You Blindly Trust LoRaWAN Networks? - IOActive
- LoRaWAN Encryption Keys Easy to Crack - Threatpost
- LoPT: LoRa Penetration Testing Tool (PDF)
- LoRa Craft - Packet Interception
- Open Source LoRaWAN Hacking Tool
- LoRaWAN Hackaday Projects
-
DECT (Digital Enhanced Cordless Telecommunications)
-
UWB (Ultra-Wideband)
-
TETRA
-
-
🗂️ Resource Index
-
Reverse Engineering Tools
-
Introduction
-
Cellular Hacking GSM BTS
-
Storage Medium
-
IoT hardware Overview and Hacking
-
Pentesting Firmwares and emulating and analyzing
-
Exploitation Tools
-
Technical Research and Hacking
-
Books for IoT Penetration Testing
- PatrIoT: Practical and Agile Threat Research for IoT by Emre Süren
- Hardware Security Training, Hands-on!
- Security Issues in Mobile NFC Devices (Michael Roland)
- Practical Hardware Pentesting (2nd Edition) – Amazon.in
- PatrIoT: Practical and Agile Threat Research for IoT by Emre Süren
- Hardware Security Training, Hands-on!
- Security Issues in Mobile NFC Devices (Michael Roland)
- PatrIoT: Practical and Agile Threat Research for IoT by Emre Süren
- Hardware Security Training, Hands-on!
- Security Issues in Mobile NFC Devices (Michael Roland)
- PatrIoT: Practical and Agile Threat Research for IoT by Emre Süren
- Hardware Security Training, Hands-on!
- PatrIoT: Practical and Agile Threat Research for IoT by Emre Süren
- Hardware Security Training, Hands-on!
- PatrIoT: Practical and Agile Threat Research for IoT by Emre Süren
- Hardware Security Training, Hands-on!
- PatrIoT: Practical and Agile Threat Research for IoT by Emre Süren
- Hardware Security Training, Hands-on!
-
IoT Web and Message Services
- IoT Security: RCE in MQTT Protocol
- A Guide to MQTT by Hacking a Doorbell to Send Push Notifications (Video)
- Radware – CoAP Protocol Overview
- Radware – CoAP Protocol Overview
- Radware – CoAP Protocol Overview
- Radware – CoAP Protocol Overview
- Radware – CoAP Protocol Overview
- Radware – CoAP Protocol Overview
- Radware – CoAP Protocol Overview
-
Zigbee ALL Stuff
-
Blogs for IoT Pentest
-
BLE Intro and SW-HW Tools to pentest
-
-
Mobile Application Security
-
iOS
-
Android
- Android Tamer
- Android Hacker's Handbook
- Introduction to Fuzzing Android Native Components
- A first look at Android 14 forensics
- Deobfuscating Android ARM64 strings with Ghidra
- Hacking Android Games
- Intercepting HTTPS Communication in Flutter
- Android Kernel Exploitation
- Attacking Android Binder: Analysis and Exploitation of CVE-2023-20938
- Attacking the Android kernel using the Qualcomm TrustZone
- Driving forward in Android drivers
- Analyzing a Modern In-the-wild Android Exploit
- Exploiting Android's Hardened Memory Allocator
- GPUAF - Two ways of Rooting All Qualcomm based Android phones
- The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit
- Qualcomm DSP Kernel Internals
- Binder Fuzzing
- Android: Scudo
- Behind the Shield: Unmasking Scudo's Defenses
- scudo Hardened Allocator — Unofficial Internals Documentation
-
-
Defensive Security
-
Secure Development
- Embedded Linux Hardening
- OWASP IoT Top 10
- Linux Hardening Guide
- Compiler Options Hardening Guide for C and C++
- Docker Security – Step-by-Step Hardening
- How To Secure A Linux Server
- ETSI EN 303 645 - IoT Security Standard
- NIST IoT Cybersecurity Framework
- IoT Device Hardening Best Practices
- Zephyr RTOS Security Features
-
Threat Modeling
- OWASP Threat Modeling Process
- STRIDE Threat Model Guide - Practical DevSecOps
- STRIDE-based Threat Modeling for IoT Precision Agriculture
- What is STRIDE in Threat Modeling - Security Compass
- Threat Modeling with ATT&CK - MITRE
- What is Threat Modeling - Fortinet
- STRIDE Threat Modeling for IoT Smart Home
- STRIDE Threat Modeling for Smart Solar Energy Systems
- STRIDE Threat Modeling for IoT Healthcare Systems
- STRIDE for IoT Agriculture - IEEE
-
Incident Response
-
-
Research and Community
-
Blogs
- Raelize Blog
- Keenlab
- Exploitee.rs
- wrongbaud
- Payatu Blog
- boschko.ca
- Naehrdine
- Firmware Analysis
- Voidstarsec
- Jilles.com
- Syss Tech Blog
- JCJC Dev
- Embedded Bits
- Courk.cc
- IoT Security Wiki
- Cybergibbons
- Tclaverie
- Besimaltinok
- Ctrlu
- Dantheiotman
- Danman
- Quentinkaiser
- Ice9
- CJHackerz
- Synacktiv Publications
- Ktln2
- Limited Results
- Fail0verflow
- Exploit Security
- Team82 Research
- Firmware.RE
- Devttys0
- K3170makan
- Sp3ctr3
- Cr4.sh
- HardBreak Wiki
- 8ksec
- Starlabs
- 0xtriboulet
- Nozomi Networks
- W00tsec
- IoT Pentest
- Duo Decipher
- 0x42424242
- Quarkslab
- F-Secure Labs
- MG.lol
- Bunnie's Blog
- Attify Blog
-
Device-Specific Research
- DJI Mavic 3 Drone Research: Firmware Analysis
- Turning Google smart speakers into wiretaps for $100k
- A Pain in the NAS: Synology DS920+ Edition
- Hacking a Tapo TC60 Camera
- Pwn2Own: Synology BC500 IP Camera
- Streaming Zero-Fi Shells to Your Smart Speaker
- Listen Up: Sonos Over-The-Air Remote Kernel Exploitation and Covert Wiretap
- ARLO: I'M WATCHING YOU
- Rooting a Hive Camera
- Turning Camera Surveillance on its Axis
- Pwn2Own Ireland 2024 – Ubiquiti AI Bullet
- Hacking a Smart Home Device
- The Silent Spy Among Us: Smart Intercom Attacks
- Pwnassistant - Home Assistant RCE
- Hacking Sonoff Smart Home IoT Device
- Smart Speaker Shenanigans: Making the Sonos ONE Sing its Secrets
- Pwning a Brother labelmaker, for fun and interop!
- lexmark printer haxx
- Pwn2Own Ireland 2024: Canon imageCLASS MF656Cdw
- Print Scan Hacks: Brother devices
- DJI Mavic 3 Drone Research: Vulnerability Analysis
- DJI - The ART of obfuscation
- Local Privilege Escalation on the DJI RM500 Smart Controller
- Let Me Cook You a Vulnerability: Exploiting the Thermomix TM5
- Weekend Destroyer - RCE in Western Digital PR4100 NAS
- Exploiting the Synology TC500 at Pwn2Own Ireland 2024
- Hacking the Nintendo DSi Browser
- mast1c0re: Exploiting the PS4 and PS5 through a game save
- Being Overlord on the Steam Deck with 1 Byte
- Hacking the XBox 360 Hypervisor
- Pixel 6 Bootloader Series
- Solo: A Pixel 6 Pro Story
- Gaining kernel code execution on an MTE-enabled Pixel 8
- Bypassing MTE with CVE-2025-0072
- Debugging the Pixel 8 kernel via KGDB
- A First Glimpse of the Starlink User Terminal
- Diving into Starlink's User Terminal Firmware
-
Technical Research
-
Community Platforms
-
Villages
-
Researchers to Follow
-
TrustZone and TEE Research
-
Pwn2Own Research
-
-
Hardware Attacks
-
Interface Attacks
- Dumping Firmware from Router Using Bus Pirate - SPI
- Identifying UART Interface
- The Hitchhacker's Guide to iPhone Lightning and JTAG Hacking
- Serial Terminal Basics
- TPM 2.0: Extracting Bitlocker Keys Through SPI
- Intro to Embedded RE: UART Discovery and Firmware Extraction via UBoot
- Using UART to Connect to a Chinese IP Cam
- A Journey into IoT Hardware Hacking: UART
- Accessing and Dumping Firmware Through UART
- Analyzing JTAG
- Debugging AVR Microcontrollers Through JTAG
- Introduction to TPM (Trusted Platform Module)
- Trusted Platform Module Security Defeated in 30 Minutes
- LibSWD - Serial Wire Debug Open Library
- Reverse Engineering Serial Ports
- UARTBruteForcer
- UART Connections and Dynamic Analysis on Linksys e1000
- How to Find the JTAG Interface
- Extracting Firmware from External Memory via JTAG
- SWD Protocol Overview - HardBreak Wiki
- Unveiling Vulnerabilities: Exploring SWD Attack Surface in Hardware
- Introduction to ARM Serial Wire Debug Protocol
- Serial Wire Debug and CoreSight Architecture
- Hardware Hacking and Exploitation Bootcamp - SWD
- Extracting Firmware from Embedded Devices (SPI NOR Flash)
- How to Flash Chip of a Router with a Programmer
- IoT Security Part 16: Hardware Attack Surface I2C
- I2C Exploitation - HackTricks
- Non-invasive I2C Hardware Trojan Attack Vector (PDF)
- Hardware Hacking: I2C Injection with Bus Pirate
- Safeguarding SPI, I2C, and I3C Protocols
- Hardware Hacking: I2C Injection with Bus Pirate
-
Side-Channel and Fault Injection
- Hardware Power Glitch Attack - rhme2
- Breaking AES with ChipWhisperer
- ChipWhisperer Wiki
- Side Channel Attacks - Yifan Lu
- Rowhammer Bit Flips to Steal Crypto Keys
- Voltage Glitching with Crowbars Tutorial
- Voltage Glitching Attack using iCEstick Glitcher
- FPGA Glitching and Side Channel Attacks - Samy Kamkar
- Keys in Flash - Glitching AES Keys from Arduino
- Implementing Practical Electrical Glitching Attacks
- How to Voltage Fault Injection
- Fuzzing, Binary Analysis, IoT Security Collection
- Attacks on Implementations of Secure Systems
- Glitcher Part 1 - Reproducible Voltage Glitching on STM32 Microcontrollers
- STM32L05 Voltage Glitching
- Dumping the Amlogic A113X Bootrom
- Retreading The AMLogic A113X TrustZone Exploit Process
- Reverse Engineering an Unknown Microcontroller
- Hacking Microcontroller Firmware Through a USB
- NAND Glitching Attack on Wink Hub
-
Fundamentals
-
Memory Extraction
-
PCIe and DMA Attacks
-
-
Cloud and Backend Security
-
AWS IoT Security
- AWS Pentest Methodology - MorattiSec
- ScoutSuite - Multi-cloud Security Auditing
- Pacu - AWS Exploitation Framework
- S3Scanner - Leaky Bucket Discovery
- Prowler - Cloud Security Assessment
- CloudFox - Cloud Attack Paths
- Cloudfoxable Labs
- AWS Penetration Testing Policy
- AWS Pentesting Guide - HackerOne
- A few notes on AWS Nitro Enclaves
- Comprehensive AWS Pentesting Guide - BreachLock
- AWS Penetration Testing Methodology - Rootshell
- AWS Penetration Testing Techniques 2025
- AWS Security Pentesting Resources
- 7 Best AWS Pentesting Tools 2026
- PayloadsAllTheThings - AWS Pentest
-
Firebase / Cloud Misconfigurations
-
-
Learning Resources
-
IoT Series
-
Books
- Practical IoT Hacking: The Definitive Guide (2021)
- The Firmware Handbook - Jack Ganssle (2004)
- Linksys WRT54G Ultimate Hacking - Paul Asadoorian (2007)
- The Art of PCB Reverse Engineering - Keng Tiong (2015)
- Abusing the Internet of Things - Nitesh Dhanjani (2015)
- Gray Hat Hacking 5th Edition (2018)
- Manual PCB-RE: The Essentials - Keng Tiong (2021)
- Microcontroller Exploits (2024)
- Near Field Communication (NFC): From Theory to Practice (2012)
- Learning Linux Binary Analysis - Ryan O'Neill (2016)
- Inside Radio: An Attack and Defense Guide - Qing Yang, Lin Huang (2018)
- The Hardware Hacking Handbook - Jasper van Woudenberg & Colin O'Flynn (2021)
- Hack the Airwaves: Advanced BLE Exploitation (2023)
- Ultimate Hardware Hacking Gear Guide
- Mastering Hardware Hacking (2025)
- Hardware Security: Challenges and Solutions (2025)
- The Definitive Handbook on Reverse Engineering Tools (2025)
- Ghidra Software Reverse Engineering 2nd Edition (2025)
- IOActive: State of Silicon Chip Hacking 2025
- Security Issues in Mobile NFC Devices - Michael Roland (2024)
- Practical Hardware Pentesting - Jean-Georges Valle (2021)
- Practical Hardware Pentesting 2nd Edition (2023)
- Hardware Hacking: Have Fun While Voiding Your Warranty - Joe Grand (2004)
- Hacking the Xbox - Andrew "bunnie" Huang (2013)
- Hardware Security Training, Hands-on! (2023)
- Fuzzing Against the Machine (2023)
- PatrIoT: Practical and Agile Threat Research for IoT (2022)
- Black Hat Python 2nd Edition (2021)
- IoT Penetration Testing Cookbook - Aaron Guzman & Aditya Gupta (2017)
-
Vulnerability Guides
-
Training Platforms
-
Pentesting Guides
-
Cheatsheets
-
YouTube Channels
-
-
Payment Systems
Categories
Firmware Security
187
Wireless Protocols
139
Research and Community
124
Network and Web Protocols
86
Tools
70
Hardware Attacks
63
Learning Resources
56
🗂️ Resource Index
45
Mobile Application Security
28
Labs and CTFs
26
Defensive Security
22
Industrial and Automotive
21
Cloud and Backend Security
17
Payment Systems
5
Sub Categories
Bluetooth / BLE
54
Blogs
49
Device-Specific Research
37
Reverse Engineering Tools
36
Dynamic Analysis and Emulation
33
Interface Attacks
32
mTLS
31
Hardware Tools
30
Books
29
MQTT
29
Router Exploitation
28
Fuzzing Tools
21
CoAP
21
Side-Channel and Fault Injection
20
Android
20
Books for IoT Penetration Testing
18
AWS IoT Security
16
Wi-Fi
15
Researchers to Follow
15
Cellular (GSM/LTE/5G)
15
LoRa / LoRaWAN
14
RTOS Security
13
Static Analysis Tools
13
Vulnerable Applications
13
RF Fundamentals
11
Zigbee / Z-Wave
11
Automotive Security
11
ARM Exploitation
11
Search Engines
10
Router Firmware Analysis
10
Secure Development
10
OTA Update Security
10
Secure Boot
10
YouTube Channels
10
Threat Modeling
10
Matter / Thread
9
IoT Web and Message Services
9
Pentesting Operating Systems
9
iOS
8
UEFI Security
8
Fundamentals
8
Technical Research
7
ICS/SCADA
7
CTF Competitions
7
TrustZone and TEE Research
7
IoT hardware Overview and Hacking
6
Extraction
6
IoT Protocols Overview
5
Vulnerability Guides
5
Cheatsheets
5
Memory Extraction
4
Community Platforms
4
ATM Hacking
4
Pentesting Guides
3
Continuous Learning Platforms
3
Secure Boot Bypasses
3
Lab Setup
3
Online Assemblers
3
EV Chargers
3
USB
3
Pwn2Own Research
3
DECT (Digital Enhanced Cordless Telecommunications)
3
Cellular Hacking GSM BTS
2
Villages
2
Incident Response
2
IoT Series
2
NFC/RFID
2
Training Platforms
2
PCIe and DMA Attacks
2
Storage Medium
1
Blogs for IoT Pentest
1
Zigbee ALL Stuff
1
UWB (Ultra-Wideband)
1
Firebase / Cloud Misconfigurations
1
Technical Research and Hacking
1
Symlink Attacks
1
Binary Analysis
1
Exploitation Tools
1
BLE Intro and SW-HW Tools to pentest
1
Introduction
1
Pentesting Firmwares and emulating and analyzing
1
TETRA
1
Payment Village
1
Keywords
security
25
reverse-engineering
12
python
11
iot
10
linux
6
fuzzing
6
hacking
6
bluetooth
6
android
5
embedded
5
security-tools
5
ble
5
aws
5
qemu
4
framework
4
disassembler
3
mqtt
3
binary-analysis
3
testing
3
x86
3
arm
3
penetration-testing
3
awesome
3
analysis
3
cloud
3
hardware
3
gcp
3
exploitation
3
firmware
3
firmware-tools
3
firmware-analysis
3
fuzz-testing
2
cypress
2
kernel
2
infosec
2
broadcom
2
filesystem
2
security-automation
2
scanner
2
embedded-systems
2
debugger
2
software-analysis
2
security-hardening
2
azure
2
spoofing
2
binary
2
awesome-list
2
uefi
2
samsung
2
bluetooth-le
2