https://github.com/v33ru/iotsecurity101

A Curated list of IoT Security Resources
https://github.com/v33ru/iotsecurity101

List: IoTSecurity101

embedded-devices firmware firmware-pentesting hardware hardware-hacking iot iot-device iot-security linux pentesting-guides radio

Last synced: 3 months ago
JSON representation

A Curated list of IoT Security Resources

• Host: GitHub
• URL: https://github.com/v33ru/iotsecurity101
• Owner: V33RU
• License: mit
• Created: 2018-05-18T09:31:21.000Z (about 6 years ago)
• Default Branch: master
• Last Pushed: 2024-02-06T14:56:56.000Z (5 months ago)
• Last Synced: 2024-02-06T16:01:50.422Z (5 months ago)
• Topics: embedded-devices, firmware, firmware-pentesting, hardware, hardware-hacking, iot, iot-device, iot-security, linux, pentesting-guides, radio
• Homepage: https://v33ru.github.io/IoTSecurity101/
• Size: 41.6 MB
• Stars: 2,375
• Watchers: 109
• Forks: 475
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE

Lists

• awesome-security-collection - **836**星
• awesome-cyber-security - **836**星
• awesome-cyber-security - **817**星

README

        
![](https://raw.githubusercontent.com/V33RU/IoTSecurity101/master/iot-banner.png)

![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg) 

A Collection for IoT Security Resources

- You are welcome to fork and [contribute](https://github.com/V33RU/IoTSecurity101/blob/master/contributors.md#contributors)

Other Interesting Areas:

 - [ICS-Security](https://github.com/V33RU/IoTSecurity101/blob/master/ICS/Industrial%20Control%20Systems.md)

 - [Automotive-Security](https://github.com/V33RU/IoTSecurity101/blob/master/Automotive/Automotive-security.md)

********************************************************************************************************************************

# 🛠️ Approach Methodology

- 🌐 **1. Network**

- 🌐 **2. Web (Front & Backend and Web services)**

- 📱 **3. Mobile App (Android & iOS)**

- 📡 **4. Wireless Connectivity (Zigbee, WiFi, Bluetooth, etc)**

- 💽 **5. Firmware Pentesting (Static and Dynamic analysis, OS of IoT Devices)**

- 🛠️ **6. Hardware Hacking & Fault Injections & SCA Attacks**

- 💾 **7. Storage Medium**

- 🔌 **8. I/O Ports**

## 📑 Contents Overview

### 🛡️ IoT Security Information

#### 🛡️ **General Information and Resources in IoT Security**

- [👥 ***Community and Discussion Platforms***](#community-and-discussion-platforms)

- [🎓 ***IoT and Hardware Security Trainings***](#iot-and-hardware-security-trainings)

- [🔍 ***Technical Research and Hacking***](#technical-research-and-hacking)

- [💻 ***Proof of Concepts: Known Device Vulnerabilities***](#proof-of-concepts-known-device-vulnerabilities)

- [📚 ***Books for IoT Penetration Testing***](#books-for-iot-penetration-testing)

- [🖋️ ***Blogs for IoT Pentest***](#blogs-for-iot-pentest)

- [📋 ***Awesome Cheatsheets***](#awesome-cheatsheets)

- [🔍 ***Search Engines for Exposed IoT Devices Worldwide***](#search-engines-for-exposed-iot-devices-worldwide)

- [🚩 ***CTF: Vulnerable IoT and Hardware Applications***](#vulnerable-iot-and-hardware-applications)

- [📺 ***YouTube Channels for IoT Pentesting***](#youtube-channels-for-iot-pentesting)

- [⚒️ ***Exploitation Tools***](#exploitation-tools)

- [🖥️ ***IoT Pentesting OSes***](#iot-pentesting-oses)

- [📘 ***IoT Vulnerabilities Checking Guides***](#iot-vulnerabilities-checking-guides)

- [🔬 ***IoT Labs***](#vulnerable-iot-and-hardware-applications)

- [📖 ***Awesome IoT Pentesting Guides***](#awesome-iot-pentesting-guides)

- [🐛 ***Fuzzing Things***](#fuzzing-things)

- [🏢 ***IoT Lab Setup Guide for Corporate/Individual***](https://github.com/IoT-PTv/IoT-Lab-Setup)

- [🔧 ***FlipperZero***](#flipperzero)

- [🏘 ***Villages***](#villages)

## **Specific Topics in IoT Security**

#### 🌐 **Network**

#### 🌐 **Web IoT Message Protocols**

- [📨 ***MQTT***](#mqtt)

- [📬 ***CoAP***](#coap)

#### 📱 **Mobile App**

- [🛡***Mobile Security (Android & iOS)***](#mobile-security-android--ios)

#### 📡 **Wireless Protocols**

- [📻 ***Radio Hacking Starting Guide***](#Radio-Hacker-Quick-Start-Guide)

- [📡 ***Cellular Hacking GSM BTS***](#cellular-hacking-gsm-bts)

- [🐝 ***Zigbee***](#zigbee-all-stuff)

- [🔵 ***Bluetooth***](#ble-intro-and-sw-hw-tools-to-pentest)

- [📞 ***DECT***](#dect-digital-enhanced-cordless-telecommunications)

- [📲 ***NFC***](#nfc-rfid)

#### 💽 **Firmware**

- [🔍 ***Reverse Engineering Tools***](#reverse-engineering-tools)

- [💻 ***Online Assemblers***](#online-assemblers)

- [💪 ***ARM***](#arm)

- [🔨 ***Pentesting Firmwares: Emulating and Analyzing***](#pentesting-firmwares-and-emulating-and-analyzing)

- [🔬 ***Firmware Samples to Pentest***](#firmware-samples-to-pentest)

- [🔒 ***Secureboot***](#secureboot)

- [🔍 ***Binary Analysis***](#binary-analysis)

#### 🛠️ **Hardware**

- [🔎 ***IoT Hardware Intro***](#iot-hardware-overview-and-hacking)

- [🛠️ ***Required Hardware to Pentest IoT***](#hardware-gadgets-to-pentest)

- [🔌 ***Hardware Interfaces***](#attacking-hardware-interfaces)

  - [🔌 ***SPI***](#spi)

  - [🔌 ***UART***](#uart)

  - [🔌 ***JTAG***](#jtag)

  - [🔌 ***TPM***](#tpm)

- [🛠️ ***Side Channel Attacks & Glitching Attacks***](#sidechannel-attacks)

#### 💾 Storage Medium

- [📀 ***EMMC*** ](#emmc-protocol-and-techniques)

#### 💳 Payment Security

- [💵 ***ATM Hacking***](#ATM-Hacking)

  

********************************************************************************************************************************

### Technical Research and Hacking

- [Subaru Head Unit Jailbreak](https://github.com/sgayou/subaru-starlink-research/blob/master/doc/README.md)

- [Jeep Hack](http://illmatics.com/Remote%20Car%20Hacking.pdf)

- [Dropcam Hacking](https://www.defcon.org/images/defcon-22/dc-22-presentations/Moore-Wardle/DEFCON-22-Colby-Moore-Patrick-Wardle-Synack-DropCam-Updated.pdf)

- [Printer Hacking Live Sessions - Gamozo Labs](https://www.youtube.com/watch?v=2LVtEoQA8Qo&ab_channel=gamozolabs)

- [LED Light Hacking](https://youtu.be/Nnb2ct3hc68)

- [PS4 Jailbreak – the current status](https://wololo.net/ps4-jailbreak-ps4-cfw4dummies/)

- [Your Lenovo Watch X Is Watching You & Sharing What It Learns](https://www.checkmarx.com/blog/lenovo-watch-watching-you/)

- [Your Smart Scale is Leaking More than Your Weight: Privacy Issues in IoT](https://www.checkmarx.com/blog/smart-scale-privacy-issues-iot/)

- [Besder 6024PB-XMA501 IP camera security analysis](https://github.com/KostasEreksonas/Besder-6024PB-XMA501-ip-camera-security-investigation)

- [Smart Lock Vulnerabilities](http://www.savoringgreens.com/index-3218.html)

********************************************************************************************************************************

### Proof of Concepts known Device Vulnerabilities

- [IoT-Vuln-with CVE and PoC of tenda and dlink](https://github.com/z1r00/IOT_Vul)

********************************************************************************************************************************

### Community and Discussion Platforms

- [IoTSecurity101 Telegram](https://t.me/iotsecurity1011)

- [IoTSecurity101 Reddit](https://www.reddit.com/r/IoTSecurity101/)

- [IoTSecurity101 Discord](https://discord.gg/EH9dxT9)

- [Hardware Hacking Telegram](https://t.me/hardwareHackingBrasil)

- [RFID Discord Group](https://discord.gg/Z43TrcVyPr)

- [ICS Discord Group](https://discord.com/invite/CmDDsFK)

********************************************************************************************************************************

### IoT and Hardware Security Trainings

- [opensecuritytraining 2](https://p.ost2.fyi/courses)

  

********************************************************************************************************************************

### Books for IoT Penetration Testing

#### 2004

- [The Firmware Handbook (Embedded Technology) 1st Edition by Jack Ganssle](https://www.amazon.com/Firmware-Handbook-Embedded-Technology/dp/075067606X)

- [Hardware Hacking: Have Fun while Voiding your Warranty 1st Edition](https://www.elsevier.com/books/hardware-hacking/grand/978-1-932266-83-2)

#### 2007

- [Linksys WRT54G Ultimate Hacking 1st Edition by Paul Asadoorian](https://www.amazon.com/Linksys-WRT54G-Ultimate-Hacking-Asadoorian/dp/1597491667)

#### 2013

- [Hacking the Xbox - An Introduction to Reverse Engineering HACKING THE XBOX by Andrew “bunnie” Huang](https://www.nostarch.com/xboxfree)

- [Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure by Eric D. Knapp , Raj Samani](https://www.amazon.com/Applied-Cyber-Security-Smart-Grid/dp/1597499986/)

#### 2014

- [Android Hacker's Handbook by Joshua J. Drake](https://www.amazon.in/Android-Hackers-Handbook-MISL-WILEY-Joshua/dp/812654922X)

#### 2015

- [The Art of Pcb Reverse Engineering: Unravelling the Beauty of the Original Design](https://www.amazon.in/Art-Pcb-Reverse-Engineering-Unravelling/dp/1499323441)

- [Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts 1st Edition, by Nitesh Dhanjani](https://www.amazon.in/Abusing-Internet-Things-Blackouts-Freakouts-ebook/dp/B013VQ7N36)

#### 2016

- [Learning Linux Binary Analysis By Ryan "elfmaster" O'Neill](https://www.packtpub.com/networking-and-servers/learning-linux-binary-analysis)

- [Car hacker's handbook by Craig Smith](http://opengarages.org/handbook)

#### 2017

- [IoT Penetration Testing Cookbook By Aaron Guzman , Aditya Gupta](https://www.packtpub.com/networking-and-servers/iot-penetration-testing-cookbook)

#### 2018

- [Inside Radio: An Attack and Defense Guide by Authors: Yang, Qing, Huang, Lin](https://books.google.co.in/books?id=71NSDwAAQBAJ&printsec=copyright&redir_esc=y#v=onepage&q&f=false)

- [Pentest Hardware](https://github.com/unprovable/PentestHardware/)

- [Gray Hat Hacking: The Ethical Hacker's Handbook, Fifth Edition 5th Edition by Daniel Regalado , Shon Harris , Allen Harper , Chris Eagle , Jonathan Ness , Branko Spasojevic , Ryan Linn , Stephen Sims](https://www.amazon.in/Gray-Hat-Hacking-Ethical-Handbook-ebook/dp/B07D3J9J4H)

#### 2021

- [Practical Hardware Pentesting](https://www.packtpub.com/product/practical-hardware-pentesting/9781789619133?_ga=2.224205017.333884789.1668314814-101815837.1668314814)

- [The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks Front Cover Jasper van Woudenberg, Colin O'Flynn](https://books.google.co.in/books?id=DEqatAEACAAJ&source=gbs_navlinks_s)

- [Practical IoT Hacking-The Definitive Guide to Attacking the Internet of Things by Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, Beau Woods](https://nostarch.com/practical-iot-hacking)

- [Manual PCB-RE: The Essentials](https://www.amazon.in/Manual-PCB-RE-Essentials-Keng-Tiong/dp/B0974Z3NDS)

#### 2022

- [PatrIoT: practical and agile threat research for IoT by Emre Süren](https://link.springer.com/article/10.1007/s10207-022-00633-3)

#### 2023

- [Practical Hardware Pentesting - Second Edition](https://www.packtpub.com/product/practical-hardware-pentesting-second-edition/9781803249322)

- [Blue Fox: Arm Assembly Internals & Reverse Engineering](https://www.wiley.com/en-gb/Blue+Fox%3A+Arm+Assembly+Internals+%26+Reverse+Engineering-p-9781119745303)

- [Fuzzing Against the Machine: Automate vulnerability research with emulated IoT devices on QEMU](https://www.packtpub.com/product/fuzzing-against-the-machine/9781804614976)

- [Hardware Security Training, Hands-on!](https://link.springer.com/book/10.1007/978-3-031-31034-8)

- [Automotive Cybersecurity Engineering Handbook: The automotive engineer's roadmap to cyber-resilient vehicles Series](https://www.amazon.in/Automotive-Cybersecurity-Engineering-Handbook-cyber-resilient/dp/1801076537)

- [Embedded Systems Security and TrustZone](https://embeddedsecurity.io/)

********************************************************************************************************************************

### Awesome CheatSheets

- [Hardware Hacking cheat sheet](https://github.com/arunmagesh/hw_hacking_cheatsheet)

- [Nmap](https://github.com/gnebbia/nmap_tutorial)

********************************************************************************************************************************

### Search Engines for Internet-Connected Devices

- [Shodan](https://www.shodan.io/)

- [Censys](https://censys.io/)

- [ZoomEye](https://www.zoomeye.org/)

- [BinaryEdge](https://www.binaryedge.io/)

- [Thingful](https://www.thingful.net/)

- [Wigle](https://wigle.net/)

- [Hunter.io](https://hunter.io/)

- [BuiltWith](https://builtwith.com/)

- [NetDB](https://github.com/stamparm/NetDB)

- [Recon-ng](https://github.com/lanmaster53/recon-ng)

- [PublicWWW](https://publicwww.com/)

********************************************************************************************************************************

### YouTube Channels for IoT Pentesting

- [Joe Grand](https://www.youtube.com/@JoeGrand) 

- [Liveoverflow](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w)

- [Binary Adventure](https://www.youtube.com/channel/UCSLlgiYtOXZnYPba_W4bHqQ)

- [EEVBlog](https://www.youtube.com/user/EEVblog)

- [Craig Smith](https://www.youtube.com/channel/UCxC8G4Oeed4N0-GVeDdFoSA)

- [iotsecurity101](https://www.youtube.com/channel/UCe2mJv2FPRFhYJ7dvNdYR4Q)

- [Besim ALTINOK - IoT - Hardware - Wireless](https://www.youtube.com/channel/UCnIV7A3kDL4JXJEljpW6TRQ/playlists)

- [Ghidra Ninja](https://www.youtube.com/channel/UC3S8vxwRfqLBdIhgRlDRVzw)

- [Cyber Gibbons](https://www.youtube.com/channel/UC_IYERSoSwdR7AA5P41mYTA)

- [Scanline](https://www.youtube.com/channel/UCaEgw3321ct_PE4PJvdhXEQ)

- [Aaron Christophel](https://www.youtube.com/c/12002230/videos)

- [Valerio Di Giampietro](https://www.youtube.com/c/MakeMeHack)

********************************************************************************************************************************

### Vehicle Security Resources

- https://github.com/jaredthecoder/awesome-vehicle-security

********************************************************************************************************************************

### IoT Vulnerabilites Checking Guides

- [Reflecting upon OWASP TOP-10 IoT Vulnerabilities](https://embedi.org/blog/reflecting-upon-owasp-top-10-iot-vulnerabilities/)

- [OWASP IoT Top 10 2018 Mapping Project](https://scriptingxss.gitbook.io/owasp-iot-top-10-mapping-project/)

- [Hardware toolkits for IoT security analysis](https://defcon-nn.ru/0x0B/Hardware%20toolkits%20for%20IoT%20security%20analysis.pdf)

********************************************************************************************************************************

### IoT Gateway Software

- [Webthings by Mozilla - RaspberryPi](https://iot.mozilla.org/docs/gateway-getting-started-guide.html)

********************************************************************************************************************************

### IoT Pentesting OSes

- [Sigint OS- LTE IMSI Catcher](https://www.sigintos.com/)

- [Instatn-gnuradio OS - For Radio Signals Testing](https://github.com/bastibl/instant-gnuradio)

- [Ubutnu Best Host Linux for IoT's - Use LTS](https://www.ubuntu.com/)

- [Internet of Things - Penetration Testing OS v1](https://github.com/IoT-PTv)

- [Dragon OS - DEBIAN LINUX WITH PREINSTALLED OPEN SOURCE SDR SOFTWARE](https://www.rtl-sdr.com/dragonos-debian-linux-with-preinstalled-open-source-sdr-software/)

- [EmbedOS - Embedded security testing virtual machine](https://github.com/scriptingxss/EmbedOS)

- [Skywave Linux- Software Defined Radio for Global Online Listening](https://skywavelinux.com/)

- [A Small, Scalable Open Source RTOS for IoT Embedded Devices](https://www.zephyrproject.org/)

- [ICS - Controlthings.io](https://www.controlthings.io/platform)

- [AttifyOS - IoT Pentest OS - by Aditya Gupta](https://github.com/adi0x90/attifyos)

********************************************************************************************************************************

### Exploitation Tools

- [Expliot - IoT Exploitation framework - by Aseemjakhar](https://gitlab.com/expliot_framework/expliot)

- [Routersploit (Exploitation Framework for Embedded Devices)](https://github.com/threat9/routersploit)

- [IoTSecFuzz (comprehensive testing for IoT device)](https://gitlab.com/invuls/iot-projects/iotsecfuzz)

- [HomePwn - Swiss Army Knife for Pentesting of IoT Devices](https://github.com/ElevenPaths/HomePWN)

- [killerbee - Zigbee exploitation](https://github.com/riverloopsec/killerbee)

- [PRET - Printer Exploitation Toolkit](https://github.com/RUB-NDS/PRET)

- [HAL – The Hardware Analyzer](https://github.com/emsec/hal)

- [FwAnalyzer (Firmware Analyzer)](https://github.com/cruise-automation/fwanalyzer)

- [ISF(Industrial Security Exploitation Framework](https://github.com/w3h/isf)

- [PENIOT: Penetration Testing Tool for IoT](https://github.com/yakuza8/peniot)

- [MQTT-PWN](https://github.com/akamai-threat-research/mqtt-pwn)

********************************************************************************************************************************

### Reverse Engineering Tools

- [IDA Pro](https://www.hex-rays.com/products/ida/): An interactive disassembler that provides extensive information about binary code and is widely used for static analysis.

- [GDB](https://www.gnu.org/software/gdb/): The GNU Project Debugger allows you to see what is going on 'inside' another program while it executes or what another program was doing at the moment it crashed.

- [Radare2](https://www.rada.re/n/): An open-source framework for reverse engineering and analyzing binaries; includes a disassembler for multiple architectures.

- [Cutter](https://cutter.re/): A Qt and C++ GUI for Radare2, aiming to provide a more user-friendly interface as well as additional features.

- [Ghidra](https://ghidra-sre.org/): A software reverse engineering suite of tools developed by NSA that includes a decompiler, assembler, disassembler, and other tools to analyze binaries.

- [Binary Ninja](https://binary.ninja/): A reverse engineering platform that is an alternative to IDA Pro, with a focus on binary analysis for security research and reverse engineering.

- [OllyDbg](http://www.ollydbg.de/): An x86 debugger that emphasizes binary code analysis, which is useful for reverse engineering and finding security vulnerabilities.

- [x64dbg](https://x64dbg.com/): An open-source x64/x32 debugger for windows with a focus on plugin support and scriptability.

- [Hopper](https://www.hopperapp.com/): A reverse engineering tool for macOS and Linux that lets you disassemble, decompile and debug your applications.

- [Immunity Debugger](https://www.immunityinc.com/products/debugger/): A powerful debugger for analyzing malware and reverse engineering with an integrated Python scripting interface for automation.

- [PEiD](https://www.aldeid.com/wiki/PEiD): A tool that detects most common packers, cryptors, and compilers for PE files and is useful for reverse engineering of malware.

********************************************************************************************************************************

### Introduction

- [Introduction to IoT](https://en.wikipedia.org/wiki/Internet_of_things)

- [IoT Architecture](https://www.c-sharpcorner.com/UploadFile/f88748/internet-of-things-part-2/)

- [IoT attack surface](https://www.owasp.org/index.php/IoT_Attack_Surface_Areas)

- [IoT Protocols Overview](https://www.postscapes.com/internet-of-things-protocols/) 

********************************************************************************************************************************

### IoT Web and Message Services 

### IoT Web and Message Services 

#### **MQTT**

##### *Introduction to MQTT*

- [Introduction to MQTT](https://www.hivemq.com/blog/mqtt-essentials-part-1-introducing-mqtt)

##### *Security and Hacking with MQTT*

- [MQTT Broker Security - 101](https://payatu.com/blog/mqtt-broker-security/)

- [Hacking the IoT with MQTT](https://morphuslabs.com/hacking-the-iot-with-mqtt-8edaf0d07b9b)

- [Are Smart Homes Vulnerable to Hacking?](https://blog.avast.com/mqtt-vulnerabilities-hacking-smart-homes)

- [Servisnet Tessa - MQTT Credentials Dump (Unauthenticated) (Metasploit)](https://www.exploit-db.com/exploits/50713)

- [Eclipse Mosquitto MQTT broker 2.0.9 - 'mosquitto' Unquoted Service Path](https://www.exploit-db.com/exploits/49673)

- [IoT Security: RCE in MQTT Protocol](https://systemweakness.com/iot-security-rce-in-mqtt-protocol-929e533f12b4)

- [Penetration testing of Sesame Smart door lock](https://www.diva-portal.org/smash/get/diva2:1750933/FULLTEXT01.pdf)

##### *Known Vulnerabilities and CVE IDs of MQTT Protocol*

- [CVE-2020-13849](https://nvd.nist.gov/vuln/detail/CVE-2020-13849): A vulnerability in MQTT protocol 3.1.1, allowing remote attackers to cause a denial of service. CVSS score: 7.5 (High).

- [CVE-2023-3028](https://nvd.nist.gov/vuln/detail/CVE-2023-3028): Involves insufficient authentication in MQTT backend, leading to potential data access and manipulation. CVSS score: 9.8 (Critical).

- [CVE-2021-0229](https://nvd.nist.gov/vuln/detail/CVE-2021-0229): Pertains to uncontrolled resource consumption in Juniper Networks Junos OS MQTT server. CVSS score: 5.3 (Medium).

- [CVE-2019-5432](https://nvd.nist.gov/vuln/detail/CVE-2019-5432): A malformed MQTT Subscribe packet can crash MQTT Brokers. CVSS score: 7.5 (High).

##### *IoT and MQTT*

- [Using IoT MQTT for V2V and Connected Car](https://mobilebit.wordpress.com/tag/mqtt/)

- [MQTT with Hardware Development Information](https://www.hackster.io/search?i=projects&q=Mqtt)

- [IoT Live Demo: 100,000 Connected Cars with Kubernetes, Kafka, MQTT, TensorFlow](https://dzone.com/articles/iot-live-demo-100000-connected-cars-with-kubernete)

##### *Tools and Client Information*

- [Nmap MQTT Library](https://nmap.org/nsedoc/lib/mqtt.html)

- [The Seven Best MQTT Client Tools](https://www.hivemq.com/blog/seven-best-mqtt-client-tools)

##### *Tutorials and Guides*

- [A Guide to MQTT by Hacking a Doorbell to Send Push Notifications (Video)](https://youtu.be/J_BAXVSVPVI)

- [Understanding the MQTT Protocol Packet Structure](http://www.steves-internet-guide.com/mqtt-protocol-messages-overview/)

- [Authenticating & Authorizing Devices Using MQTT with Auth0](https://auth0.com/docs/integrations/authenticate-devices-using-mqtt)

##### *Advanced Topics and Applications*

- [Deep Learning UDF for MQTT IoT Sensor Data Anomaly Detection](https://github.com/kaiwaehner/ksql-udf-deep-learning-mqtt-iot)

##### *MQTT Softwares*

- [IoXY - MQTT Intercepting Proxy](https://blog.nviso.eu/2020/07/06/introducing-ioxy-an-open-source-mqtt-intercepting-proxy/)

- [Mosquitto - An Open Source MQTT Broker](https://mosquitto.org/)

- [HiveMQ](https://www.hivemq.com/)

- [MQTT Explorer](http://mqtt-explorer.com/)

- [Welcome to MQTT-PWN!](https://mqtt-pwn.readthedocs.io/en/latest/)

##### *Additional Resources*

- [WailingCrab Malware Evolves Using MQTT for Stealthier C2 Communication](https://securityonline.info/wailingcrab-malware-evolves-embracing-mqtt-for-stealthier-c2-communication)

- [Alert: New WailingCrab Malware Loader](https://thehackernews.com/2023/11/alert-new-wailingcrab-malware-loader.html)

- [MQTT on Snapcraft](https://snapcraft.io/search?q=mqtt)

#### CoAP

- [Introduction](http://coap.technology/)

- [CoAP client Tools](http://coap.technology/tools.html)

- [CoAP Pentest Tools](https://bitbucket.org/aseemjakhar/expliot_framework)

- [Nmap - NSE for coap](https://nmap.org/nsedoc/lib/coap.html)

********************************************************************************************************************************

### RADIO HACKER QUICK START GUIDE

- [Complete course in Software Defined Radio (SDR) by Michael Ossmann](https://greatscottgadgets.com/sdr/)

- [SDR Notes - Radio IoT Protocols Overview](https://github.com/notpike/SDR-Notes)

- [Understanding Radio](https://www.taitradioacademy.com/lessons/introduction-to-radio-communications-principals/)

- [Introduction to Software Defined Radio](https://www.allaboutcircuits.com/technical-articles/introduction-to-software-defined-radio/)

- [Introduction Gnuradio companion](https://wiki.gnuradio.org/index.php/Guided_Tutorial_GRC#Tutorial:_GNU_Radio_Companion)

- [Creating a flow graph in gunradiocompanion](https://blog.didierstevens.com/2017/09/19/quickpost-creating-a-simple-flow-graph-with-gnu-radio-companion/)

- [Analysing radio signals 433Mhz ](https://www.rtl-sdr.com/analyzing-433-mhz-transmitters-rtl-sdr/)

- [Recording specific radio signal](https://www.rtl-sdr.com/freqwatch-rtl-sdr-frequency-scanner-recorder/)

- [Replay Attacks with raspberrypi -rpitx](https://www.rtl-sdr.com/tutorial-replay-attacks-with-an-rtl-sdr-raspberry-pi-and-rpitx/)

### Cellular Hacking GSM BTS

#### BTS

- [Awesome-Cellular-Hacking](https://github.com/W00t3k/Awesome-Cellular-Hacking/blob/master/README.md)

- [what is base tranceiver station](https://en.wikipedia.org/wiki/Base_transceiver_station)

- [How to Build Your Own Rogue GSM BTS](https://l33t.gg/how-to-build-a-rogue-gsm-bts/)

#### GSM SS7 Pentesting

- [5Ghoul - 5G NR Attacks & 5G OTA Fuzzing](https://github.com/asset-group/5ghoul-5g-nr-attacks)

- [Introduction to GSM Security](http://www.pentestingexperts.com/introduction-to-gsm-security/)

- [GSM Security 2 ](https://www.ehacking.net/2011/02/gsm-security-2.html)

- [vulnerabilities in GSM security with USRP B200](https://ieeexplore.ieee.org/document/7581461/)

- [Security Testing 4G (LTE) Networks](https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-44con-lte-presentation-2012-09-11.pdf)

- [Case Study of SS7/SIGTRAN Assessment](https://nullcon.net/website/archives/pdf/goa-2017/case-study-of-SS7-sigtran.pdf)

- [Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP](https://github.com/SigPloiter/SigPloit)

- [ss7MAPer – A SS7 pen testing toolkit](https://n0where.net/ss7-pentesting-toolkit-ss7maper)

- [Introduction to SIGTRAN and SIGTRAN Licensing](https://www.youtube.com/watch?v=XUY6pyoRKsg)

- [SS7 Network Architecture](https://youtu.be/pg47dDUL1T0)

- [Introduction to SS7 Signaling](https://www.patton.com/whitepapers/Intro_to_SS7_Tutorial.pdf)

- [Breaking LTE on Layer Two](https://alter-attack.net/)

#### Hardware Tools 

- [Fake BTS Detector (SCL-8521)](https://www.shoghicom.com/fake-bts-detector.php)

********************************************************************************************************************************

### NFC-RFID

- [List of RFID/NFC Security & Privacy talks](https://github.com/doegox/awesome-rfid-talks)

********************************************************************************************************************************

### Zigbee ALL Stuff

- [Introduction and protocol Overview](http://www.informit.com/articles/article.aspx?p=1409785)

- [Hacking Zigbee Devices with Attify Zigbee Framework](https://blog.attify.com/hack-iot-devices-zigbee-sniffing-exploitation/)

- [Hands-on with RZUSBstick](https://uk.rs-online.com/web/p/radio-frequency-development-kits/6962415/) 

- [ZigBee & Z-Wave Security Brief](http://www.riverloopsecurity.com/blog/2018/05/zigbee-zwave-part1/)

- [Hacking ZigBee Networks](https://resources.infosecinstitute.com/topic/hacking-zigbee-networks/)

- [Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes](https://mews.sv.cmu.edu/papers/wisec-20.pdf)

- [Security Analysis of Zigbee Networks with Zigator and GNU Radio](https://mews.sv.cmu.edu/research/zigator/testbed-grcon2020-slides.pdf)

- [Low-Cost ZigBee Selective Jamming](https://www.bastibl.net/reactive-zigbee-jamming/)

#### SW Tools

- [zigbear](https://github.com/philippnormann/zigbear)

- [ZigDiggity](https://github.com/BishopFox/zigdiggity)

- [Zigator](https://github.com/akestoridis/zigator)

- [Z3sec](https://github.com/IoTsec/Z3sec)

#### Hardware Tools for Zigbee

- [APIMOTE IEEE 802.15.4/ZIGBEE SNIFFING HARDWARE](https://www.riverloopsecurity.com/projects/apimote/)

- [RaspBee-The Raspberry Pi Zigbee gateway](https://phoscon.de/en/raspbee/)

- [USRP SDR 2](https://www.ettus.com/products/)

- [ATUSB IEEE 802.15.4 USB Adapter](http://shop.sysmocom.de/products/atusb)

- [nRF52840-Dongle](https://www.nordicsemi.com/Software-and-tools/Development-Kits/nRF52840-Dongle)

********************************************************************************************************************************

### BLE Intro and SW-HW Tools to pentest

##### *StepByStepGuideToBLEUnderstandingAndExploiting*

- [awesome-bluetooth-security](https://github.com/engn33r/awesome-bluetooth-security)

- [BLE-NullBlr: Step By Step guide to BLE Understanding and Exploiting](https://github.com/V33RU/BLE-NullBlr)

##### *TrafficEngineeringInABluetoothPiconet*

- [Traffic Engineering in a Bluetooth Piconet (PDF)](http://www.diva-portal.org/smash/get/diva2:833159/FULLTEXT01.pdf)

##### *BLECharacteristics*

- [BLE Characteristics: A Beginner's Tutorial](https://devzone.nordicsemi.com/nordic/short-range-guides/b/bluetooth-low-energy/posts/ble-characteristics-a-beginners-tutorial)

##### *Bluetooth And BLE PentestTools*

- [Bluing - An intelligence gathering tool for hacking Bluetooth](https://github.com/fO-000/bluing)

- [btproxy](https://github.com/conorpp/btproxy)

- [hcitool & bluez](https://www.pcsuggest.com/linux-bluetooth-setup-hcitool-bluez)

- [Testing With GATT Tool](https://www.jaredwolff.com/blog/get-started-with-bluetooth-low-energy/)

- [crackle - Cracking encryption](https://github.com/mikeryan/crackle)

- [bettercap](https://github.com/bettercap/bettercap)

- [BtleJuice Bluetooth Smart Man-in-the-Middle framework](https://github.com/DigitalSecurity/btlejuice)

- [gattacker](https://github.com/securing/gattacker)

- [BTLEjack Bluetooth Low Energy Swiss army knife](https://github.com/virtualabs/btlejack)

- [DEDSEC-Bluetooth-exploit](https://github.com/0xbitx/DEDSEC-Bluetooth-exploit)

- [BrakTooth Proof of Concept-Blutooth Classic Attacks](https://github.com/Matheus-Garbelini/braktooth_esp32_bluetooth_classic_attacks)

- [sweyntooth_bluetooth_low_energy_attacks Public](https://github.com/Matheus-Garbelini/sweyntooth_bluetooth_low_energy_attacks)

- [esp32_bluetooth_classic_sniffer Public](https://github.com/Matheus-Garbelini/esp32_bluetooth_classic_sniffer)

##### *HardwareForBluetoothHacking*

- [NRFCONNECT - 52840](https://www.nordicsemi.com/Software-and-tools/Development-Kits/nRF52840-Dongle)

- [EDIMAX](https://www.nordicsemi.com/Software-and-tools/Development-Kits/nRF52840-Dongle)

- [CSR 4.0](https://www.amazon.in/GENERIC-Ultra-Mini-Bluetooth-Dongle-Adapter/dp/B0117H7GZ6/ref=asc_df_B0117H7GZ6/)

- [ESP32 - Development and learning Bluetooth](https://www.espressif.com/en/products/hardware/esp32/overview)

- [Ubertooth](https://github.com/greatscottgadgets/ubertooth/wiki/Ubertooth-One)

- [Sena 100](http://www.senanetworks.com/ud100-g03.html)

- [ESP-WROVER-KIT-VB](https://www.digikey.in/en/products/detail/espressif-systems/ESP-WROVER-KIT-VB/8544301)

##### *Bluetooth Hacks*

- [Blue2thprinting: Answering the Question of 'WTF am I even looking at?!'](https://darkmentor.com/publication/2023-11-hardweario/)

- [Open Wounds: The Last 5 Years Have Left Bluetooth to Bleed](https://darkmentor.com/publication/2023-10-hacklu/)

- [It Was Harder to Sniff Bluetooth Through My Mask During the Pandemic...](https://darkmentor.com/publication/2023-08-hitb/)

- [Bluetooth vs BLE Basics](https://github.com/V33RU/BLE-NullBlr)

- [Examining the August Smart Lock](https://blog.quarkslab.com/examining-the-august-smart-lock.html)

- [Finding Bugs in Bluetooth](https://bluetooth.lol/)

- [Intel Edison as Bluetooth LE — Exploit Box](https://medium.com/@arunmag/intel-edison-as-bluetooth-le-exploit-box-a63e4cad6580)

- [How I Reverse Engineered and Exploited a Smart Massager](https://medium.com/@arunmag/how-i-reverse-engineered-and-exploited-a-smart-massager-ee7c9f21bf33)

- [My Journey Towards Reverse Engineering a Smart Band — Bluetooth-LE RE](https://medium.com/@arunmag/my-journey-towards-reverse-engineering-a-smart-band-bluetooth-le-re-d1dea00e4de2)

- [Bluetooth Smartlocks](https://www.getkisi.com/blog/smart-locks-hacked-bluetooth-ble)

- [I Hacked MiBand 3](https://medium.com/@yogeshojha/i-hacked-xiaomi-miband-3-and-here-is-how-i-did-it-43d68c272391)

- [GATTacking Bluetooth Smart Devices](https://securing.pl/en/gattacking-bluetooth-smart-devices-introducing-a-new-ble-proxy-tool/index.html)

- [Bluetooth Beacon Vulnerability](https://www.beaconzone.co.uk/blog/category/security/)

- [Sweyntooth Vulnerabilities](https://asset-group.github.io/disclosures/sweyntooth/)

- [AIRDROP_LEAK - Sniffs BLE Traffic and Displays Status Messages from Apple Devices](https://github.com/hexway/apple_bleee)

- [BRAKTOOTH: Causing Havoc on Bluetooth Link Manager](https://asset-group.github.io/disclosures/braktooth/)

- [Practical Introduction to BLE GATT Reverse Engineering: Hacking the Domyos EL500](https://jcjc-dev.com/2023/03/19/reversing-domyos-el500-elliptical/)

- [MojoBox - Yet Another Not So Smartlock](https://mandomat.github.io/2023-03-15-testing-mojobox-security/)

- [Bluetooth-Hacking](https://github.com/zedxpace/bluetooth-hacking-)

- [Bluetooth Forward and Future Secrecy Attacks and Defenses (BLUFFS) [CVE 2023-24023]](https://github.com/francozappa/bluffs)

 

********************************************************************************************************************************

### DECT (Digital Enhanced Cordless Telecommunications)

  - [Real Time Interception And Monitoring Of A DECT Cordless Telephone](https://www.youtube.com/watch?v=MDF1eUvOte0&ab_channel=RobVK8FOES)

  - [Eavesdropping On Unencrypted DECT Voice Traffic](https://www.youtube.com/watch?v=WBvYsXrs3DI&ab_channel=RobVK8FOES)

  - [Decoding DECT Voice Traffic: In-depth Explanation](https://www.youtube.com/watch?v=oiMkirm_xfY&ab_channel=RobVK8FOES)

  

#### Software Tools && Hardware Tools 

   ##### Software

   

   ##### Hardware

********************************************************************************************************************************

### Mobile security (Android & iOS)

#### *Android*

- [Android App Reverse Engineering 101](https://maddiestone.github.io/AndroidAppRE/) - A comprehensive guide to reverse engineering Android applications.

- [Android Application Pentesting Book](https://www.packtpub.com/hardware-and-creative/learning-pentesting-android-devices) - A detailed book on penetration testing techniques for Android devices.

- [Android Pentest Video Course - TutorialsPoint](https://www.youtube.com/watch?v=zHknRia3I6s&list=PLWPirh4EWFpESLreb04c4eZoCvJQJrC6H) - A series of video tutorials on Android penetration testing.

- [Android Tamer](https://androidtamer.com/) - A Virtual/Live Platform for Android Security professionals, offering tools and environment for Android security.

#### *iOS*

- [iOS Pentesting](https://web.securityinnovation.com/hubfs/iOS%20Hacking%20Guide.pdf?) - A guide to penetration testing in iOS environments.

- [OWASP Mobile Security Testing Guide](https://owasp.org/www-project-mobile-security-testing-guide/) - The Open Web Application Security Project's guide for mobile security testing, applicable to iOS.

********************************************************************************************************************************

### Villages

 - [Payment Villages](https://www.paymentvillage.org/home)

 - [ICS Village](https://www.icsvillage.com/)

 - [IoT Villages](https://www.iotvillage.org/index.html)

 - [RF hackers](https://rfhackers.com/)

 - [Car Hacking Village](https://www.carhackingvillage.com/)

*******************************************************************************************************************************

### Online Assemblers

- [AZM Online Arm Assembler by Azeria](https://azeria-labs.com/azm/)

- [Online Disassembler](https://onlinedisassembler.com/odaweb/)

- [Compiler Explorer is an interactive online compiler which shows the assembly output of compiled C++, Rust, Go](https://godbolt.org/)

********************************************************************************************************************************

### ARM

- [Azeria Labs](https://azeria-labs.com/)

- [ARM EXPLOITATION FOR IoT](https://www.exploit-db.com/docs/english/43906-arm-exploitation-for-iot.pdf)

- [Damn Vulnerable ARM Router (DVAR)](https://blog.exploitlab.net/2018/01/dvar-damn-vulnerable-arm-router.html)

- [EXPLOIT.EDUCATION](https://exploit.education/)

********************************************************************************************************************************

### Pentesting Firmwares and emulating and analyzing

#### *Firmware Analysis Tools*

 - [EMBA-An analyzer for embedded Linux firmware](https://p4cx.medium.com/emba-b370ce503602)

 - [FACT-Firmware Analysis and Comparison Tool](https://github.com/fkie-cad/FACT_core)

 - [Binwalk](https://github.com/ReFirmLabs/binwalk)

 - [fwhunt-scanner-Tools for analyzing UEFI firmware and checking UEFI modules with FwHunt rules](https://github.com/binarly-io/fwhunt-scan)

 - [Qiling](https://github.com/qilingframework/qiling)

 - [fwanalyzer](https://github.com/cruise-automation/fwanalyzer)

 - [ByteSweep](https://gitlab.com/bytesweep/bytesweep)

 - [Firmwalker](https://github.com/craigz28/firmwalker)

 - [Checksec.sh](https://github.com/slimm609/checksec.sh)

 - [QEMU](https://www.qemu.org/)

 - [Firmadyne](https://github.com/firmadyne/firmadyne)

 - [Firmware Modification Kit](https://code.google.com/archive/p/firmware-mod-kit/)

 

#### *Resources*

 - [Firmware analysis and reversing](https://www.owasp.org/index.php/IoT_Firmware_Analysis)

 - [Reversing 101](https://0xinfection.github.io/reversing/)

 - [IoT Security Verification Standard (ISVS)](https://github.com/OWASP/IoT-Security-Verification-Standard-ISVS)

 - [OWASP Firmware Security Testing Methodology](https://scriptingxss.gitbook.io/firmware-security-testing-methodology/)

 - [Firmware emulation with QEMU](https://www.youtube.com/watch?v=G0NNBloGIvs)

 - [Reversing ESP8266 Firmware](https://boredpentester.com/reversing-esp8266-firmware-part-1/)

 - [Emulating ARM Router Firmware](https://azeria-labs.com/emulating-arm-firmware/)

 - [Reversing Firmware With Radare](https://www.bored-nerds.com/reversing/radare/automotive/2019/07/07/reversing-firmware-with-radare.html)

 - [Samsung Firmware Magic - Unpacking and Decrypting](https://github.com/chrivers/samsung-firmware-magic)

 - [Qiling & Binary Emulation for automatic unpacking](https://kernemporium.github.io/articles/en/auto_unpacking/m.html)

 - [Reverse engineering with #Ghidra: Breaking an embedded firmware encryption scheme](https://www.youtube.com/watch?v=4urMITJKQQs&ab_channel=stacksmashing)

 - [Simulating and hunting firmware vulnerabilities with Qiling](https://blog.vincss.net/2020/12/pt007-simulating-and-hunting-firmware-vulnerabilities-with-Qiling.html?m=1&s=09)

 - [Using Symbolic Execution to Detect UEFI Firmware Vulnerabilities](https://binarly.io/posts/Using_Symbolic_Execution_to_Detect_UEFI_Firmware_Vulnerabilities/index.html)

 - [Binarly Finds Six High Severity Firmware Vulnerabilities in HP Enterprise Devices](https://www.binarly.io/posts/Binarly_Finds_Six_High_Severity_Firmware_Vulnerabilities_in_HP_Enterprise_Devices/index.html)

 - [Emulating and Exploiting UEFI Firmware](https://margin.re/2023/09/emulating-and-exploiting-uefi-firmware/)

 - 

#### *Firmware Dev && Firmware Emulation*

- [IoT binary analysis & emulation part -1](https://hacklido.com/blog/529-iot-binary-analysis-emulation-part-1)

- [ross debugging for ARM / MIPS ELF with QEMU/toolchain](https://reverseengineering.stackexchange.com/questions/8829/cross-debugging-for-arm-mips-elf-with-qemu-toolchain)

- [Qemu + buildroot 101](https://gitbook.seguranca-informatica.pt/arm/tools/qemu-101)

- [Emulating IoT Firmware Made Easy: Start Hacking Without the Physical Device](https://boschko.ca/qemu-emulating-firmware/)

- [Adaptive Emulation Framework for Multi-Architecture IoT Firmware Testing](https://www.techscience.com/cmc/v75n2/52069/pdf)

- [Automatic Firmware Emulation through Invalidity-guided Knowledge Inference](https://www.usenix.org/conference/usenixsecurity21/presentation/zhou)

- [Debugging D-Link: Emulating firmware and hacking hardware](https://www.greynoise.io/blog/debugging-d-link-emulating-firmware-and-hacking-hardware)

- 

 

********************************************************************************************************************************

### Firmware samples to pentest

 - [Download From here by firmware.center](https://firmware.center/)

********************************************************************************************************************************

### Binary Analysis

 - [Reverse Engineering For Everyone!](https://0xinfection.github.io/reversing/)

 - [https://www.coalfire.com/the-coalfire-blog/reverse-engineering-and-patching-with-ghidra](https://flattsecurity.medium.com/finding-bugs-to-trigger-unauthenticated-command-injection-in-a-netgear-router-psv-2022-0044-2b394fb9edc)

 - [Part two: Reverse engineering and patching with Ghidra](https://www.coalfire.com/the-coalfire-blog/reverse-engineering-and-patching-with-ghidra)

 - [Automating binary vulnerability discovery with Ghidra and Semgrep](https://security.humanativaspa.it/automating-binary-vulnerability-discovery-with-ghidra-and-semgrep/)

********************************************************************************************************************************

### Symlinks Attacks

 - [Zip Slip Vulnerability](https://security.snyk.io/research/zip-slip-vulnerability)

 

********************************************************************************************************************************

### Secureboot

#### *Dev*

- [Writing a Bootloader](http://3zanders.co.uk/2017/10/13/writing-a-bootloader/)

#### *Hacking*

- [Pwn the ESP32 Secure Boot](https://limitedresults.com/2019/09/pwn-the-esp32-secure-boot/)

- [Pwn the ESP32 Forever: Flash Encryption and Sec. Boot Keys Extraction](https://limitedresults.com/2019/11/pwn-the-esp32-forever-flash-encryption-and-sec-boot-keys-extraction/)

- [Amlogic S905 SoC: bypassing the (not so) Secure Boot to dump the BootROM](https://fredericb.info/2016/10/amlogic-s905-soc-bypassing-not-so.html) / [Alternative Link](https://www.cnx-software.com/2016/10/06/hacking-arm-trustzone-secure-boot-on-amlogic-s905-soc/)

- [Defeating Secure Boot with Symlink Attacks](https://www.anvilsecure.com/blog/defeating-secure-boot-with-symlink-attacks.html)

- [PS4 Aux Hax 5 & PSVR Secure Boot Hacking with Keys by Fail0verflow!](https://www.psxhax.com/threads/ps4-aux-hax-5-psvr-secure-boot-hacking-with-keys-by-fail0verflow.12820/)

- [Eclypsium Discovers Multiple Vulnerabilities Affecting 129 Dell Models Via Dell Remote OS Recovery And Firmware Update Capabilities](https://eclypsium.com/2021/06/24/biosdisconnect/)

- [Technical Advisory – U-Boot – Unchecked Download Size and Direction in USB DFU (CVE-2022-2347)](https://research.nccgroup.com/2023/01/20/technical-advisory-u-boot-unchecked-download-size-and-direction-in-usb-dfu-cve-2022-2347/)

- [Breaking Secure Boot on the Silicon Labs Gecko platform](https://blog.quarkslab.com/breaking-secure-boot-on-the-silicon-labs-gecko-platform.html)

********************************************************************************************************************************

### Storage Medium

#### EMMC Protocol and Techniques

Explore the world of EMMC hacking with these curated resources. Whether you're new to hardware hacking or an experienced practitioner, these links provide valuable insights into EMMC protocol, data recovery, and practical hacking techniques.

- [EMMC Protocol](https://prodigytechno.com/emmc-protocol/)

- [RPMB, a secret place inside the eMMC](https://sergioprado.blog/rpmb-a-secret-place-inside-the-emmc/)

- [Hardware Hacking 101: Identifying And Dumping EMMC Flash](https://www.riverloopsecurity.com/blog/2020/03/hw-101-emmc/)

- [EMMC Data Recovery From Damaged Smartphone](https://dangerouspayload.com/2018/10/24/emmc-data-recovery-from-damaged-smartphone/)

- [Another Bunch Of Articles For EMMC](https://hackaday.com/tag/emmc/)

- [Unleash Your Smart-Home Devices: Vacuum Cleaning Robot Hacking](https://media.ccc.de/v/34c3-9147-unleash_your_smart-home_devices_vacuum_cleaning_robot_hacking#t=1810)

- [Hands-On IoT Hacking: Rapid7 At DEF CON 30 IoT Village, Part 1](https://www.rapid7.com/blog/post/2022/10/18/hands-on-iot-hacking-rapid7-at-def-con-30-iot-village-part-1/)

********************************************************************************************************************************

### Payment Device Security

#### ATM Hacking

- [Introduction to ATM Penetration Testing](https://www.youtube.com/watch?v=Ff-0zXTYhuA)

- [Pwning ATMs For Fun and Profit](https://www.youtube.com/watch?v=9cG-JL0LHYw)

- [Jackpotting Automated Teller Machines Redux](https://www.youtube.com/watch?v=4StcW9OPpPc) By Barnaby Jack

********************************************************************************************************************************

### IoT hardware Overview and Hacking

 - [IoT Hardware Guide](https://www.postscapes.com/internet-of-things-hardware/)

 - [Intro To Hardware Hacking - Dumping Your First Firmware](https://blog.nvisium.com/intro-to-hardware-hacking-dumping-your-first-firmware)

 

#### Hardware Gadgets to pentest

  - [Bus Pirate](https://www.sparkfun.com/products/12942)

  - [EEPROM reader/SOIC Cable](https://www.sparkfun.com/products/13153)

  - [Jtagulator/Jtagenum](https://www.adafruit.com/product/1550)

  - [Logic Analyzer](https://www.saleae.com/)

  - [The Shikra](https://int3.cc/products/the-shikra)

  - [FaceDancer21 (USB Emulator/USB Fuzzer)](https://int3.cc/products/facedancer21)

  - [RfCat](https://int3.cc/products/rfcat)

  - [Hak5Gear- Hak5FieldKits](https://hakshop.com/)

  - [Ultra-Mini Bluetooth CSR 4.0 USB Dongle Adapter](https://www.ebay.in/itm/Ultra-Mini-Bluetooth-CSR-4-0-USB-Dongle-Adapter-Black-Golden-with-2-yr-wrnty-/332302813975)

  - [Attify Badge - UART, JTAG, SPI, I2C (w/ headers)](https://www.attify-store.com/products/attify-badge-assess-security-of-iot-devices)

  

  

#### Attacking Hardware Interfaces

   - [An Introduction to Hardware Hacking](https://securityboulevard.com/2020/09/an-introduction-to-hardware-hacking/)

   - [Serial Terminal Basics](https://learn.sparkfun.com/tutorials/terminal-basics/all)

   - [Reverse Engineering Serial Ports](http://www.devttys0.com/2012/11/reverse-engineering-serial-ports/)

   - [REVERSE ENGINEERING ARCHITECTURE AND PINOUT OF CUSTOM ASICS](https://sec-consult.com/en/blog/2019/02/reverse-engineering-architecture-pinout-plc/)

   - [ChipWhisperer - Hardware attacks](http://wiki.newae.com/Main_Page)

   - [Hardware hacking tutorial: Dumping and reversing firmware](https://ivanorsolic.github.io/post/hardwarehacking1/)

#### SPI

  - [Dumping the firmware From Router using BUSPIRATE - SPI Dump](https://www.iotpentest.com/2019/06/dumping-firmware-from-device-using.html)

  - [TPM 2.0: Extracting Bitlocker keys through SPI](https://lucasteske.dev/2024/01/tpm2-bitlocker-keys)

  - [How to Flash Chip of a Router With a Programmer](https://www.youtube.com/watch?v=fbt4OJXJdOc&ab_channel=ElectricalProjects%5BCreativeLab%5D)

  - [Extracting Flash Memory over SPI](https://akimbocore.com/article/extracting-flash-memory-over-spi/)

  - [Extracting Firmware from Embedded Devices (SPI NOR Flash)](https://www.youtube.com/watch?v=nruUuDalNR0&ab_channel=FlashbackTeam)

  - [SPI-Blogs](https://www.google.com/search?q=%22spi+dump%22&source=hp&ei=5jv9YaW6JNvl2roPgbGqMA&iflsig=AHkkrS4AAAAAYf1J9qNY6Snarz3dsHr9KXF1YSY6AKVL&ved=0ahUKEwilxY3apOb1AhXbslYBHYGYCgYQ4dUDCAg&uact=5&oq=%22spi+dump%22&gs_lcp=Cgdnd3Mtd2l6EAMyBggAEBYQHjIGCAAQFhAeMgYIABAWEB4yBggAEBYQHjIGCAAQFhAeMgYIABAWEB4yBggAEBYQHjIGCAAQFhAeMgYIABAWEB4yCAgAEBYQChAeUABYAGC-A2gAcAB4AIABYIgBYJIBATGYAQCgAQKgAQE&sclient=gws-wiz)

  - [Reading FlashROMS - Youtube](https://www.youtube.com/results?search_query=reading+chip+flash+rom)

#### UART

   - [Intro to Embedded RE: UART Discovery and Firmware Extraction via UBoot](https://voidstarsec.com/blog/uart-uboot-and-usb)

   - [Router Analysis Part 1: UART Discovery and SPI Flash Extraction](https://wrongbaud.github.io/posts/router-teardown/)

   - [Identifying UART interface](https://www.mikroe.com/blog/uart-serial-communication)

   - [onewire-over-uart](https://github.com/dword1511/onewire-over-uart)

   - [Accessing sensor via UART](http://home.wlu.edu/~levys/courses/csci250s2017/SensorsSignalsSerialSockets.pdf)

   - [Using UART to connect to a chinese IP cam](https://www.davidsopas.com/using-uart-to-connect-to-a-chinese-ip-cam/)

   - [A journey into IoT – Hardware hacking: UART](https://techblog.mediaservice.net/2019/03/a-journey-into-iot-hardware-hacking-uart/)

   - [UARTBruteForcer](https://github.com/FireFart/UARTBruteForcer)

   - [UART Connections and Dynamic analysis on Linksys e1000](https://www.youtube.com/watch?v=ix6rSV2Dj44&ab_channel=Defenceindepth)

   - [Accessing and Dumping Firmware Through UART](https://www.cyberark.com/resources/threat-research-blog/accessing-and-dumping-firmware-through-uart)

   - [UART Exploiter](https://github.com/exploitsecurityio/uart-exploiter)

#### JTAG

   - [HARDWARE HACKING 101: INTRODUCTION TO JTAG](https://www.riverloopsecurity.com/blog/2021/05/hw-101-jtag/)

   - [How To Find The JTAG Interface - Hardware Hacking Tutorial](https://www.youtube.com/watch?v=_FSM_10JXsM&ab_channel=MakeMeHack)

   - [Buspirate JTAG Connections - Openocd](https://research.kudelskisecurity.com/2014/05/01/jtag-debugging-made-easy-with-bus-pirate-and-openocd/#:~:text=The%20Bus%20Pirate%20is%20an,protocols%20like%20I%C2%B2C%20and%20SPI.)

   - [Extracting Firmware from External Memory via JTAG](https://www.youtube.com/watch?v=IadnBUJAvks&ab_channel=JoeGrand)

   - [Analyzing JTAG](https://nse.digital/pages/guides/hardware/jtag.html)

   - [The hitchhacker’s guide to iPhone Lightning & JTAG hacking](https://media.defcon.org/DEF%20CON%2030/DEF%20CON%2030%20presentations/stacksmashing%20-%20The%20hitchhackers%20guide%20to%20iPhone%20Lightning%20%20%20JTAG%20hacking.pdf)

   - [Debugging 8-bit AVR® microcontrollers trhough JTAG and AVR-gdb](https://hev0x.github.io/posts/debugging-avr-with-atmelice-and-gdb/)

#### TPM

   - [Introduction to TPM (Trusted Platform Module)](https://sergioprado.blog/introduction-to-tpm-trusted-platform-module/)

   - [Trusted platform module security defeated in 30 minutes, no soldering required](https://arstechnica.com/gadgets/2021/08/how-to-go-from-stolen-pc-to-network-intrusion-in-30-minutes/)

   - 

#### SideChannel Attacks

   - [Side channel attacks](https://yifan.lu/)

   - [Attacks on Implementations of Secure Systems](https://github.com/Yossioren/AttacksonImplementationsCourseBook)

   - [fuzzing, binary analysis, IoT security, and general exploitation](https://github.com/0xricksanchez/paper_collection)

   - [Espressif ESP32: Bypassing Encrypted Secure Boot(CVE-2020-13629)](https://raelize.com/blog/espressif-esp32-bypassing-encrypted-secure-boot-cve-2020-13629/)

   - [Breaking AES with ChipWhisperer - Piece of scake (Side Channel Analysis 100)](https://www.youtube.com/watch?v=FktI4qSjzaE&ab_channel=LiveOverflow)

   - [Researchers use Rowhammer bit flips to steal 2048-bit crypto key](https://arstechnica.com/information-technology/2019/06/researchers-use-rowhammer-bitflips-to-steal-2048-bit-crypto-key/)

#### Glitching and Fault Injection Resources

  ##### *Tutorials and Case Studies*

- [NAND Glitching Attack](http://www.brettlischalk.com/posts/nand-glitching-wink-hub-for-root) - Gaining root access to a Wink Hub through NAND glitching.

- [Tutorial CW305-4 Voltage Glitching with Crowbars](https://wiki.newae.com/index.php?title=Tutorial_CW305-4_Voltage_Glitching_with_Crowbars) - Detailed tutorial on voltage glitching using crowbars.

- [Voltage Glitching Attack using SySS iCEstick Glitcher](https://www.youtube.com/watch?v=FVUhVewFmxw) - A demonstration of a voltage glitching attack by SySS PentestTV.

- [Samy Kamkar - FPGA Glitching & Side Channel Attacks](https://www.youtube.com/watch?v=oGndiX5tvEk) - Insights on FPGA glitching and side channel attacks from Samy Kamkar.

- [Hardware Power Glitch Attack - rhme2 Fiesta (FI 100)](https://www.youtube.com/watch?v=6Pf3pY3GxBM) - A hardware power glitch attack demonstration by LiveOverflow.

  ##### *Specific Techniques and Experiments*

- [Keys in flash - Glitching AES keys from an Arduino / ATmega](https://srfilipek.medium.com/keys-in-a-flash-3e984d0de54b) - Extracting AES keys from an Arduino using glitching.

- [Implementing Practical Electrical Glitching Attacks](https://blackhat.com/docs/eu-15/materials/eu-15-Giller-Implementing-Electrical-Glitching-Attacks.pdf) - A guide on implementing electrical glitching attacks, presented at Black Hat Europe 2015.

- [How To Voltage Fault Injection](https://www.synacktiv.com/publications/how-to-voltage-fault-injection) - A comprehensive guide on voltage fault injection techniques.

********************************************************************************************************************************   

### Awesome IoT Pentesting Guides

  - [Shodan Pentesting Guide](https://community.turgensec.com/shodan-pentesting-guide/)

  - [Car Hacking Practical Guide 101](https://medium.com/@yogeshojha/car-hacking-101-practical-guide-to-exploiting-can-bus-using-instrument-cluster-simulator-part-i-cd88d3eb4a53)

  - [OWASP Firmware Security Testing Methodology

](https://scriptingxss.gitbook.io/firmware-security-testing-methodology/)

  - [Awesome-bluetooth-security](https://github.com/engn33r/awesome-bluetooth-security)

  - [awesome-embedded-fuzzing](https://github.com/andreia-oca/awesome-embedded-fuzzing)

  

********************************************************************************************************************************

### Fuzzing Things

  - [OWASP Fuzzing Info](https://owasp.org/www-community/Fuzzing)

  - [Fuzzing_ICS_protocols](https://1modm.github.io/Fuzzing_ICS_protocols.html)

  - [Fuzzowski - the Network Protocol Fuzzer that we will want to use](https://hakin9.org/fuzzowski-the-network-protocol-fuzzer-that-we-will-want-to-use/)

  - [Fuzz Testing of Application Reliability](https://pages.cs.wisc.edu/~bart/fuzz/)

  - [FIRM-AFL : High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation](https://www.usenix.org/conference/usenixsecurity19/presentation/zheng)

  - [Snipuzz : Black-box Fuzzing of IoT Firmware via Message Snippet Inference](https://arxiv.org/pdf/2105.05445.pdf)

  - [fuzzing-iot-binaries] - [part1](https://blog.attify.com/fuzzing-iot-devices-part-1/) / [part2](https://blog.attify.com/fuzzing-iot-binaries-with-afl-part-ii/)

  - [Modern Vulnerability Research Techniques on Embedded Systems](https://breaking-bits.gitbook.io/breaking-bits/vulnerability-discovery/reverse-engineering/modern-approaches-toward-embedded-research)

  - [FuzzingPaper](https://github.com/wcventure/FuzzingPaper/tree/master/Paper)

  - [Exercises to learn how to fuzz with American Fuzzy Lop](https://github.com/mykter/afl-training)

  - [Broadcom and Cypress firmware emulation for fuzzing and further full-stack debugging](https://github.com/seemoo-lab/frankenstein)

  - [Bluetooth experimentation framework for Broadcom and Cypress chips.](https://github.com/seemoo-lab/internalblue)

  - [Fuzzing Forum](https://github.com/google/fuzzing)

********************************************************************************************************************************

### FlipperZero

#### *Custom Firmwares for Flipper Zero*

- [Flipper Zero Unleashed Firmware](https://github.com/DarkFlippers/unleashed-firmware)

- [RogueMaster Flipper Zero Firmware](https://github.com/RogueMaster/flipperzero-firmware-wPlugins)

#### *Interesting Research on Flipper Zero*

- CVE-2022-40363: [Exploiting Flipper Zero’s NFC file loader](https://vvx7.io/posts/2022/09/your-amiibos-haunted/)

#### *Flipper Zero 101: Guides and Resources*

- [Flipper Zero - Starter Guide (YouTube)](https://www.youtube.com/watch?v=MJd6qugqHg8&ab_channel=PenAce)

- [Awesome Resources for Flipper Zero](https://github.com/djsime1/awesome-flipperzero)

#### *Cool Hacks with Flipper Zero*

- [Gaylord M FOCker - Pwn MIFARE Tags](https://luemmelsec.github.io/gaylord-M-FOCker-ready-to-pwn-your-MIFARE-tags/)

  

********************************************************************************************************************************

### ICS

  

  - [ICS-Security](https://github.com/V33RU/IoTSecurity101/blob/master/ICS/Industrial%20Control%20Systems.md)

 

******************************************************************************************************************************** 

### Automotive

  - [Automotive-Security](https://github.com/V33RU/IoTSecurity101/blob/master/Automotive-Security.md)

  

******************************************************************************************************************************** 

### Vulnerable IoT and Hardware Applications

- IoT: [DVID](https://github.com/Vulcainreo/DVID) - `Deliberately vulnerable IoT device firmware for training and educational purposes.`

- Safe: [Damn Vulnerable Safe](https://insinuator.net/2016/01/damn-vulnerable-safe/) - `A physical safe designed to be vulnerable, intended for security training.`

- IoT-vulhub: [IoT-vulhub](https://vulntotal-team.github.io/IoT-vulhub/#%E5%AE%89%E8%A3%85) - `Collection of Dockerized vulnerable IoT applications for learning about IoT security.`

- Router: [DVRF](https://github.com/praetorian-code/DVRF) - `Damn Vulnerable Router Firmware project for understanding router vulnerabilities.`

- SCADA: [Damn Vulnerable Chemical Process](https://www.slideshare.net/phdays/damn-vulnerable-chemical-process) - `A presentation on a vulnerable SCADA system for learning purposes.`

- PI: [Sticky Fingers DV-Pi](https://whitedome.com.au/re4son/sticky-fingers-dv-pi/) - `A vulnerable Raspberry Pi project for educational use.`

- SS7 Network: [Damn Vulnerable SS7 Network](https://www.blackhat.com/asia-17/arsenal.html#damn-vulnerable-ss7-network) - `Demonstrates vulnerabilities in SS7 networks.`

- VoIP: [Hacklab VulnVoIP](https://www.vulnhub.com/entry/hacklab-vulnvoip,40/) - `A vulnerable VoIP application for learning and training.`

- Hardware Hacking 101: [Hardware Hacking 101](https://github.com/rdomanski/hardware_hacking) - `A repository for learning the basics of hardware hacking.`

- RHME-2015: [RHme-2015](https://github.com/Riscure/RHme-2015) - `Archive of the RHme-2015 hardware hacking competition.`

- RHME-2016: [Rhme-2016](https://github.com/Riscure/Rhme-2016) - `Archive of the RHme-2016 hardware hacking competition.`

- RHME-2017: [Rhme-2017](https://github.com/Riscure/Rhme-2017) - `Archive of the RHme-2017 hardware hacking competition.`

### CTF For IoT And Embeddded

#### Awesome Hardware, IoT, Firmware, ARM, and Reverse Engineering CTFs and Platforms

#### *Hardware CTFs*

- [BLE CTF](https://github.com/hackgnar/ble_ctf) - A framework focused on Bluetooth Low Energy security.

- [Rhme-2016](https://github.com/Riscure/Rhme-2016) - Riscure's hardware security competition for 2016.

- [Rhme-2017](https://github.com/Riscure/Rhme-2017) - Riscure's hardware security competition for 2017.

#### *IoT CTFs*

- [IoTGoat](https://github.com/scriptingxss/IoTGoat) - Deliberately insecure firmware based on OpenWrt for IoT security training.

- [IoT Village CTF](https://www.iotvillage.org/) - A Capture The Flag event specifically focused on IoT security.

- [IoTSec CTF](https://ctf.iotsec.io/) - Offers IoT related challenges for continuous learning.

#### *Firmware CTFs*

- [Damn Vulnerable ARM Router](https://blog.exploitlab.net/2018/01/dvar-damn-vulnerable-arm-router.html) - A deliberately vulnerable ARM router for exploitation practice.

- [Firmware Security Training & CTF](https://github.com/0x6d696368/RouterAnalysisToolkit) - Firmware analysis tools and challenges by Router Analysis Toolkit.

#### *ARM CTFs*

- [ARM-X CTF](https://github.com/therealsaumil/armx) - A set of challenges focused on ARM exploitation.

- [Azeria Labs ARM Challenges](https://azeria-labs.com/writing-arm-assembly-part-1/) - Offers ARM assembly challenges and tutorials.

  

#### *Reverse Engineering CTFs*

- [Microcorruption](https://www.microcorruption.com/) - Embedded security CTF focusing on lock systems.

- [Pwnable.kr](https://pwnable.kr/) - Offers various reverse engineering challenges.

#### *Platforms for Continuous Learning*

- [Hack The Box](https://www.hackthebox.eu/) - Platform offering a range of challenges, including hardware and reverse engineering.

- [Root Me](https://www.root-me.org/) - Platform with various types of challenges including hardware and reverse engineering.

- [CTFtime](https://ctftime.org/) - Lists various CTFs, including those in hardware, IoT, and firmware.

 

******************************************************************************************************************************** 

### follow the people

-  [Jilles](https://twitter.com/jilles_com)

-  [Joe Fitz](https://twitter.com/securelyfitz)

-  [Aseem Jakhar](https://twitter.com/aseemjakhar)

-  [Cybergibbons](https://twitter.com/cybergibbons)

-  [Jasper](https://twitter.com/jzvw)

-  [Dave Jones](https://twitter.com/eevblog)

-  [bunnie](https://twitter.com/bunniestudios)

-  [Ilya Shaposhnikov](https://twitter.com/drakylar)

-  [Mark C.](https://twitter.com/LargeCardinal)

-  [A-a-ron Guzman](https://twitter.com/scriptingxss)

-  [Yashin Mehaboobe](https://twitter.com/YashinMehaboobe)

-  [Arun Magesh](https://www.linkedin.com/in/marunmagesh)

-  [Mr-IoT](https://twitter.com/v33riot)

-  [QKaiser](https://twitter.com/qkaiser)

-  [9lyph](https://twitter.com/9lyph)

******************************************************************************************************************************** 

### Blogs for IoT Pentest

#### *🌐 IoT Security Blogs*

- [wrongbaud](https://wrongbaud.github.io/)

- [**voidstarsec**](https://voidstarsec.com/blog/)

- [**Exploitee.rs Website**](https://www.exploitee.rs/)

- [**Jilles.com**](https://jilles.com/)

- [**Syss Tech Blog**](https://blog.syss.com/)

- [**Payatu Blog**](https://payatu.com/blog/)

- [**Raelize Blog**](https://raelize.com/blog/)

- [**JCJC Dev Blog**](http://jcjc-dev.com/)

- [**W00tsec Blog**](https://w00tsec.blogspot.in/)

- [**Devttys0 Blog**](http://www.devttys0.com/) (Use Wayback Machine for old blogs)

- [**Wrongbaud Blog**](https://wrongbaud.github.io/)

- [**Embedded Bits Blog**](https://embeddedbits.org/)

- [**RTL-SDR Blog**](https://www.rtl-sdr.com/)

- [**Keenlab Blog**](https://keenlab.tencent.com/en/)

- [**Courk.cc**](https://courk.cc/)

- [**IoT Security Wiki**](https://iotsecuritywiki.com/)

- [**Cybergibbons Blog**](https://cybergibbons.com/)

- [**Firmware.RE**](http://firmware.re/)

- [**K3170makan Blog**](http://blog.k3170makan.com/)

- [**Tclaverie Blog**](https://blog.tclaverie.eu/)

- [**Besimaltinok Blog**](http://blog.besimaltinok.com/category/iot-pentest/)

- [**Ctrlu Blog**](https://ctrlu.net/)

- [**IoT Pentest Blog**](http://iotpentest.com/)

- [**Duo Decipher Blog**](https://duo.com/decipher/)

- [**Sp3ctr3 Blog**](http://www.sp3ctr3.me)

- [**0x42424242.in Blog**](http://blog.0x42424242.in/)

- [**Dantheiotman Blog**](https://dantheiotman.com/)

- [**Danman Blog**](https://blog.danman.eu/)

- [**Quentinkaiser Blog**](https://quentinkaiser.be/)

- [**Quarkslab Blog**](https://blog.quarkslab.com)

- [**Ice9 Blog**](https://blog.ice9.us/)

- [**F-Secure Labs Blog**](https://labs.f-secure.com/)

- [**MG.lol Blog**](https://mg.lol/blog/)

- [**CJHackerz Blog**](https://cjhackerz.net/)

- [**Bunnie's Blog**](https://github.com/sponsors/bunnie/)

- [**Synacktiv Publications**](https://www.synacktiv.com/publications.html)

- [**Cr4.sh Blog**](http://blog.cr4.sh/)

- [**Ktln2 Blog**](https://ktln2.org/)

- [**Naehrdine Blog**](https://naehrdine.blogspot.com/)

- [**Limited Results Blog**](https://limitedresults.com/)

- [**Fail0verflow Blog**](https://fail0verflow.com/blog/)

- [**Exploit Security Blog**](https://www.exploitsecurity.io/blog)

- [**Attify Blog**](https://blog.attify.com)