cyber-security-resources/IoT/README.md

# IoT Resources

## OWASP Resources

- [OWASP Internet of Things Project](https://owasp.org/www-project-internet-of-things/)
- [OWASP Firmware Security Testing Methodology](https://scriptingxss.gitbook.io/firmware-security-testing-methodology/)

## IoT Hacking Communities

- [IoT Village](https://www.iotvillage.org/)
- [BuildItSecure.ly](http://builditsecure.ly/)
- [Secure Internet of Things Project (Stanford)](http://iot.stanford.edu/people.html)

## Training Available Through ICS-CERT
- https://ics-cert.us-cert.gov/Training-Available-Through-ICS-CERT

## Interesting Blogs

- <http://iotpentest.com/>
- <https://blog.attify.com>
- <https://payatu.com/blog/>
- <http://jcjc-dev.com/>
- <https://w00tsec.blogspot.in/>
- <http://www.devttys0.com/>
- <https://www.rtl-sdr.com/>
- <https://keenlab.tencent.com/en/>
- <https://courk.cc/>
- <https://iotsecuritywiki.com/>
- <https://cybergibbons.com/>
- <http://firmware.re/>

## CTFs Related to IoT's and Embedded Devices

- <https://github.com/hackgnar/ble_ctf>
- <https://www.microcorruption.com/>
- <https://github.com/Riscure/Rhme-2016>
- <https://github.com/Riscure/Rhme-2017>

## YouTube Channels for Embedded hacking

- [Liveoverflow](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w)
- [Binary Adventure](https://www.youtube.com/channel/UCSLlgiYtOXZnYPba_W4bHqQ)
- [EEVBlog](https://www.youtube.com/user/EEVblog)
- [JackkTutorials](https://www.youtube.com/channel/UC64x_rKHxY113KMWmprLBPA)
- [Craig Smith](https://www.youtube.com/channel/UCxC8G4Oeed4N0-GVeDdFoSA)

## Reverse Enginnering Tools

- [IDA Pro](https://www.youtube.com/watch?v=fgMl0Uqiey8)
- [GDB](https://www.youtube.com/watch?v=fgMl0Uqiey8)
- [Radare2](https://radare.gitbooks.io/radare2book/content/)

## MQTT

- [Introduction](https://www.hivemq.com/blog/mqtt-essentials-part-1-introducing-mqtt)
- [Hacking the IoT with MQTT](https://morphuslabs.com/hacking-the-iot-with-mqtt-8edaf0d07b9b)
- [thoughts about using IoT MQTT for V2V and Connected Car from CES 2014](https://mobilebit.wordpress.com/tag/mqtt/)
- [Nmap](https://nmap.org/nsedoc/lib/mqtt.html)
- [The Seven Best MQTT Client Tools](https://www.hivemq.com/blog/seven-best-mqtt-client-tools)
- [A Guide to MQTT by Hacking a Doorbell to send Push Notifications](https://youtu.be/J_BAXVSVPVI)

## CoAP

- [Introduction](http://coap.technology/)
- [CoAP client Tools](http://coap.technology/tools.html)
- [CoAP Pentest Tools](https://bitbucket.org/aseemjakhar/expliot_framework)
- [Nmap](https://nmap.org/nsedoc/lib/coap.html)

## Automobile

- [Introduction and protocol Overview](https://www.youtube.com/watch?v=FqLDpHsxvf8)
- [PENTESTING VEHICLES WITH CANTOOLZ](https://www.blackhat.com/docs/eu-16/materials/eu-16-Sintsov-Pen-Testing-Vehicles-With-Cantoolz.pdf)
- [Building a Car Hacking Development Workbench: Part1](https://blog.rapid7.com/2017/07/11/building-a-car-hacking-development-workbench-part-1/)
- [CANToolz - Black-box CAN network analysis framework](https://github.com/CANToolz/CANToolz)

## Radio IoT Protocols Overview

- [Understanding Radio](https://www.taitradioacademy.com/lessons/introduction-to-radio-communications-principals/)
- [Signal Processing]()
- [Software Defined Radio](https://www.allaboutcircuits.com/technical-articles/introduction-to-software-defined-radio/)
- [Gnuradio](https://wiki.gnuradio.org/index.php/Guided_Tutorial_GRC#Tutorial:_GNU_Radio_Companion)
- [Creating a flow graph](https://blog.didierstevens.com/2017/09/19/quickpost-creating-a-simple-flow-graph-with-gnu-radio-companion/)
- [Analysing radio signals](https://www.rtl-sdr.com/analyzing-433-mhz-transmitters-rtl-sdr/)
- [Recording specific radio signal](https://www.rtl-sdr.com/freqwatch-rtl-sdr-frequency-scanner-recorder/)
- [Replay Attacks](https://www.rtl-sdr.com/tutorial-replay-attacks-with-an-rtl-sdr-raspberry-pi-and-rpitx/)

## Base transceiver station (BTS)

- [what is base tranceiver station](https://en.wikipedia.org/wiki/Base_transceiver_station)
- [How to Build Your Own Rogue GSM BTS](https://www.evilsocket.net/2016/03/31/how-to-build-your-own-rogue-gsm-bts-for-fun-and-profit/)

## GSM & SS7 Pentesting

- [Introduction to GSM Security](http://www.pentestingexperts.com/introduction-to-gsm-security/)
- [GSM Security 2](https://www.ehacking.net/2011/02/gsm-security-2.html)
- [vulnerabilities in GSM security with USRP B200](https://ieeexplore.ieee.org/document/7581461/)
- [Security Testing 4G (LTE) Networks](https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-44con-lte-presentation-2012-09-11.pdf)
- [Case Study of SS7/SIGTRAN Assessment](https://nullcon.net/website/archives/pdf/goa-2017/case-study-of-SS7-sigtran.pdf)
- [Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP](https://github.com/SigPloiter/SigPloit)
- [ss7MAPer – A SS7 pen testing toolkit](https://n0where.net/ss7-pentesting-toolkit-ss7maper)
- [Introduction to SIGTRAN and SIGTRAN Licensing](https://www.youtube.com/watch?v=XUY6pyoRKsg)
- [SS7 Network Architecture](https://youtu.be/pg47dDUL1T0)
- [Introduction to SS7 Signaling](https://www.patton.com/whitepapers/Intro_to_SS7_Tutorial.pdf)

## Zigbee & Zwave

- [Introduction and protocol Overview](http://www.informit.com/articles/article.aspx?p=1409785)
- [Hacking Zigbee Devices with Attify Zigbee Framework](https://blog.attify.com/hack-iot-devices-zigbee-sniffing-exploitation/)
- [Hands-on with RZUSBstick](https://uk.rs-online.com/web/p/radio-frequency-development-kits/6962415/)
- [ZigBee & Z-Wave Security Brief](http://www.riverloopsecurity.com/blog/2018/05/zigbee-zwave-part1/)

## BLE

- [Traffic Engineering in a Bluetooth Piconet](http://www.diva-portal.org/smash/get/diva2:833159/FULLTEXT01.pdf)
- [BLE Characteristics](https://devzone.nordicsemi.com/tutorials/b/bluetooth-low-energy/posts/ble-characteristics-a-beginners-tutorial0) Reconnaissance (Active and Passive) with HCI Tools

  - [btproxy](https://github.com/conorpp/btproxy)
  - [hcitool & bluez](https://www.pcsuggest.com/linux-bluetooth-setup-hcitool-bluez)
  - [Testing With GATT Tool](https://www.jaredwolff.com/blog/get-started-with-bluetooth-low-energy/)
  - [Cracking encryption](https://github.com/mikeryan/crackle)

## Mobile security (Android & iOS)

- [Android](https://www.packtpub.com/hardware-and-creative/learning-pentesting-android-devices)
- [Android Pentest Video Course](https://www.youtube.com/watch?v=zHknRia3I6s&list=PLWPirh4EWFpESLreb04c4eZoCvJQJrC6H)
- [IOS Pentesting](https://web.securityinnovation.com/hubfs/iOS%20Hacking%20Guide.pdf?)

## ARM

- [Azeria Labs](https://azeria-labs.com/)
- [ARM EXPLOITATION FOR IoT](https://www.exploit-db.com/docs/english/43906-arm-exploitation-for-iot.pdf)

## Firmware Pentest

- [Firmware analysis and reversing](https://www.youtube.com/watch?v=G0NNBloGIvs)
- [Firmware emulation with QEMU](https://www.youtube.com/watch?v=G0NNBloGIvs)
- [Dumping Firmware using Buspirate](http://iotpentest.com/tag/pulling-firmware/)

## IoT hardware Overview

- [IoT Hardware Guide](https://www.postscapes.com/internet-of-things-hardware/)

## Hardware Tools

- [Bus Pirate](https://www.sparkfun.com/products/12942)
- [EEPROM readers](https://www.ebay.com/bhp/eeprom-reader)
- [Jtagulator / Jtagenum](https://www.adafruit.com/product/1550)
- [Logic Analyzer](https://www.saleae.com/)
- [The Shikra](https://int3.cc/products/the-shikra)
- [FaceDancer21 (USB Emulator/USB Fuzzer)](https://int3.cc/products/facedancer21)
- [RfCat](https://int3.cc/products/rfcat)
- [IoT Exploitation Learning Kit](https://www.attify.com/attify-store/iot-exploitation-learning-kit)
- [Hak5Gear- Hak5FieldKits](https://hakshop.com/)
- [Ultra-Mini Bluetooth CSR 4.0 USB Dongle Adapter](https://www.ebay.in/itm/Ultra-Mini-Bluetooth-CSR-4-0-USB-Dongle-Adapter-Black-Golden-with-2-yr-wrnty-/332302813975)
- [Attify Badge - UART, JTAG, SPI, I2C (w/ headers)](https://www.attify-store.com/products/attify-badge-assess-security-of-iot-devices)

## Hardware Interfaces

- [Serial Terminal Basics](https://learn.sparkfun.com/tutorials/terminal-basics/all)
- [Reverse Engineering Serial Ports](http://www.devttys0.com/2012/11/reverse-engineering-serial-ports/)

### UART

- [Identifying UART interface](https://www.mikroe.com/blog/uart-serial-communication)
- [onewire-over-uart](https://github.com/dword1511/onewire-over-uart)
- [Accessing sensor via UART](http://home.wlu.edu/~levys/courses/csci250s2017/SensorsSignalsSerialSockets.pdf)

### JTAG

- [Identifying JTAG interface](https://blog.senr.io/blog/jtag-explained)
- [NAND Glitching Attack](http://www.brettlischalk.com/posts/nand-glitching-wink-hub-for-root)
-												adding IoT references

Adding IoT references to tools, blogs, videos, and testing guides.

											
										
										
											2018-08-13 13:06:40 -04:00
+								# IoT Resources
 								## OWASP Resources
-												Link Updates


											
										
										
											2021-02-04 17:00:46 -05:00
+								- [OWASP Internet of Things Project](https://owasp.org/www-project-internet-of-things/)
 								- [OWASP Firmware Security Testing Methodology](https://scriptingxss.gitbook.io/firmware-security-testing-methodology/)
-												adding IoT references

Adding IoT references to tools, blogs, videos, and testing guides.

											
										
										
											2018-08-13 13:06:40 -04:00
-												adding IoT resources

Adding IoT references to tools, blogs, videos, and testing guides.

											
										
										
											2018-08-13 13:10:50 -04:00
+								## IoT Hacking Communities
 								- [IoT Village](https://www.iotvillage.org/)
 								- [BuildItSecure.ly](http://builditsecure.ly/)
 								- [Secure Internet of Things Project (Stanford)](http://iot.stanford.edu/people.html)
-												Update README.md
											
										
										
											2019-01-14 19:00:37 -05:00
+								## Training Available Through ICS-CERT
 								- https://ics-cert.us-cert.gov/Training-Available-Through-ICS-CERT
-												adding IoT references

Adding IoT references to tools, blogs, videos, and testing guides.

											
										
										
											2018-08-13 13:06:40 -04:00
+								## Interesting Blogs
 								- <http://iotpentest.com/>
 								- <https://blog.attify.com>
 								- <https://payatu.com/blog/>
 								- <http://jcjc-dev.com/>
 								- <https://w00tsec.blogspot.in/>
 								- <http://www.devttys0.com/>
 								- <https://www.rtl-sdr.com/>
 								- <https://keenlab.tencent.com/en/>
 								- <https://courk.cc/>
 								- <https://iotsecuritywiki.com/>
 								- <https://cybergibbons.com/>
 								- <http://firmware.re/>
 								## CTFs Related to IoT's and Embedded Devices
 								- <https://github.com/hackgnar/ble_ctf>
 								- <https://www.microcorruption.com/>
 								- <https://github.com/Riscure/Rhme-2016>
 								- <https://github.com/Riscure/Rhme-2017>
 								## YouTube Channels for Embedded hacking
 								- [Liveoverflow](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w)
 								- [Binary Adventure](https://www.youtube.com/channel/UCSLlgiYtOXZnYPba_W4bHqQ)
 								- [EEVBlog](https://www.youtube.com/user/EEVblog)
 								- [JackkTutorials](https://www.youtube.com/channel/UC64x_rKHxY113KMWmprLBPA)
 								- [Craig Smith](https://www.youtube.com/channel/UCxC8G4Oeed4N0-GVeDdFoSA)
 								## Reverse Enginnering Tools
 								- [IDA Pro](https://www.youtube.com/watch?v=fgMl0Uqiey8)
 								- [GDB](https://www.youtube.com/watch?v=fgMl0Uqiey8)
 								- [Radare2](https://radare.gitbooks.io/radare2book/content/)
 								## MQTT
 								- [Introduction](https://www.hivemq.com/blog/mqtt-essentials-part-1-introducing-mqtt)
 								- [Hacking the IoT with MQTT](https://morphuslabs.com/hacking-the-iot-with-mqtt-8edaf0d07b9b)
 								- [thoughts about using IoT MQTT for V2V and Connected Car from CES 2014](https://mobilebit.wordpress.com/tag/mqtt/)
 								- [Nmap](https://nmap.org/nsedoc/lib/mqtt.html)
 								- [The Seven Best MQTT Client Tools](https://www.hivemq.com/blog/seven-best-mqtt-client-tools)
 								- [A Guide to MQTT by Hacking a Doorbell to send Push Notifications](https://youtu.be/J_BAXVSVPVI)
 								## CoAP
 								- [Introduction](http://coap.technology/)
 								- [CoAP client Tools](http://coap.technology/tools.html)
 								- [CoAP Pentest Tools](https://bitbucket.org/aseemjakhar/expliot_framework)
 								- [Nmap](https://nmap.org/nsedoc/lib/coap.html)
 								## Automobile
 								- [Introduction and protocol Overview](https://www.youtube.com/watch?v=FqLDpHsxvf8)
 								- [PENTESTING VEHICLES WITH CANTOOLZ](https://www.blackhat.com/docs/eu-16/materials/eu-16-Sintsov-Pen-Testing-Vehicles-With-Cantoolz.pdf)
 								- [Building a Car Hacking Development Workbench: Part1](https://blog.rapid7.com/2017/07/11/building-a-car-hacking-development-workbench-part-1/)
 								- [CANToolz - Black-box CAN network analysis framework](https://github.com/CANToolz/CANToolz)
 								## Radio IoT Protocols Overview
 								- [Understanding Radio](https://www.taitradioacademy.com/lessons/introduction-to-radio-communications-principals/)
 								- [Signal Processing]()
 								- [Software Defined Radio](https://www.allaboutcircuits.com/technical-articles/introduction-to-software-defined-radio/)
 								- [Gnuradio](https://wiki.gnuradio.org/index.php/Guided_Tutorial_GRC#Tutorial:_GNU_Radio_Companion)
 								- [Creating a flow graph](https://blog.didierstevens.com/2017/09/19/quickpost-creating-a-simple-flow-graph-with-gnu-radio-companion/)
 								- [Analysing radio signals](https://www.rtl-sdr.com/analyzing-433-mhz-transmitters-rtl-sdr/)
 								- [Recording specific radio signal](https://www.rtl-sdr.com/freqwatch-rtl-sdr-frequency-scanner-recorder/)
 								- [Replay Attacks](https://www.rtl-sdr.com/tutorial-replay-attacks-with-an-rtl-sdr-raspberry-pi-and-rpitx/)
 								## Base transceiver station (BTS)
 								- [what is base tranceiver station](https://en.wikipedia.org/wiki/Base_transceiver_station)
 								- [How to Build Your Own Rogue GSM BTS](https://www.evilsocket.net/2016/03/31/how-to-build-your-own-rogue-gsm-bts-for-fun-and-profit/)
 								## GSM & SS7 Pentesting
 								- [Introduction to GSM Security](http://www.pentestingexperts.com/introduction-to-gsm-security/)
 								- [GSM Security 2](https://www.ehacking.net/2011/02/gsm-security-2.html)
 								- [vulnerabilities in GSM security with USRP B200](https://ieeexplore.ieee.org/document/7581461/)
 								- [Security Testing 4G (LTE) Networks](https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-44con-lte-presentation-2012-09-11.pdf)
 								- [Case Study of SS7/SIGTRAN Assessment](https://nullcon.net/website/archives/pdf/goa-2017/case-study-of-SS7-sigtran.pdf)
 								- [Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP](https://github.com/SigPloiter/SigPloit)
 								- [ss7MAPer – A SS7 pen testing toolkit](https://n0where.net/ss7-pentesting-toolkit-ss7maper)
 								- [Introduction to SIGTRAN and SIGTRAN Licensing](https://www.youtube.com/watch?v=XUY6pyoRKsg)
 								- [SS7 Network Architecture](https://youtu.be/pg47dDUL1T0)
 								- [Introduction to SS7 Signaling](https://www.patton.com/whitepapers/Intro_to_SS7_Tutorial.pdf)
 								## Zigbee & Zwave
 								- [Introduction and protocol Overview](http://www.informit.com/articles/article.aspx?p=1409785)
 								- [Hacking Zigbee Devices with Attify Zigbee Framework](https://blog.attify.com/hack-iot-devices-zigbee-sniffing-exploitation/)
 								- [Hands-on with RZUSBstick](https://uk.rs-online.com/web/p/radio-frequency-development-kits/6962415/)
 								- [ZigBee & Z-Wave Security Brief](http://www.riverloopsecurity.com/blog/2018/05/zigbee-zwave-part1/)
 								## BLE
 								- [Traffic Engineering in a Bluetooth Piconet](http://www.diva-portal.org/smash/get/diva2:833159/FULLTEXT01.pdf)
 								- [BLE Characteristics](https://devzone.nordicsemi.com/tutorials/b/bluetooth-low-energy/posts/ble-characteristics-a-beginners-tutorial0) Reconnaissance (Active and Passive) with HCI Tools
 								  - [btproxy](https://github.com/conorpp/btproxy)
 								  - [hcitool & bluez](https://www.pcsuggest.com/linux-bluetooth-setup-hcitool-bluez)
 								  - [Testing With GATT Tool](https://www.jaredwolff.com/blog/get-started-with-bluetooth-low-energy/)
 								  - [Cracking encryption](https://github.com/mikeryan/crackle)
 								## Mobile security (Android & iOS)
 								- [Android](https://www.packtpub.com/hardware-and-creative/learning-pentesting-android-devices)
 								- [Android Pentest Video Course](https://www.youtube.com/watch?v=zHknRia3I6s&list=PLWPirh4EWFpESLreb04c4eZoCvJQJrC6H)
 								- [IOS Pentesting](https://web.securityinnovation.com/hubfs/iOS%20Hacking%20Guide.pdf?)
 								## ARM
 								- [Azeria Labs](https://azeria-labs.com/)
 								- [ARM EXPLOITATION FOR IoT](https://www.exploit-db.com/docs/english/43906-arm-exploitation-for-iot.pdf)
 								## Firmware Pentest
 								- [Firmware analysis and reversing](https://www.youtube.com/watch?v=G0NNBloGIvs)
 								- [Firmware emulation with QEMU](https://www.youtube.com/watch?v=G0NNBloGIvs)
 								- [Dumping Firmware using Buspirate](http://iotpentest.com/tag/pulling-firmware/)
 								## IoT hardware Overview
 								- [IoT Hardware Guide](https://www.postscapes.com/internet-of-things-hardware/)
 								## Hardware Tools
 								- [Bus Pirate](https://www.sparkfun.com/products/12942)
 								- [EEPROM readers](https://www.ebay.com/bhp/eeprom-reader)
 								- [Jtagulator / Jtagenum](https://www.adafruit.com/product/1550)
 								- [Logic Analyzer](https://www.saleae.com/)
 								- [The Shikra](https://int3.cc/products/the-shikra)
 								- [FaceDancer21 (USB Emulator/USB Fuzzer)](https://int3.cc/products/facedancer21)
 								- [RfCat](https://int3.cc/products/rfcat)
 								- [IoT Exploitation Learning Kit](https://www.attify.com/attify-store/iot-exploitation-learning-kit)
 								- [Hak5Gear- Hak5FieldKits](https://hakshop.com/)
 								- [Ultra-Mini Bluetooth CSR 4.0 USB Dongle Adapter](https://www.ebay.in/itm/Ultra-Mini-Bluetooth-CSR-4-0-USB-Dongle-Adapter-Black-Golden-with-2-yr-wrnty-/332302813975)
 								- [Attify Badge - UART, JTAG, SPI, I2C (w/ headers)](https://www.attify-store.com/products/attify-badge-assess-security-of-iot-devices)
 								## Hardware Interfaces
 								- [Serial Terminal Basics](https://learn.sparkfun.com/tutorials/terminal-basics/all)
 								- [Reverse Engineering Serial Ports](http://www.devttys0.com/2012/11/reverse-engineering-serial-ports/)
 								### UART
 								- [Identifying UART interface](https://www.mikroe.com/blog/uart-serial-communication)
 								- [onewire-over-uart](https://github.com/dword1511/onewire-over-uart)
 								- [Accessing sensor via UART](http://home.wlu.edu/~levys/courses/csci250s2017/SensorsSignalsSerialSockets.pdf)
 								### JTAG
 								- [Identifying JTAG interface](https://blog.senr.io/blog/jtag-explained)
 								- [NAND Glitching Attack](http://www.brettlischalk.com/posts/nand-glitching-wink-hub-for-root)