From 6dd190019f918353ddd3caa95df56676751bebf1 Mon Sep 17 00:00:00 2001 From: Omar Santos Date: Sat, 27 May 2023 21:39:17 -0400 Subject: [PATCH] Update README.md --- iot_hacking/README.md | 170 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 170 insertions(+) diff --git a/iot_hacking/README.md b/iot_hacking/README.md index d12b9f8..891b39e 100644 --- a/iot_hacking/README.md +++ b/iot_hacking/README.md @@ -119,3 +119,173 @@ The Internet of Things (IoT) Hacking Resources refer to an array of tools and fr - [JTAG Explained](https://blog.senr.io/blog/jtag-explained#) - A walkthrough covering UART and JTAG bypassing a protected login shell. - [Reverse Engineering Serial Ports](http://www.devttys0.com/2012/11/reverse-engineering-serial-ports/) - Detailed tutorial about how to spot debug pads on a PCB. - [UART explained](https://www.mikroe.com/blog/uart-serial-communication) - An in depth explanation of the UART protocol. + +## OWASP Resources + +- [OWASP Internet of Things Project](https://owasp.org/www-project-internet-of-things/) +- [OWASP Firmware Security Testing Methodology](https://scriptingxss.gitbook.io/firmware-security-testing-methodology/) + +## IoT Hacking Communities + +- [IoT Village](https://www.iotvillage.org/) +- [BuildItSecure.ly](http://builditsecure.ly/) +- [Secure Internet of Things Project (Stanford)](http://iot.stanford.edu/people.html) + +## Training Available Through ICS-CERT +- https://ics-cert.us-cert.gov/Training-Available-Through-ICS-CERT + +## Interesting Blogs + +- +- +- +- +- +- +- +- +- +- +- +- + +## CTFs Related to IoT's and Embedded Devices + +- +- +- +- + +## YouTube Channels for Embedded hacking + +- [Liveoverflow](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w) +- [Binary Adventure](https://www.youtube.com/channel/UCSLlgiYtOXZnYPba_W4bHqQ) +- [EEVBlog](https://www.youtube.com/user/EEVblog) +- [JackkTutorials](https://www.youtube.com/channel/UC64x_rKHxY113KMWmprLBPA) +- [Craig Smith](https://www.youtube.com/channel/UCxC8G4Oeed4N0-GVeDdFoSA) + +## Reverse Enginnering Tools + +- [IDA Pro](https://www.youtube.com/watch?v=fgMl0Uqiey8) +- [GDB](https://www.youtube.com/watch?v=fgMl0Uqiey8) +- [Radare2](https://radare.gitbooks.io/radare2book/content/) + +## MQTT + +- [Introduction](https://www.hivemq.com/blog/mqtt-essentials-part-1-introducing-mqtt) +- [Hacking the IoT with MQTT](https://morphuslabs.com/hacking-the-iot-with-mqtt-8edaf0d07b9b) +- [thoughts about using IoT MQTT for V2V and Connected Car from CES 2014](https://mobilebit.wordpress.com/tag/mqtt/) +- [Nmap](https://nmap.org/nsedoc/lib/mqtt.html) +- [The Seven Best MQTT Client Tools](https://www.hivemq.com/blog/seven-best-mqtt-client-tools) +- [A Guide to MQTT by Hacking a Doorbell to send Push Notifications](https://youtu.be/J_BAXVSVPVI) + +## CoAP + +- [Introduction](http://coap.technology/) +- [CoAP client Tools](http://coap.technology/tools.html) +- [CoAP Pentest Tools](https://bitbucket.org/aseemjakhar/expliot_framework) +- [Nmap](https://nmap.org/nsedoc/lib/coap.html) + +## Automobile + +- [Introduction and protocol Overview](https://www.youtube.com/watch?v=FqLDpHsxvf8) +- [PENTESTING VEHICLES WITH CANTOOLZ](https://www.blackhat.com/docs/eu-16/materials/eu-16-Sintsov-Pen-Testing-Vehicles-With-Cantoolz.pdf) +- [Building a Car Hacking Development Workbench: Part1](https://blog.rapid7.com/2017/07/11/building-a-car-hacking-development-workbench-part-1/) +- [CANToolz - Black-box CAN network analysis framework](https://github.com/CANToolz/CANToolz) + +## Radio IoT Protocols Overview + +- [Understanding Radio](https://www.taitradioacademy.com/lessons/introduction-to-radio-communications-principals/) +- [Signal Processing]() +- [Software Defined Radio](https://www.allaboutcircuits.com/technical-articles/introduction-to-software-defined-radio/) +- [Gnuradio](https://wiki.gnuradio.org/index.php/Guided_Tutorial_GRC#Tutorial:_GNU_Radio_Companion) +- [Creating a flow graph](https://blog.didierstevens.com/2017/09/19/quickpost-creating-a-simple-flow-graph-with-gnu-radio-companion/) +- [Analysing radio signals](https://www.rtl-sdr.com/analyzing-433-mhz-transmitters-rtl-sdr/) +- [Recording specific radio signal](https://www.rtl-sdr.com/freqwatch-rtl-sdr-frequency-scanner-recorder/) +- [Replay Attacks](https://www.rtl-sdr.com/tutorial-replay-attacks-with-an-rtl-sdr-raspberry-pi-and-rpitx/) + +## Base transceiver station (BTS) + +- [what is base tranceiver station](https://en.wikipedia.org/wiki/Base_transceiver_station) +- [How to Build Your Own Rogue GSM BTS](https://www.evilsocket.net/2016/03/31/how-to-build-your-own-rogue-gsm-bts-for-fun-and-profit/) + +## GSM & SS7 Pentesting + +- [Introduction to GSM Security](http://www.pentestingexperts.com/introduction-to-gsm-security/) +- [GSM Security 2](https://www.ehacking.net/2011/02/gsm-security-2.html) +- [vulnerabilities in GSM security with USRP B200](https://ieeexplore.ieee.org/document/7581461/) +- [Security Testing 4G (LTE) Networks](https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-44con-lte-presentation-2012-09-11.pdf) +- [Case Study of SS7/SIGTRAN Assessment](https://nullcon.net/website/archives/pdf/goa-2017/case-study-of-SS7-sigtran.pdf) +- [Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP](https://github.com/SigPloiter/SigPloit) +- [ss7MAPer – A SS7 pen testing toolkit](https://n0where.net/ss7-pentesting-toolkit-ss7maper) +- [Introduction to SIGTRAN and SIGTRAN Licensing](https://www.youtube.com/watch?v=XUY6pyoRKsg) +- [SS7 Network Architecture](https://youtu.be/pg47dDUL1T0) +- [Introduction to SS7 Signaling](https://www.patton.com/whitepapers/Intro_to_SS7_Tutorial.pdf) + +## Zigbee & Zwave + +- [Introduction and protocol Overview](http://www.informit.com/articles/article.aspx?p=1409785) +- [Hacking Zigbee Devices with Attify Zigbee Framework](https://blog.attify.com/hack-iot-devices-zigbee-sniffing-exploitation/) +- [Hands-on with RZUSBstick](https://uk.rs-online.com/web/p/radio-frequency-development-kits/6962415/) +- [ZigBee & Z-Wave Security Brief](http://www.riverloopsecurity.com/blog/2018/05/zigbee-zwave-part1/) + +## BLE + +- [Traffic Engineering in a Bluetooth Piconet](http://www.diva-portal.org/smash/get/diva2:833159/FULLTEXT01.pdf) +- [BLE Characteristics](https://devzone.nordicsemi.com/tutorials/b/bluetooth-low-energy/posts/ble-characteristics-a-beginners-tutorial0) Reconnaissance (Active and Passive) with HCI Tools + + - [btproxy](https://github.com/conorpp/btproxy) + - [hcitool & bluez](https://www.pcsuggest.com/linux-bluetooth-setup-hcitool-bluez) + - [Testing With GATT Tool](https://www.jaredwolff.com/blog/get-started-with-bluetooth-low-energy/) + - [Cracking encryption](https://github.com/mikeryan/crackle) + +## Mobile security (Android & iOS) + +- [Android](https://www.packtpub.com/hardware-and-creative/learning-pentesting-android-devices) +- [Android Pentest Video Course](https://www.youtube.com/watch?v=zHknRia3I6s&list=PLWPirh4EWFpESLreb04c4eZoCvJQJrC6H) +- [IOS Pentesting](https://web.securityinnovation.com/hubfs/iOS%20Hacking%20Guide.pdf?) + +## ARM + +- [Azeria Labs](https://azeria-labs.com/) +- [ARM EXPLOITATION FOR IoT](https://www.exploit-db.com/docs/english/43906-arm-exploitation-for-iot.pdf) + +## Firmware Pentest + +- [Firmware analysis and reversing](https://www.youtube.com/watch?v=G0NNBloGIvs) +- [Firmware emulation with QEMU](https://www.youtube.com/watch?v=G0NNBloGIvs) +- [Dumping Firmware using Buspirate](http://iotpentest.com/tag/pulling-firmware/) + +## IoT hardware Overview + +- [IoT Hardware Guide](https://www.postscapes.com/internet-of-things-hardware/) + +## Hardware Tools + +- [Bus Pirate](https://www.sparkfun.com/products/12942) +- [EEPROM readers](https://www.ebay.com/bhp/eeprom-reader) +- [Jtagulator / Jtagenum](https://www.adafruit.com/product/1550) +- [Logic Analyzer](https://www.saleae.com/) +- [The Shikra](https://int3.cc/products/the-shikra) +- [FaceDancer21 (USB Emulator/USB Fuzzer)](https://int3.cc/products/facedancer21) +- [RfCat](https://int3.cc/products/rfcat) +- [IoT Exploitation Learning Kit](https://www.attify.com/attify-store/iot-exploitation-learning-kit) +- [Hak5Gear- Hak5FieldKits](https://hakshop.com/) +- [Ultra-Mini Bluetooth CSR 4.0 USB Dongle Adapter](https://www.ebay.in/itm/Ultra-Mini-Bluetooth-CSR-4-0-USB-Dongle-Adapter-Black-Golden-with-2-yr-wrnty-/332302813975) +- [Attify Badge - UART, JTAG, SPI, I2C (w/ headers)](https://www.attify-store.com/products/attify-badge-assess-security-of-iot-devices) + +## Hardware Interfaces + +- [Serial Terminal Basics](https://learn.sparkfun.com/tutorials/terminal-basics/all) +- [Reverse Engineering Serial Ports](http://www.devttys0.com/2012/11/reverse-engineering-serial-ports/) + +### UART + +- [Identifying UART interface](https://www.mikroe.com/blog/uart-serial-communication) +- [onewire-over-uart](https://github.com/dword1511/onewire-over-uart) +- [Accessing sensor via UART](http://home.wlu.edu/~levys/courses/csci250s2017/SensorsSignalsSerialSockets.pdf) + +### JTAG + +- [Identifying JTAG interface](https://blog.senr.io/blog/jtag-explained) +- [NAND Glitching Attack](http://www.brettlischalk.com/posts/nand-glitching-wink-hub-for-root)