Jump to content
Nytro

IoT Pentesting 101 && IoT Security 101

Recommended Posts

Posted

IoT Pentesting 101 && IoT Security 101 Awesome


Approach Methodology

1. Network
2. Web (Front & Backend and Web services
3. Mobile App (Android & iOS)
4. Wireless Connectivity (Zigbee , WiFi , Bluetooth , etc)
5. Firmware Pentesting (OS of IoT Devices)
6. Hardware Hacking & Fault Injections & SCA Attacks
7. Storage Medium
8. I/O Ports

To seen Hacked devices

  1. https://blog.exploitee.rs/2018/10/
  2. https://www.exploitee.rs/
  3. https://forum.exploitee.rs/
  4. Your Lenovo Watch X Is Watching You & Sharing What It Learns
  5. Your Smart Scale is Leaking More than Your Weight: Privacy Issues in IoT
  6. Smart Bulb Offers Light, Color, Music, and… Data Exfiltration?
  7. Besder-IPCamera analysis
  8. Smart Lock
  9. Subaru Head Unit Jailbreak
  10. Jeep Hack

Chat groups for IoT Security


Books For IoT Pentesting


Blogs for iotpentest

  1. https://payatu.com/blog/
  2. http://jcjc-dev.com/
  3. https://w00tsec.blogspot.in/
  4. http://www.devttys0.com/
  5. https://www.rtl-sdr.com/
  6. https://keenlab.tencent.com/en/
  7. https://courk.cc/
  8. https://iotsecuritywiki.com/
  9. https://cybergibbons.com/
  10. http://firmware.re/
  11. https://iotmyway.wordpress.com/
  12. http://blog.k3170makan.com/
  13. https://blog.tclaverie.eu/
  14. http://blog.besimaltinok.com/category/iot-pentest/
  15. https://ctrlu.net/
  16. http://iotpentest.com/
  17. https://blog.attify.com
  18. https://duo.com/decipher/
  19. http://www.sp3ctr3.me
  20. http://blog.0x42424242.in/
  21. https://dantheiotman.com/
  22. https://blog.danman.eu/
  23. https://quentinkaiser.be/
  24. https://blog.quarkslab.com
  25. https://blog.ice9.us/
  26. https://labs.f-secure.com/
  27. https://mg.lol/blog/
  28. https://cjhackerz.net/

Awesome CheatSheets


Search Engines for IoT Devices

  1. Shodan
  2. FOFA
  3. Censys
  4. Zoomeye
  5. ONYPHE

CTF For IoT's And Embeddded

  1. https://github.com/hackgnar/ble_ctf
  2. https://www.microcorruption.com/
  3. https://github.com/Riscure/Rhme-2016
  4. https://github.com/Riscure/Rhme-2017
  5. https://blog.exploitlab.net/2018/01/dvar-damn-vulnerable-arm-router.html
  6. https://github.com/scriptingxss/IoTGoat

YouTube Channels for IoT Pentesting

  1. Liveoverflow
  2. Binary Adventure
  3. EEVBlog
  4. JackkTutorials
  5. Craig Smith
  6. iotpentest [Mr-IoT]
  7. Besim ALTINOK - IoT - Hardware - Wireless
  8. Ghidra Ninja
  9. Cyber Gibbons

Vehicle Security Resources


IoT security vulnerabilites checking guides


IoT Gateway Software


Labs for Practice


IoT Pentesting OSes


Exploitation Tools


Reverse Engineering Tools


Introduction


MQTT

Softwares


CoAP


Automobile

CanBus


Radio IoT Protocols Overview


Base transceiver station (BTS)


GSM & SS7 Pentesting


Zigbee & Zwave


BLE Intro and SW & HW Tools

Reconnaissance (Active and Passive) with HCI Tools

Hardware

BLE Pentesting Tutorials


Mobile security (Android & iOS)


Online Assemblers


ARM


Pentesting Firmwares and emulating and analyzing


Firmware samples to pentest


IoT hardware Overview


Hardware Gadgets to pentest


Attacking Hardware Interfaces


UART


JTAG


SideChannel Attacks


Awesome IoT Pentesting Guides


Vulnerable IoT and Hardware Applications


follow the people

 

Sursa: https://github.com/V33RU/IoTSecurity101

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...