A Collection for IoT Security Resources

• You are welcome to fork and contribute

Other Interesting Areas:

• ICS-Security
• Automotive-Security

🛠️ Approach Methodology

• 🌐 1. Network
• 🌐 2. Web (Front & Backend and Web services)
• 📱 3. Mobile App (Android & iOS)
• 📡 4. Wireless Connectivity (Zigbee, WiFi, Bluetooth, etc)
• 💽 5. Firmware Pentesting (Static and Dynamic analysis, OS of IoT Devices)
• 🛠️ 6. Hardware Hacking & Fault Injections & SCA Attacks
• 💾 7. Storage Medium
• 🔌 8. I/O Ports

📑 Contents Overview

🛡️ IoT Security Information

🛡️ General Information and Resources in IoT Security

• 👥 Community and Discussion Platforms
• 🎓 IoT and Hardware Security Trainings
• 🔍 Technical Research and Hacking
• 💻 Proof of Concepts: Known Device Vulnerabilities
• 📚 Books for IoT Penetration Testing
• 🖋️ Blogs for IoT Pentest
• 📋 Awesome Cheatsheets
• 🔍 Search Engines for Exposed IoT Devices Worldwide
• 🚩 CTF: Vulnerable IoT and Hardware Applications
• 📺 YouTube Channels for IoT Pentesting
• ⚒️ Exploitation Tools
• 🖥️ IoT Pentesting OSes
• 📘 IoT Vulnerabilities Checking Guides
• 🔬 IoT Labs
• 📖 Awesome IoT Pentesting Guides
• 🐛 Fuzzing Things
• 🏢 IoT Lab Setup Guide for Corporate/Individual
• 🔧 FlipperZero
• 🏘 Villages

Specific Topics in IoT Security

🌐 Network

🌐 Web IoT Message Protocols

• 📨 MQTT
• 📬 CoAP

📱 Mobile App

• 🛡Mobile Security (Android & iOS)

📡 Wireless Protocols

• 📻 Radio Hacking Starting Guide
• 📡 Cellular Hacking GSM BTS
• 🐝 Zigbee
• 🔵 Bluetooth
• 📞 DECT
• 📲 NFC

💽 Firmware

• 🔍 Reverse Engineering Tools
• 💻 Online Assemblers
• 💪 ARM
• 🔨 Pentesting Firmwares: Emulating and Analyzing
• 🔬 Firmware Samples to Pentest
• 🔒 Secureboot
• 🔍 Binary Analysis

🛠️ Hardware

• 🔎 IoT Hardware Intro
• 🛠️ Required Hardware to Pentest IoT
• 🔌 Hardware Interfaces
  • 🔌 SPI
  • 🔌 UART
  • 🔌 JTAG
  • 🔌 TPM
• 🛠️ Side Channel Attacks & Glitching Attacks

💾 Storage Medium

• 📀 EMMC

💳 Payment Security

• 💵 ATM Hacking

Technical Research and Hacking

• Subaru Head Unit Jailbreak
• Jeep Hack
• Dropcam Hacking
• Printer Hacking Live Sessions - Gamozo Labs
• LED Light Hacking
• PS4 Jailbreak – the current status
• Your Lenovo Watch X Is Watching You & Sharing What It Learns
• Your Smart Scale is Leaking More than Your Weight: Privacy Issues in IoT
• Besder 6024PB-XMA501 IP camera security analysis
• Smart Lock Vulnerabilities

Proof of Concepts known Device Vulnerabilities

• IoT-Vuln-with CVE and PoC of tenda and dlink

Community and Discussion Platforms

• IoTSecurity101 Telegram
• IoTSecurity101 Reddit
• IoTSecurity101 Discord
• Hardware Hacking Telegram
• RFID Discord Group
• ICS Discord Group

IoT and Hardware Security Trainings

• opensecuritytraining 2

Books for IoT Penetration Testing

2004

• The Firmware Handbook (Embedded Technology) 1st Edition by Jack Ganssle
• Hardware Hacking: Have Fun while Voiding your Warranty 1st Edition

2007

• Linksys WRT54G Ultimate Hacking 1st Edition by Paul Asadoorian

2013

• Hacking the Xbox - An Introduction to Reverse Engineering HACKING THE XBOX by Andrew “bunnie” Huang
• Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure by Eric D. Knapp , Raj Samani

2014

• Android Hacker's Handbook by Joshua J. Drake

2015

• The Art of Pcb Reverse Engineering: Unravelling the Beauty of the Original Design
• Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts 1st Edition, by Nitesh Dhanjani

2016

• Learning Linux Binary Analysis By Ryan "elfmaster" O'Neill
• Car hacker's handbook by Craig Smith

2017

• IoT Penetration Testing Cookbook By Aaron Guzman , Aditya Gupta

2018

• Inside Radio: An Attack and Defense Guide by Authors: Yang, Qing, Huang, Lin
• Pentest Hardware
• Gray Hat Hacking: The Ethical Hacker's Handbook, Fifth Edition 5th Edition by Daniel Regalado , Shon Harris , Allen Harper , Chris Eagle , Jonathan Ness , Branko Spasojevic , Ryan Linn , Stephen Sims

2021

• Practical Hardware Pentesting
• The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks Front Cover Jasper van Woudenberg, Colin O'Flynn
• Practical IoT Hacking-The Definitive Guide to Attacking the Internet of Things by Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, Beau Woods
• Manual PCB-RE: The Essentials

2022

• PatrIoT: practical and agile threat research for IoT by Emre Süren

2023

• Practical Hardware Pentesting - Second Edition
• Blue Fox: Arm Assembly Internals & Reverse Engineering
• Fuzzing Against the Machine: Automate vulnerability research with emulated IoT devices on QEMU
• Hardware Security Training, Hands-on!
• Automotive Cybersecurity Engineering Handbook: The automotive engineer's roadmap to cyber-resilient vehicles Series
• Embedded Systems Security and TrustZone

2024

• Microcontroller Exploits
• Metasploit, 2nd Edition
• Engineering Secure Devices
• The Ultimate Hardware Hacking Gear Guide

Awesome CheatSheets

• Hardware Hacking cheat sheet
• Nmap

Search Engines for Internet-Connected Devices

• Shodan
• Censys
• ZoomEye
• BinaryEdge
• Thingful
• Wigle
• Hunter.io
• BuiltWith
• NetDB
• Recon-ng
• PublicWWW

YouTube Channels for IoT Pentesting

• Joe Grand
• Liveoverflow
• Binary Adventure
• EEVBlog
• Craig Smith
• iotsecurity101
• Besim ALTINOK - IoT - Hardware - Wireless
• Ghidra Ninja
• Cyber Gibbons
• Scanline
• Aaron Christophel
• Valerio Di Giampietro

Vehicle Security Resources

• https://github.com/jaredthecoder/awesome-vehicle-security

IoT Vulnerabilites Checking Guides

• Reflecting upon OWASP TOP-10 IoT Vulnerabilities
• OWASP IoT Top 10 2018 Mapping Project
• Hardware toolkits for IoT security analysis

IoT Gateway Software

• Webthings by Mozilla - RaspberryPi

IoT Pentesting OSes

• Sigint OS- LTE IMSI Catcher
• Instatn-gnuradio OS - For Radio Signals Testing
• Ubutnu Best Host Linux for IoT's - Use LTS
• Internet of Things - Penetration Testing OS v1
• [Dragon OS - DEBIAN LINUX WITH PREINSTALLED OPEN SOURCE