IoT Pentesting – Approach & Methods

IoT Methodology

  1. Network
  2. Web (Front & Backend and Web services)
  3. Mobile App(Android & iOS)
  4. Wireless Connectivity
  5. Firmware Pentesting(Hardware or IoT device OS)
  6. Hardware Level Approach
  7. Storage Areas

Important Websites you should know 

  1. https://blog.exploitee.rs/2018/10/
  2. https://www.exploitee.rs/
  3. https://forum.exploitee.rs/
  4. Your Lenovo Watch X Is Watching You & Sharing What It Learns
  5. Your Smart Scale is Leaking More than Your Weight: Privacy Issues in IoT
  6. Smart Bulb Offers Light, Color, Music, and… Data Exfiltration?
  7. Besder-IPCamera analysis
  8. Smart Lock

IoT Security Group

Books

Blogs 

  1. http://iotpentest.com/
  2. https://blog.attify.com
  3. https://payatu.com/blog/
  4. http://jcjc-dev.com/
  5. https://w00tsec.blogspot.in/
  6. http://www.devttys0.com/
  7. https://www.rtl-sdr.com/
  8. https://keenlab.tencent.com/en/
  9. https://courk.cc/
  10. https://iotsecuritywiki.com/
  11. https://cybergibbons.com/
  12. http://firmware.re/
  13. https://iotmyway.wordpress.com/
  14. http://blog.k3170makan.com/
  15. https://blog.tclaverie.eu/
  16. http://blog.besimaltinok.com/category/iot-pentest/
  17. https://ctrlu.net/
  18. https://duo.com/decipher/
  19. http://www.sp3ctr3.me
  20. http://blog.0x42424242.in/
  21. https://dantheiotman.com/
  22. https://blog.danman.eu/

Nmap CheatSheet

Search Engines for IoT Devices

  1. Shodan
  2. FOFA
  3. Censys
  4. Zoomeye
  5. ONYPHE

CTF For IoT’s And Embedded

  1. https://github.com/hackgnar/ble_ctf
  2. https://www.microcorruption.com/
  3. https://github.com/Riscure/Rhme-2016
  4. https://github.com/Riscure/Rhme-2017
  5. https://blog.exploitlab.net/2018/01/dvar-damn-vulnerable-arm-router.html
  6. https://github.com/scriptingxss/IoTGoat

YouTube Channels for IoT Pentesting

  1. Liveoverflow
  2. Binary Adventure
  3. EEVBlog
  4. JackkTutorials
  5. Craig Smith
  6. iotpentest [Mr-IoT]
  7. Besim ALTINOK – IoT – Hardware – Wireless
  8. Ghidra Ninja

IoT security vulnerabilities checking guides

Exploitation Tools & OS

Reverse Engineering Tools

Introduction

IoT Protocols Pentesting

MQTT

CoAP

Automobile

CanBus

Radio IoT Protocols Overview

Base transceiver station (BTS)

GSM & SS7 Pentesting

Zigbee & Zwave

BLE Intro and Tools

BLE Pentesting Tutorials

Mobile security (Android & iOS)

ARM

Firmware Pentest

Firmware to pentest

IoT hardware Overview

Hardware Gadgets to pentest

Attacking Hardware Interfaces

UART

JTAG

SideChannel Attacks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s