• Stars
    star
    246
  • Rank 164,726 (Top 4 %)
  • Language
  • Created over 3 years ago
  • Updated 4 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Hardware Hacking and IoT Awesome by Joas

My Social Networks

https://www.linkedin.com/in/joas-antonio-dos-santos

https://twitter.com/C0d3Cr4zy

https://drive.google.com/drive/u/0/folders/12Mvq6kE2HJDwN2CZhEGWizyWt87YunkU

Awesome Embedded and IoT Security https://github.com/fkie-cad/awesome-embedded-and-iot-security

Software Tools

  • Analysis Frameworks

    • EXPLIoT - Pentest framework like Metasploit but specialized for IoT.
    • FACT - The Firmware Analysis and Comparison Tool - Full-featured static analysis framework including extraction of firmware, analysis utilizing different plug-ins and comparison of different firmware versions.
    • Improving your firmware security analysis process with FACT - Conference talk about FACT 📺.
    • FwAnalyzer - Analyze security of firmware based on customized rules. Intended as additional step in DevSecOps, similar to CI.
    • HAL – The Hardware Analyzer - A comprehensive reverse engineering and manipulation framework for gate-level netlists.
    • HomePWN - Swiss Army Knife for Pentesting of IoT Devices.
    • IoTSecFuzz - Framework for automatisation of IoT layers security analysis: hardware, software and communication.
    • Killerbee - Framework for Testing & Auditing ZigBee and IEEE 802.15.4 Networks.
    • PRET - Printer Exploitation Toolkit.
    • Routersploit - Framework dedicated to exploit embedded devices.
  • Analysis Tools

    • Binwalk - Searches a binary for "interesting" stuff, as well as extracts arbitrary files.
    • emba - Analyze Linux-based firmware of embedded devices.
    • Firmadyne - Tries to emulate and pentest a firmware.
    • Firmwalker - Searches extracted firmware images for interesting files and information.
    • Firmware Slap - Discovering vulnerabilities in firmware through concolic analysis and function clustering.
    • Ghidra - Software Reverse Engineering suite; handles arbitrary binaries, if you provide CPU architecture and endianness of the binary.
    • Radare2 - Software Reverse Engineering framework, also handles popular formats and arbitrary binaries, has an extensive command line toolset.
    • Trommel - Searches extracted firmware images for interesting files and information.
  • Extraction Tools

    • FACT Extractor - Detects container format automatically and executes the corresponding extraction tool.
    • Firmware Mod Kit - Extraction tools for several container formats.
    • The SRecord package - Collection of tools for manipulating EPROM files (can convert lots of binary formats).
  • Support Tools

    • JTAGenum - Add JTAG capabilities to an Arduino.
    • OpenOCD - Free and Open On-Chip Debugging, In-System Programming and Boundary-Scan Testing.
  • Misc Tools

    • Cotopaxi - Set of tools for security testing of Internet of Things devices using specific network IoT protocols.
    • dumpflash - Low-level NAND Flash dump and parsing utility.
    • flashrom - Tool for detecting, reading, writing, verifying and erasing flash chips.
    • Samsung Firmware Magic - Decrypt Samsung SSD firmware updates.

Hardware Tools

  • Bus Blaster - Detects and interacts with hardware debug ports like UART and JTAG.

  • Bus Pirate - Detects and interacts with hardware debug ports like UART and JTAG.

  • Shikra - Detects and interacts with hardware debug ports like UART and JTAG. Among other protocols.

  • JTAGULATOR - Detects JTAG Pinouts fast.

  • Saleae - Easy to use Logic Analyzer that support many protocols 💶.

  • Ikalogic - Alternative to Saleae logic analyzers 💶.

  • HydraBus - Open source multi-tool hardware similar to the BusPirate but with NFC capabilities.

  • ChipWhisperer - Detects Glitch/Side-channel attacks.

  • Glasgow - Tool for exploring and debugging different digital interfaces.

  • J-Link - J-Link offers USB powered JTAG debug probes for multiple different CPU cores 💶.

  • Bluetooth BLE Tools

    • UberTooth One - Open source 2.4 GHz wireless development platform suitable for Bluetooth experimentation.
    • Bluefruit LE Sniffer - Easy to use Bluetooth Low Energy sniffer.
  • ZigBee Tools

    • ApiMote - ZigBee security research hardware for learning about and evaluating the security of IEEE 802.15.4/ZigBee systems. Killerbee compatible.
    • Atmel RZUSBstick - Discontinued product. Lucky if you have one! - Tool for development, debugging and demonstration of a wide range of low power wireless applications including IEEE 802.15.4, 6LoWPAN, and ZigBee networks. Killerbee compatible.
    • Freakduino - Low Cost Battery Operated Wireless Arduino Board that can be turned into a IEEE 802.15.4 protocol sniffer.

SDR Tools

  • RTL-SDR - Cheapest SDR for beginners. It is a computer based radio scanner for receiving live radio signals frequencies from 500 kHz up to 1.75 GHz.
  • HackRF One - Software Defined Radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz (half-duplex).
  • YardStick One - Half-duplex sub-1 GHz wireless transceiver.
  • LimeSDR - Software Defined Radio peripheral capable of transmission or reception of radio signals from 100 KHz to 3.8 GHz (full-duplex).
  • BladeRF 2.0 - Software Defined Radio peripheral capable of transmission or reception of radio signals from 47 MHz to 6 GHz (full-duplex).
  • USRP B Series - Software Defined Radio peripheral capable of transmission or reception of radio signals from 70 MHz to 6 GHz (full-duplex).

RFID NFC Tools

  • Proxmark 3 RDV4 - Powerful general purpose RFID tool. From Low Frequency (125kHz) to High Frequency (13.56MHz) tags.
  • ChamaleonMini - Programmable, portable tool for NFC security analysis.
  • HydraNFC - Powerful 13.56MHz RFID / NFC platform. Read / write / crack / sniff / emulate.

Books

  • 2020, Fotios Chantzis, Evangel Deirme, Ioannis Stais, Paulino Calderon, Beau Woods: Practical IoT Hacking
  • 2020, Jasper van Woudenberg, Colin O'Flynn: The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks
  • 2019, Yago Hansen: The Hacker's Hardware Toolkit: The best collection of hardware gadgets for Red Team hackers, Pentesters and security researchers
  • 2019, Aditya Gupta: The IoT Hacker's Handbook: A Practical Guide to Hacking the Internet of Things
  • 2018, Mark Swarup Tehranipoor: Hardware Security: A Hands-on Learning Approach
  • 2018, Mark Carney: Pentesting Hardware - A Practical Handbook (DRAFT)
  • 2018, Qing Yang, Lin Huang Inside Radio: An Attack and Defense Guide
  • 2017, Aditya Gupta, Aaron Guzman: IoT Penetration Testing Cookbook
  • 2017, Andrew Huang: The Hardware Hacker: Adventures in Making and Breaking Hardware
  • 2016, Craig Smith: The Car Hacker's Handbook: A Guide for the Penetration Tester
  • 2015, Keng Tiong Ng: The Art of PCB Reverse Engineering
  • 2015, Nitesh Dhanjan: Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts
  • 2015, Joshua Wright , Johnny Cache: Hacking Wireless Exposed
  • 2014, Debdeep Mukhopadhyay: Hardware Security: Design, Threats, and Safeguards
  • 2014, Jack Ganssle: The Firmware Handbook (Embedded Technology)
  • 2013, Andrew Huang: Hacking the XBOX

Research Papers

  • 2020, Oser et al: SAFER: Development and Evaluation of an IoT Device Risk Assessment Framework in a Multinational Organization
  • 2019, Agarwal et al: Detecting IoT Devices and How They Put Large Heterogeneous Networks at Security Risk
  • 2019, Almakhdhub et al: BenchIoT: A Security Benchmark for the Internet of Things
  • 2019, Alrawi et al: SoK: Security Evaluation of Home-Based IoT Deployments
  • 2019, Abbasi et al: Challenges in Designing Exploit Mitigations for Deeply Embedded Systems
  • 2019, Song et al: PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary
  • 2018, Muench et al: What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices
  • 2017, O'Meara et al: Embedded Device Vulnerability Analysis Case Study Using Trommel
  • 2017, Jacob et al: How to Break Secure Boot on FPGA SoCs through Malicious Hardware
  • 2017, Costin et al: Towards Automated Classification of Firmware Images and Identification of Embedded Devices
  • 2016, Kammerstetter et al: Embedded Security Testing with Peripheral Device Caching and Runtime Program State Approximation
  • 2016, Chen et al: Towards Automated Dynamic Analysis for Linux-based Embedded Firmware
  • 2016, Costin et al: Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces
  • 2015, Shoshitaishvili et al:Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware
  • 2015, Papp et al: Embedded Systems Security: Threats, Vulnerabilities, and Attack Taxonomy
  • 2014, Zaddach et al: Avatar: A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares
  • 2014, Alimi et al: Analysis of embedded applications by evolutionary fuzzing
  • 2014, Costin et al: A Large-Scale Analysis of the Security of Embedded Firmwares
  • 2013, Davidson et al: FIE on Firmware: Finding Vulnerabilities in Embedded Systems using Symbolic Execution

Case Studies

  • Binary Hardening in IoT products
  • Cracking Linksys “Encryption”
  • Deadly Sins Of Development - Conference talk presenting several real world examples on real bad implementations 📺.
  • Dumping firmware from a device's SPI flash with a buspirate
  • Hacking the DSP-W215, Again
  • Hacking the PS4 - Introduction to PS4's security.
  • IoT Security@CERN
  • Multiple vulnerabilities found in the D-link DWR-932B
  • Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol
  • PWN Xerox Printers (...again)
  • Reversing Firmware With Radare
  • Reversing the Huawei HG533

Free Training

  • CSAW Embedded Security Challenge 2019 - CSAW 2019 Embedded Security Challenge (ESC).
  • Embedded Security CTF - Microcorruption: Embedded Security CTF.
  • Hardware Hacking 101 - Workshop @ BSides Munich 2019.
  • IoTGoat - IoTGoat is a deliberately insecure firmware based on OpenWrt.
  • Rhme-2015 - First riscure Hack me hardware CTF challenge.
  • Rhme-2016 - Riscure Hack me 2 is a low level hardware CTF challenge.
  • Rhme-2017/2018 - Riscure Hack Me 3 embedded hardware CTF 2017-2018.

Websites

  • Hacking Printers Wiki - All things printer.
  • OWASP Embedded Application Security Project - Development best practices and list of hardware and software tools.
  • OWASP Internet of Things Project - IoT common vulnerabilities and attack surfaces.
  • Router Passwords - Default login credential database sorted by manufacturer.
  • Siliconpr0n - A Wiki/Archive of all things IC reversing.

Blogs

  • RTL-SDR
  • /dev/ttyS0's Embedded Device Hacking
  • Exploiteers
  • Hackaday
  • jcjc's Hack The World
  • Quarkslab
  • wrong baud
  • Firmware Security
  • PenTestPartners
  • Attify
  • Patayu
  • GracefulSecurity - Hardware tag
  • Black Hills - Hardware Hacking tag

Fundamentals

https://www.incose.org/docs/default-source/wasatch-chapter-documents/the-big-happy-family-of-architectures-r0.pdf?sfvrsn=613696c6_2

https://ocw.mit.edu/courses/aeronautics-and-astronautics/16-842-fundamentals-of-systems-engineering-fall-2015/lecture-notes/MTI16_842F15_Ses4_Con_Syn.pdf

http://web.mit.edu/6.976/www/notes/Notes1.pdf

https://gaudisite.nl/SystemArchitectureProcessPaper.pdf

https://www.davi.ws/avionics/TheAvionicsHandbook_Cap_22.pdf

https://www.kwc-sys.com/static/3ac3d7d12957dedf12cdbb97b02fba41/Electronic%20HW%20Design%20Engineer.pdf

https://www.cgijaffna.gov.in/uploads/pdf/Electronics%20&%20Hardware.pdf

https://www.halvorsen.blog/documents/technology/resources/resources/Arduino/Programming%20with%20Arduino.pdf

https://www.centropiaggio.unipi.it/sites/default/files/course/material/esercitazione_led_e_fotor.pdf

http://index-of.es/Varios-2/Programming%20Arduino.pdf

http://engineering.nyu.edu/gk12/amps-cbri/pdf/ArduinoBooks/Arduino%20Programming%20Notebook.pdf

https://www.makerspaces.com/wp-content/uploads/2017/02/Arduino-For-Beginners.pdf

https://ccrma.stanford.edu/wiki/Microcontroller_Architecture

https://www.tutorialspoint.com/microprocessor/microcontrollers_8051_architecture.htm

https://www.youtube.com/watch?v=FXG1oeeB_s4

https://www.youtube.com/watch?v=OaaP5WIG7ro

https://www.philadelphia.edu.jo/academics/kaubaidy/uploads/ES-Slids-lec3.pdf

https://www.egr.msu.edu/classes/ece480/capstone/spring15/group13/assets/app_note_john_foxworth.docx.pdf

https://www.youtube.com/watch?v=FwBdO-dCd0E

https://www.youtube.com/watch?v=XlFO5Iat178

https://www.build-electronic-circuits.com/microcontroller-programming/

https://en.wikipedia.org/wiki/Microcontroller

https://www.instructables.com/A-Beginners-Guide-to-Microcontrollers/

https://hardwarebee.com/step-by-step-guide-to-microcontroller-programming/

IoT Security https://github.com/V33RU/IoTSecurity101

To seen Hacked devices

Chat groups for IoT Security

Books For IoT Pentesting

  • Android Hacker's Handbook
  • Hacking the Xbox - Openbook
  • Car hacker's handbook
  • IoT Penetration Testing Cookbook
  • Abusing the Internet of Things
  • Hardware Hacking: Have Fun while Voiding your Warranty
  • Linksys WRT54G Ultimate Hacking
  • Linux Binary Analysis
  • The Firmware Handbook
  • Hardware Hacking Handbook
  • inside radio attack and defense
  • Pentest Hardware - Openbook
  • The Art of Pcb Reverse Engineering
  • Internet of Things Security Encyclopedia - Openbook
  • Applied Cyber Security and the Smart Grid-ICS
  • Gray Hat Hacking: The Ethical Hacker's Handbook, Fifth Edition
  • Practical IoT Hacking

Blogs for iotpentest

Awesome CheatSheets

  • Hardware Hacking
  • Nmap

Search Engines for IoT Openly devices

  • Shodan
  • FOFA
  • Censys
  • Zoomeye
  • ONYPHE

CTF For IoT And Embeddded

YouTube Channels for IoT Pentesting

  • Liveoverflow
  • Binary Adventure
  • EEVBlog
  • JackkTutorials
  • Craig Smith
  • iotpentest [Mr-IoT]
  • Besim ALTINOK - IoT - Hardware - Wireless
  • Ghidra Ninja
  • Cyber Gibbons
  • Scanline

IoT Vulnerabilites Checking Guides

  • Reflecting upon OWASP TOP-10 IoT Vulnerabilities
  • OWASP IoT Top 10 2018 Mapping Project
  • Hardware toolkits for IoT security analysis

IoT Gateway Software

  • Webthings by Mozilla - RaspberryPi

IoT Pentesting OSes

  • Sigint OS- LTE IMSI Catcher
  • Instatn-gnuradio OS - For Radio Signals Testing
  • AttifyOS - IoT Pentest OS - by Aditya Gupta
  • Ubutnu Best Host Linux for IoT's - Use LTS
  • Internet of Things - Penetration Testing OS
  • Dragon OS - DEBIAN LINUX WITH PREINSTALLED OPEN SOURCE SDR SOFTWARE
  • EmbedOS - Embedded security testing virtual machine
  • Skywave Linux- Software Defined Radio for Global Online Listening
  • A Small, Scalable Open Source RTOS for IoT Embedded Devices
  • ICS - Controlthings.io

Exploitation Tools

  • Expliot - IoT Exploitation framework - by Aseemjakhar
  • Routersploit (Exploitation Framework for Embedded Devices)
  • IoTSecFuzz (comprehensive testing for IoT device)
  • HomePwn - Swiss Army Knife for Pentesting of IoT Devices
  • killerbee - Zigbee exploitation
  • PRET - Printer Exploitation Toolkit
  • HAL – The Hardware Analyzer
  • FwAnalyzer (Firmware Analyzer)
  • ISF(Industrial Security Exploitation Framework
  • PENIOT: Penetration Testing Tool for IoT
  • MQTT-PWN

Reverse Engineering Tools

  • IDA Pro
  • GDB
  • Radare2 | cutter
  • Ghidra

Introduction

  • Introduction to IoT
  • IoT Architecture
  • IoT attack surface
  • IoT Protocols Overview

IoT Web and message services

  • MQTT

    • Introduction
    • Hacking the IoT with MQTT
    • thoughts about using IoT MQTT for V2V and Connected Car from CES 2014
    • Nmap
    • The Seven Best MQTT Client Tools
    • A Guide to MQTT by Hacking a Doorbell to send Push Notifications
    • Are smart homes vulnerable to hacking
    • Deep Learning UDF for KSQL / ksqlDB for Streaming Anomaly Detection of MQTT IoT Sensor Data
    • Authenticating & Authorizing Devices using MQTT with Auth0
    • Development information for the MQTT with hardware
    • Understanding the MQTT Protocol Packet Structure
    • R7-2019-18: Multiple Hickory Smart Lock Vulnerabilities
    • IoT Live Demo: 100.000 Connected Cars With Kubernetes, Kafka, MQTT, TensorFlow
  • Softwares

    • Mosquitto-An open source MQTT broker
    • HiveMQ
    • MQTT Explorer
    • MQTT proxy - IoXY
    • MQTT Broker Security - 101
    • Welcome to MQTT-PWN!
  • CoAP

    • Introduction
    • CoAP client Tools
    • CoAP Pentest Tools
    • Nmap - NSE for coap

RADIO HACKER QUICK START GUIDE

  • SDR Notes - Radio IoT Protocols Overview
  • Understanding Radio
  • Introduction to Software Defined Radio
  • Introduction Gnuradio companion
  • Creating a flow graph in gunradiocompanion
  • Analysing radio signals 433Mhz
  • Recording specific radio signal
  • Replay Attacks with raspberrypi -rpitx

Cellular Hacking & GSM & BTS

  • BTS

    • Awesome-Cellular-Hacking
    • what is base tranceiver station
    • How to Build Your Own Rogue GSM BTS
  • GSM SS7 Pentesting

    • Introduction to GSM Security
    • GSM Security 2
    • vulnerabilities in GSM security with USRP B200
    • Security Testing 4G (LTE) Networks
    • Case Study of SS7/SIGTRAN Assessment
    • Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP
    • ss7MAPer – A SS7 pen testing toolkit
    • Introduction to SIGTRAN and SIGTRAN Licensing
    • SS7 Network Architecture
    • Introduction to SS7 Signaling
    • Breaking LTE on Layer Two

Zigbee ALL Stuff

  • Introduction and protocol Overview
  • Hacking Zigbee Devices with Attify Zigbee Framework
  • Hands-on with RZUSBstick
  • ZigBee & Z-Wave Security Brief
  • Hacking ZigBee Networks
  • Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes
  • Security Analysis of Zigbee Networks with Zigator and GNU Radio
  • Low-Cost ZigBee Selective Jamming

SW TOOLS

  • zigbear
  • ZigDiggity
  • Zigator
  • Z3sec

Hardware Tools for Zigbee

  • APIMOTE IEEE 802.15.4/ZIGBEE SNIFFING HARDWARE
  • RaspBee-The Raspberry Pi Zigbee gateway
  • USRP SDR 2
  • ATUSB IEEE 802.15.4 USB Adapter
  • nRF52840-Dongle

BLE Intro and SW-HW Tools to pentest

  • Step By Step guide to BLE Understanding and Exploiting

  • Traffic Engineering in a Bluetooth Piconet

  • BLE Characteristics

  • Bluetooth and BLE Pentest Tools

    • btproxy
    • hcitool & bluez
    • Testing With GATT Tool
    • Cracking encryption
    • bettercap
    • BtleJuice Bluetooth Smart Man-in-the-Middle framework
    • gattacker
  • BTLEjack Bluetooth Low Energy Swiss army knife

    • Hardware for bluetooth hacking
    • NRFCONNECT - 52840
    • EDIMAX
    • CSR 4.0
    • ESP32 - Development and learning Bluetooth
    • Ubertooth
    • Sena 100
  • BLE Pentesting Tutorials

    • Bluetooth vs BLE Basics
    • Finding bugs in Bluetooth
    • Intel Edison as Bluetooth LE — Exploit box
    • How I Reverse Engineered and Exploited a Smart Massager
    • My journey towards Reverse Engineering a Smart Band — Bluetooth-LE RE
    • Bluetooth Smartlocks
    • I hacked MiBand 3
    • GATTacking Bluetooth Smart Devices
    • blueooth beacon vulnerability
    • Sweyntooth Vulnerabilties
    • AIRDROP_LEAK - sniffs BLE traffic and displays status messages from Apple devices

Mobile security (Android & iOS)

  • Android App Reverse Engineering 101
  • Android Application pentesting book
  • Android Pentest Video Course-TutorialsPoint
  • IOS Pentesting
  • OWASP Mobile Security Testing Guide
  • Android Tamer - Android Tamer is a Virtual / Live Platform for Android Security professionals

Online Assemblers

  • AZM Online Arm Assembler by Azeria
  • Online Disassembler
  • Compiler Explorer is an interactive online compiler which shows the assembly output of compiled C++, Rust, Go

ARM

  • Azeria Labs
  • ARM EXPLOITATION FOR IoT
  • Damn Vulnerable ARM Router (DVAR)
  • EXPLOIT.EDUCATION

Pentesting Firmwares and emulating and analyzing

  • EMBA-An analyzer for embedded Linux firmware
  • Firmware analysis and reversing
  • Firmware emulation with QEMU
  • Reversing ESP8266 Firmware
  • Emulating Embedded Linux Devices with QEMU
  • Emulating Embedded Linux Systems with QEMU
  • Fuzzing Embedded Linux Devices
  • Emulating ARM Router Firmware
  • Reversing Firmware With Radare
  • Samsung Firmware Magic
  • Qiling & Binary Emulation for automatic unpacking
  • Reverse engineering with #Ghidra: Breaking an embedded firmware encryption scheme
  • Simulating and hunting firmware vulnerabilities with Qiling

IoT hardware Overview and Hacking

  • IoT Hardware Guide

  • Hardware Gadgets to pentest

  • Bus Pirate

  • EEPROM reader/SOIC Cable

  • Jtagulator/Jtagenum

  • Logic Analyzer

  • The Shikra

  • FaceDancer21 (USB Emulator/USB Fuzzer)

  • RfCat

    • Hak5Gear- Hak5FieldKits
    • Ultra-Mini Bluetooth CSR 4.0 USB Dongle Adapter
    • Attify Badge - UART, JTAG, SPI, I2C (w/ headers)
    • Attacking Hardware Interfaces
    • An Introduction to Hardware Hacking
    • Serial Terminal Basics
    • Reverse Engineering Serial Ports
    • REVERSE ENGINEERING ARCHITECTURE AND PINOUT OF CUSTOM ASICS
    • ChipWhisperer - Hardware attacks
    • SPI
    • Reading FlashROMS
    • Dumping the firmware From Router using BUSPIRATE - SPI Dump
    • How to Flash Chip of a Router With a Programmer | TP-Link Router Repair & MAC address change
    • Extracting Flash Memory over SPI
  • UART

    • Identifying UART interface
    • onewire-over-uart
    • Accessing sensor via UART
    • Using UART to connect to a chinese IP cam
    • A journey into IoT – Hardware hacking: UART
    • UARTBruteForcer
    • UART Connections and Dynamic analysis on Linksys e1000
    • Accessing and Dumping Firmware Through UART
  • JTAG

    • JTAG Explained (finally!)
    • Buspirate JTAG Connections - Openocd
  • SideChannel Attacks and Glitching attacks

    • Attacks on Implementations of Secure Systems
    • fuzzing, binary analysis, IoT security, and general exploitation
    • NAND Glitching Attack
    • Voltage Glitching Attack
    • Espressif ESP32: Bypassing Encrypted Secure Boot(CVE-2020-13629)
    • Voltage Glitching Attack using SySS iCEstick Glitcher
    • Samy Kamkar - FPGA Glitching & Side Channel Attacks
    • Hardware Power Glitch Attack (Fault Injection) - rhme2 Fiesta (FI 100)
    • Breaking AES with ChipWhisperer - Piece of scake (Side Channel Analysis 100)
    • https://www.youtube.com/watch?v=4urMITJKQQs&ab_channel=stacksmashing
  • Awesome IoT Pentesting Guides

    • Shodan Pentesting Guide
    • Car Hacking Practical Guide 101
    • OWASP Firmware Security Testing Methodology
    • awesome-bluetooth-security
    • Firmware Pentest Guide
  • Follow the people

    • Jilles
    • Joe Fitz
    • Aseem Jakhar
    • Cybergibbons
    • Jasper
    • Dave Jones
    • bunnie
    • Ilya Shaposhnikov
    • Mark C.
    • A-a-ron Guzman
    • Arun Mane
    • Yashin Mehaboobe
    • Arun Magesh

Red Team Hardware Hacking Toolkit

Lock picks (pocket) - commonly used picks

Under-the-door tool

Canned air, hand warmers (request-to-exit bypass, etc.)

Shove knife/shrum tool

-Crash bar tool

Dimple lock gun

Tubular lock picks

Fire/emergency elevator key set

USB keylogger and Hak5 rubber ducky

Hak5 LAN turtle

Pineapple nano

LAN tap

Wafer and warded pick set

Laptop or mobile device

External hard drive

Fake letter of authorization (as a plan B and to test incident response)

Real letter of authorization

Props for guises if utilizing social engineering

RFID thief/cloner (something that is easy to hide - I often use a clipboard like the one shown in the picture above)

Camera (or just use your smartphone)

Lock picks (pocket) - common

Lock picks (backpack) - expanded set

Under-the-door tool

Shove knife/shrum tool

Crash bar tool

Snap gun with interchangeable needles

Dimple lock gun

Tubular lock picks

Hand warmers/canned air

Leather gloves/good shoes

Fire/emergency elevator key set

USB keylogger and Hak5 rubber ducky

Hak5 LAN turtle

LAN tap

Wafers and warded pick set

Laptop if needed

External hard drive

Malicious drops x4 (USB, etc.)

Rogue access point (PwnPlug, Pi, whatever your flavor of choice)

Hak5 pineapple

15dbi wireless antenna (for outside, not really something you want to stuff in your bag inside).

Nexus 7 with nethunter, TP-link adapter etc.

Props for guises if utilizing social engineering

Fake letter of authorization (as a plan B and to test incident response)

Real letter of authorization

RFID thief/cloner

Camera (or just use your smartphone)

Snake camera (a bonus for looking over drop ceilings or floors)

Multi-tool

A few example resource links for some of the above tools

www.sparrowslockpicks.com

http://shop.riftrecon.com

www.wallofsheep.com

www.hackerwarehouse.com

www.hak5.org

Various USB cables (A, B, mini, micro, OTG, etc.)

SD Cards, microSD cards

Smartphone (earpiece if with a team)

Body camera (GoPro/ACE Cameras are sometimes handy with client approval)

Extra power packs/batteries

Small flashlight (low lumen)

RTFM: Red Team Field Manual

Analysis, Reports and Slides

Internet of Things Research Study (HP 2014 Report)

The Internet of Fails, (video)

Cameras, Thermostats, and Home Automation Controllers, Hacking 14 IoT Devices

Hack All The Things: 20 Devices in 45 Minutes - (wiki, video)

Careful Connections: Building Security in the Internet of Things (FTC)

Analysis of IoT honeypot data; How devices are hacked, type of infections and origin of attacks (Kaspersky lab, 2018)

Communities

IoT VillageTM

BuildItSecure.ly

Secure Internet of Things Project (Stanford)

The Open Web Application Security Project (OWASP)

IoT Hacks

Thingbots

  • Proofpoint Uncovers Internet of Things (IoT) Cyberattack

RFID

  • Vulnerabilities in First-Generation RFID-enabled Credit Cards
  • MIT Subway Hack Paper Published on the Web
  • Tampered Card Readers Steal Data via Bluetooth

Home Automation

  • IOActive identifies vulnerabilities in Belkin WeMo's Home Automation
  • Cameras, Thermostats, and Home Automation Controllers, Hacking 14 IoT Devices
  • Popular Home Automation System Backdoored Via Unpatched Flaw

Connected Doorbell

  • CVE-2015-4400: Backdoorbot, Network Configuration Leak on a Connected Doorbell, (video)

Hub

  • TWSL2013-023: Lack of Web and API AuthenticationVulnerability in INSTEON Hub

Smart Coffee

  • Reversing the Smarter Coffee IoT Machine Protocol to Make Coffee Using the Terminal

Wearable

  • How I hacked my smart bracelet

Smart Plug

  • Hacking the D-Link DSP-W215 Smart Plug
  • Reverse Engineering the TP-Link HS110
  • Hacking Kankun Smart Wifi Plug
  • Smart Socket Hack Tutorial

Cameras

  • Trendnet Cameras - I always feel like somebody's watching me
  • Hacker Hotshots: Eyes on IZON Surveilling IP Camera Security
  • Cameras, Thermostats, and Home Automation Controllers, Hacking 14 IoT Devices
  • Hacker 'shouts abuse' via Foscam baby monitoring camera
  • Urban surveillance camera systems lacking security
  • TWSL2014-007: Multiple Vulnerabilities in Y-Cam IP Cameras
  • Say Cheese: a snapshot of the massive DDoS attacks coming from IoT cameras
  • Samsung SmartCam install.php Remote Root Command Exec

Traffic Lights

  • Green Lights Forever: Analyzing The Security of Traffic Infrastructure
  • Hacking US (and UK, Australia, France, etc.) Traffic Control Systems

Automobiles

  • Hackers Remotely Attack a Jeep on the Highway
  • Comprehensive Experimental Analyses of Automotive Attack Surfaces

Airplanes

  • Hackers could take control of a plane using in-flight entertainment system

Light Bulbs

  • Hacking into Internet Connected Light Bulbs
  • Hacking Lightbulbs: Security Evaluation Of The Philips Hue Personal Wireless Lighting System
  • IoT Goes Nuclear: Creating a ZigBee Chain Reaction
  • Extended Functionality Attacks on IoT Devices: The Case of Smart Lights

Locks

  • Lockpicking in the IoT

Smart Scale

  • Fitbit Aria Wi-Fi Smart Scale

Smart Meters

  • Solar Power Firm Patches Meters Vulnerable to Command Injection Attacks

Pacemaker

  • Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses

Thermostats

  • Cameras, Thermostats, and Home Automation Controllers, Hacking 14 IoT Devices
  • Google Nest: Exploiting DFU For Root
  • Smart Nest Thermostat, A Smart Spy in Your Home
  • TWSL2013-022: No Authentication Vulnerability in Radio Thermostat

Fridge

  • Proofpoint Uncovers Internet of Things (IoT) Cyberattack - Spam emails from fridges.
  • Hacking Defcon 23'S IoT Village Samsung Fridge

Media Player & TV

  • Breaking Secure-Boot on the Roku
  • Google TV Or: How I Learned to Stop Worrying and Exploit Secure Boot
  • Chromecast: Exploiting the Newest Device By Google
  • Ransomware Ruins Holiday By Hijacking Family's LG Smart TV on Christmas Day

Firearms

  • DEF CON 25 - Plore - Popping a Smart Gun (Slides)
  • Hacking a IoT Rifle - BlackHat 2015 - 36 slides
  • Hackers Can Disable a Sniper Rifle—Or Change Its Target - Wired 2015

Toilet

  • TWSL2013-020: Hard-Coded Bluetooth PIN Vulnerability in LIXIL Satis Toilet

Toys

  • TWSL2013-021: Multiple Vulnerabilities in Karotz Smart Rabbit
  • Fisher-Price smart bear allowed hacking of children's biographical data (CVE-2015-8269)
  • Hello Barbie Initial Security Analysis
  • Security researcher Ken Munro discovers vulnerability in Vivid Toy's talking Doll 'Cayla'
  • Data from connected CloudPets teddy bears leaked and ransomed, exposing kids' voice messages

Drones

  • Parrot Drones Hijacking - RSA2018 Video, Pedro Cabrera, March 2018 (Slides)
  • Hacking the DJI Phantom 3, Paolo Stagno, January 25, 2017
  • PHDays VI, hacking Syma X5C quadcopter, Pavel Novikov and Artur Garipov, June 9, 2016
  • All your bebop drones still belong to us, drone hijacking, Pedro Cabrera, 2016
  • Shelling out on 3DR Solo, Kevin Finisterre,June 15, 2015

Car Hackinghttps://github.com/jaredthecoder/awesome-vehicle-security

Articles

  • How to hack a car — a quick crash-course - Car enthusiast Kenny Kuchera illustrates just enough information to get you up and running. An excellent resource for first timers!
  • Stopping a Jeep Cherokee on the Highway Remotely - Chris Valasek's and Charlie Miller's pivotal research on hacking into Jeep's presented at DEFCON in 2015.
  • Troy Hunt on Controlling Nissans - Troy Hunt goes into controlling Nissan vehicles.
  • Tesla hackers explain how they did it at Defcon - Overview of DEFCON 23 presentation on hacking into Tesla cars.
  • Anatomy of the Rolljam Wireless Car Hack - Overview of the RollJam rolling code exploitation device.
  • IOActive's Tools and Data - Chris Valasek and Charlie Miller release some of their tools and data for hacking into vehicles in an effort to get more people into vehicle security research.
  • Developments in Car Hacking - via the SANS Reading Room, Currie's paper analyses the risks and perils of smart vehicle technology.
  • Car Hacking on the Cheap - A whitepaper from Chris Valasek and IOActive on hacking your car when you don't have a lot of resources at your disposal.
  • Car Hacking: The definitive source - Charlie Miller and Chris Valasek publish all tools, data, research notes, and papers for everyone for free
  • Car Hacking on the cheap - Craig Smith wrote a brief article on working with Metasploit’s HWBrige using ELM327 Bluetooth dongle
  • Researchers tackle autonomous vehicle security - Texas A&M researchers develop intelligence system prototype.
  • How big data will impact car security in the proximate future: Concerns and solutions - Impact of big data on car security.
  • Reverse engineering of the Nitro OBD2 - Reverse engineering of CAN diagnostic tools.
  • Analysis of an old Subaru Impreza - Subaru Select Monitor v1 (SSM1) - Digging into an old ECU through an old protocol and disabling a 1997 Subaru Impreza's speed limiter.
  • Car Hacking in 30 Minutes or Less - Using VirtualBox and Kali Linux, you can start car hacking using completely free open-source software and tools, including can-utils, ICSim, ScanTool, Wireshark, and tcpdump

Presentations

  • "Hopping on the CAN Bus" from BlackHat Asia 2015 - A talk from BlackHat Asia 2015 that aims to enable the audience to "gain an understanding of automotive systems, but will also have the tools to attack them".
  • "Drive It Like You Hacked It" from DEFCON 23 - A talk and slides from Samy Kamkar's DEFCON 23/2015 talk that includes hacking garages, exploiting automotive mobile apps, and breaking rolling codes to unlock any vehicle with low cost tools.
  • Samy Kamkar on Hacking Vehicles with OnStar - Samy Kamkar, the prolific hacker behind the Samy worm on MySpace, explores hacking into vehicles with OnStar systems.
  • Remote Exploitation of an Unaltered Passenger Vehicle - DEFCON 23 talk Chris Valasek and Charlie Miller give their now famous talk on hacking into a Jeep remotely and stopping it dead in its tracks.
  • Adventures in Automotive Networks and Control Units - DEFCON 21 talk by Chris Valasek and Charlie Miller on automotive networks.
  • Can You Trust Autonomous Vehicles? - DEFCON 24 talk by Jianhao Liu, Chen Yan, Wenyuan Xu
  • Ken Munro & Dave Lodge - Hacking the Mitsubishi Outlander & IOT - talk from BSides Manchester 2016 by Ken and Dave of Pen Test Partners
  • A Platform base on Visualization for Protecting CAN Bus Security - Syscan360 2016 SH talk by Jianhao Liu
  • Gateway Internals of Tesla Motors - Zeronights 2016 talk by Nie Seng and Liu Ling
  • Car Hacking 101 - Bugcrowd LevelUp 2017 by Alan Mond
  • State of Automotive Cyber Safety, 2015 - State of automotive hacking, policy, industry changes, etc. from I Am The Cavalry track at BSides Las Vegas, 2015.
  • State of Automotive Cyber Safety, 2016 - State of automotive hacking, policy, industry changes, etc. from I Am The Cavalry track at BSides Las Vegas, 2016.
  • How to Hack a Tesla Model S - DEF CON 23 talk by Marc Rogers and Kevin Mahaffey on hacking a Tesla. Tesla Co-Founder and CTO, JB Straubel, joins them to thank them and present a challenge coin.
  • Car Hacking Videos - A web page with a long list of videos (40+) that are available online related to the topic of car hacking. From a 2007 DEF CON talk on modding engine ECUS and onwards (e.g. the 2017 Keen Security Tesla hack).
  • Self-Driving and Connected Cars: Fooling Sensors and Tracking Drivers - Black Hat talk by Jonathan Petit. Automated and connected vehicles are the next evolution in transportation and will improve safety, traffic efficiency and driving experience. This talk will be divided in two parts: 1) security of autonomous automated vehicles and 2) privacy of connected vehicles. 2015
  • A Survey of Remote Automotive Attack Surfaces - Black Hat talk By Charlie Miller and Chris Valasek. Automotive security concerns have gone from the fringe to the mainstream with security researchers showing the susceptibility of the modern vehicle to local and remote attacks. Discussion of vehicle attack surfaces. 2014.
  • Pentesting vehicles with YACHT (Yet Another Car Hacking Tool) -A presentation that discuesses different attack surfaces of a vehicle, then continues to describe an approach to car hacking along with tools needed to analyse and gather useful information.
  • How to drift with any car - Introduction to CAN hacking, and using a real car as an Xbox controller.
  • Car Infotainment Hacking Methodology and Attack Surface Scenario - A guide on how to attack, hunt bugs or hack your IVI by Jay Turla which was presented at the Packet Hacking Village / Wall of Sheep during DEF CON 26.

Books

  • 2014 Car Hacker's Handbook - Free guide to hacking vehicles from 2014. You can also buy the book on Amazon here.
  • 2016 Car Hacker's Handbook - Latest version of the Car Hacker's handbook with updated information to hack your own vehicle and learning vehicle security. For a physical copy as well unlimited PDF, MOBI, and EPUB copies of the book, buy it at No Starch Press. Sections are available online here.
  • A Comprehensible Guide to Controller Area Network - An older book from 2005, but still a comprehensive guide on CAN buses and networking in vehicles.
  • 智能汽车安全攻防大揭秘This book first introduced some basic knowledge of security for automotive R&D personnel, such as encryption and decryption, security authentication, digital signatures, common attack types, and methods. Then it introduced the working principles of some smart cars for security researchers, such as the automotive intranet. Protocol, network architecture, principle of X-By-Wire remote control system, common potential attack surface, etc. Finally, a detailed analysis of some actual automotive attack or security test cases, and defense analysis of the loopholes involved in the case during the analysis process.
  • Controller Area Network Prototyping with Arduino - This book guides you through prototyping CAN applications on Arduinos, which can help when working with CAN on your own car.
  • Embedded Networking with CAN and CANopen - From 2003, this book fills in gaps in CAN literature and will educate you further on CAN networks and working with embedded systems.
  • Inside Radio: An Attack and Defense GuideThis book discusses the security issues in a wide range of wireless devices and systems,Chapter 4 433/315MHz Communication (4.3 4.4 4.5 is about car keys Security)

Research Papers

  • Koscher et al. Experimental Security Analysis of a Modern Automobile, 2010
  • Comprehensive Experimental Analyses of Automotive Attack Surfaces, 2011
  • Miller and Valasek - Self proclaimed "car hacking the definitive source".
  • Adventures in Automotive Networks and Control Units (aka car hacking)
  • Car Hacking for Poories
  • A Survey of Remote Automotive Attack Surfaces, 2014
  • Remote Compromise of an Unaltered Passenger Vehicle (aka The Jeep Hack), 2015
  • Advanced CAN Message Injection, 2016
  • 5-Star Automotive Cyber Safety Framework, 2015
  • A Vulnerability in Modern Automotive Standards and How We Exploited It
  • A Car Hacking Experiment: When Connectivity Meets Vulnerability
  • Security issues and vulnerabilities in connected car systems
  • Automobile Driver Fingerprinting, 2016
  • Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network, 2016
  • Modeling Inter-Signal Arrival Times for Accurate Detection of CAN Bus Signal Injection Attacks

Courses

  • Udacity's Self Driving Car Engineer Course - The content for Udacity's self driving car software engineer course. The actual course on Udacity's website is here.

Blogs

  • Keen Security Lab Blog - Blog created by Keen Security Lab of Tencent that posts research on car security.

Websites

  • OpenGarages - Provides public access, documentation and tools necessary to understand today's modern vehicle systems.
  • DEFCON Car Hacking Village - Car Hacking exercises from DEFCON 24.
  • canbushack: Hack Your Car - course on Vehicle Hacking methodology.
  • OWASP Internet of Things Project - OWASP's project to secure IoT, from cars to medical devices and beyond.
  • I Am The Cavalry - Global grassroots (eg. volunteer) initiative focused on the intersection of security and human life/public safety issues, such as cars. Participation from security researchers, OEMs, Tier 1s, and many others. Published Automotive 5-Star Cyber Safety Framework.
  • Carloop Community - Community of people interested in car hacking and connecting vehicles to the cloud.
  • Python Security - A website for browsing and buying python-integrated cars having certain vehicular security features.

Who to Follow

  • Chris Valasek: Security Lead at UberATC
  • Twitter
  • Website
  • Charlie Miller: Hacked the first Apple iPhone, now does car security.
  • Twitter
  • Samy Kamkar: Created MySpace Worm, RollJam, OwnStar.
  • Twitter
  • Website
  • Justin Seitz: Author of Black Hat Python (No Starch Press).
  • Twitter
  • Troy Hunt: Pluralsight author. Microsoft Regional Director and MVP for Developer Security. Creator of haveibeenpwned.
  • Twitter
  • Website
  • Ken Munro: British researcher, works at Pen Test Partners; major interest in vehicle security
  • Twitter
  • OpenGarages: Initiative to created Vehicle Research Labs around the world.
  • Twitter
  • Website
  • Hackaday: Collaborative project hosting for hackers - there are frequently car projects on here.
  • Twitter
  • Pen Test Partners: British penetration testing firm; several posts concern their disclosed car security vulns
  • Twitter
  • Website
  • I Am The Cavalry: Global grassroots (eg. volunteer) initiative focused on the intersection of security and human life/public safety issues, such as cars.
  • Twitter
  • Website
  • Discussion Group
  • Car Hacking Village
  • Twitter
  • Website
  • carfucar: Founder of Car Hacking Village and Speaker or Trainer
  • Twitter
  • Ian Tabor / mintynet: Car Hacker, Car Hacking Village staff
  • Twitter
  • Website

Podcasts and Episodes

  • Podcasts
  • Security Weekly - Excellent podcast covering all ranges of security, with some episodes focusing portions on vehicle security from cars to drones.
  • TrustedSec Podcast - From the people at TrustedSec, leaders in Social Engineering, their episodes often go into recent vehicle vulnerabilities and exploits.
  • SANS Internet Storm Center - the ISC run a regular podcast going into the latest vulnerabilities and security news.
  • Security Ledger - A podcast focusing on interviewing security experts about topics related to security.
  • Episodes
  • Car Hacking with Craig Smith - Software Engineering Daily did an amazing episode with Craig Smith, author of the Car Hacking Handbook (above), on hacking into vehicles.
  • Big Bugs Podcast Episode 1: Auto Bugs - Critical Vulns found in Cars with Jason Haddix - Jason Haddix explores major vulnerabilities found in cars.
  • Hacking Under the Hood and Into Your Car - Chris Valasek and Charlie Miller discuss with NPR how they were able to hack into vehicles.
  • Hacking Connected Vehicles with Chris Valasek of IOActive - Chris Valasek talks about hacking into connected vehicles.
  • Hackable? - Cars are Computers - Geoff Siskind paired up with Craig Smith, author of The Car Hacker’s Handbook, to show us just how easy – or not – it is to hack a car.

Miscellaneous

Projects

  • Open Vehicle Monitoring System - A community project building a hardware module for your car, a server to talk to it, and a mobile app to talk to the server, in order to allow developers and enthusiasts to add more functionality to their car and control it remotely.
  • Open Source Car Control Project - The Open Source Car Control Project is a hardware and software project detailing the conversion of a late model vehicle into an autonomous driving research and development vehicle.

Hardware

  • Overview of hardware, both open source and proprietary, that you can use when conducting vehicle security research. This article goes through many of the options below.
  • Arduino - Arduino boards have a number of shields you can attach to connect to CAN-enabled devices.
  • CANdiy-Shield
  • ChuangZhou CAN-Bus Shield
  • DFRobot CAN-BUS Shield For Arduino
  • SparkFun CAN-BUS Shield
  • arduino-canbus-monitor - No matter which shield is selected you will need your own sniffer. This is implementation of standard Lawicel/SLCAN protocol for Arduino + any MCP CAN Shield to use with many standard CAN bus analysis software packages or SocketCAN
  • CANtact - "The Open Source Car Tool" designed to help you hack your car. You can buy one or make your own following the guide here.
  • Freematics OBD-II Telematics Kit - Arduino-based OBD-II Bluetooth adapter kit has both an OBD-II device and a data logger, and it comes with GPS, an accelerometer and gyro, and temperature sensors.
  • ELM327 - The de facto chipset that's very cheap and can be used to connect to CAN devices.
  • GoodThopter12 - Crafted by a well-known hardware hacker, this board is a general board that can be used for exploration of automotive networks.
  • USB2CAN - Cheap USB to CAN connector that will register a device on linux that you can use to get data from a CAN network.
  • Intrepid Tools - Expensive, but extremely versatile tools specifically designed for reversing CAN and other vehicle communication protocols.
  • Red Pitaya - Replaces expensive measurement tools such as oscilloscopes, signal generators, and spectrum analyzers. Red Pitaya has LabView and Matlab interfaces, and you can write your own tools and applications for it. It even supports extensions for things like Arduino shields.
  • ChipWhisperer - A system for side-channel attacks, such as power analysis and clock glitching.
  • HackerSDR - A Software Defined Radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz. Designed to enable test and development of modern and next generation radio technologies.
  • Carloop - Open source development kit that makes it easy to connect your car to the Internet. Lowest cost car hacking tool that is compatible with SocketCAN and can-utils. No OBD-II to serial cable required.
  • CANBadger - A tool for reverse-engineering and testing automotive systems. The CANBadger consists of both hardware and software. The main interface is a LPC1768/LPC1769 processor mounted on a custom PCB, which offers two CAN interfaces, SD Card, a blinky LED, some GPIO pins, power supply for peripherals and the ethernet port.
  • CANSPY - A platform giving security auditors to audit CAN devices. It can be used to block, forward or modify CAN frames on the fly autonomously as well as interactively.
  • CANBus Triple - General purpose Controller Area Network swiss army knife and development platform.
  • USBtin - USBtin is a simple USB to CAN interface. It can monitor CAN busses and transmit CAN messages. USBtin implements the USB CDC class and creates a virtual comport on the host computer.
  • OpenXC - OpenXC is a combination of open source hardware and software that lets you extend your vehicle with custom applications and pluggable modules. It uses standard, well-known tools to open up a wealth of data from the vehicle to developers. Started by researchers at Ford, it works for all 2002 and newer MY vehicles (standard OBD-II interface). Researchers at Ford Motor Company joined up to create a standard way of creating aftermarket software and hardware for vehicles.
  • Macchina M2 - Macchina 2.0 is a complete overhaul of our 1.X generation of Macchina. The goals are still the same: Create an easy-to-use, fully-open, and super-compatible automotive interface.
  • PandwaRF - PandwaRF is a pocket-sized, portable RF analysis tool operating the sub-1 GHz range. It allows the capture, analysis and re-transmission of RF via an Android device or a Linux PC. Capture any data in ASK/OOK/MSK/2-FSK/GFSK modulation from the 300-928 MHz band.
  • CAN MITM Bridge by MUXSCAN - a tool to MITM CAN messages, allowing easy interaction with your car.

Software

  • Applications
  • Software applications that will help you hack your car, investigate it's signals, and general tinkering with it.
  • Wireshark - WireShark can be used for reversing CAN communications.
  • Kayak - Java application for CAN bus diagnosis and monitoring.
  • UDSim - GUI tool that can monitor a CAN bus and automatically learn the devices attached to it by watching communications.
  • RomRaider - An open source tuning suite for the Subaru engine control unit that lets you view and log data and tune the ECU.
  • Intrepid Tools - Expensive, but extremely versatile tools specifically designed for reversing CAN and other vehicle communication protocols.
  • O2OO - Works with the ELM327 to record data to a SQLite database for graphing purposes. It also supports reading GPS data. You can connect this to your car and have it map out using Google Maps KML data where you drive.
  • CANToolz - CANToolz is a framework for analysing CAN networks and devices. It is based on several modules which can be assembled in a pipeline.
  • BUSMASTER -An Open Source tool to simulate, analyze and test data bus systems such as CAN, LIN, FlexRay.
  • OpenXC - Currently, OpenXC works with Python and Android, with libraries provided to get started.
  • openpilot - openpilot is an open source driving agent that performs the functions of Adaptive Cruise Control (ACC) and Lane Keeping Assist System (LKAS) for Hondas and Acuras.
  • openalpr - An open source Automatic License Plate Recognition library written in C++ with bindings in C#, Java, Node.js, Go, and Python.
  • metasploit - The popular metasploit framework now supports Hardware Bridge sessions, that extend the framework's capabilites onto hardware devices such as socketcan and SDR radios.
  • Mazda AIO Tweaks - All-in-one installer/uninstaller for many available Mazda MZD Infotainment System tweaks.
  • mazda_getInfo - A PoC that the USB port is an attack surface for a Mazda car's infotainment system and how Mazda hacks are made (known bug in the CMU).
  • talking-with-cars - CAN related scripts, and scripts to use a car as a gamepad
  • CANalyzat0r - A security analysis toolkit for proprietary car protocols.

Libraries and Tools

  • Custom Applications SDK for Mazda Connect Infotainment System - A micro framework that allows you to write and deploy custom applications for the Mazda Infotainment System.
  • C
  • SocketCAN Utils - Userspace utilites for SocketCAN on Linux.
  • vircar - a Virtual car userspace that sends CAN messages based on SocketCAN
  • dbcc - "dbcc is a program for converting a DBC file primarily into into C code that can serialize and deserialize CAN messages." With existing DBC files from a vehicle, this file allows you to convert them to C code that extracts the CAN messages and properties of the CAN environment.
  • C++
  • High Level ViWi Service - High level Volkswagen CAN signaling protocol implementation.
  • CanCat - A "swiss-army knife" for interacting with live CAN data. Primary API interface in Python, but written in C++.
  • Python
  • CANard - A Python framework for Controller Area Network applications.
  • Caring Caribou - Intended to be the nmap of vehicle security.
  • c0f - A fingerprinting tool for CAN communications that can be used to find a specific signal on a CAN network when testing interactions with a vehicle.
  • Python-CAN - Python interface to various CAN implementations, including SocketCAN. Allows you to use Python 2.7.x or 3.3.x+ to communicate over CAN networks.
  • Python-OBD - A Python module for handling realtime sensor data from OBD-II vehicle ports. Works with ELM327 OBD-II adapters, and is fit for the Raspberry Pi.
  • CanCat - A "swiss-army knife" for interacting with live CAN data. Primary API interface in Python, but written in C++.
  • Scapy - A python library to send, receive, edit raw packets. Supports CAN and automotive protocols: see the automotive doc
  • Go
  • CANNiBUS - A Go server that allows a room full of researchers to simultaneously work on the same vehicle, whether for instructional purposes or team reversing sessions.
  • CAN Simulator - A Go based CAN simulator for the Raspberry Pi to be used with PiCAN2 or the open source CAN Simulator board
  • JavaScript
  • NodeJS extension to SocketCAN - Allows you to communicate over CAN networks with simple JavaScript functions.

Companies and Jobs

  • UberATC - Uber Advanced Technologies Center - [email protected].
  • Tesla - Tesla hires security professionals for a variety of roles, particularly securing their vehicles.
  • Intrepid Control Systems - Embedded security company building tools for reversing vehicles.
  • Rapid7 - Rapid7 does work in information, computer, and embedded security.
  • IOActive - Security consulting firm that does work on pentesting hardware and embedded systems.

Coordinated disclosure

  • General Motors on HackerOne - Coordinated disclosure submissions accepted
  • Fiat Chrysler Automobiles on Bugcrowd - Coordinated disclosure submissions accepted, paid bounties offered
  • Tesla Motors on Bugcrowd - Coordinated disclosure submissions accepted, paid bounties offered

Talks and Demonstration

Kevin Mitnick

https://www.youtube.com/watch?v=FH3sxFl-4is

https://www.youtube.com/watch?v=Mk9CA8MkUXY

https://www.youtube.com/watch?v=VX59Gf-Twwo

https://www.youtube.com/watch?v=aP8yrkkLWlM&t=1s

https://www.youtube.com/watch?v=K-96JmC2AkE

https://www.youtube.com/watch?v=vz9IPVhBUpc

https://www.youtube.com/watch?v=Ex4GpcllvsM

Julio Dela Flora

https://www.youtube.com/watch?v=DE-FNN5Ps6w

https://www.youtube.com/watch?v=1zmLfUzu3S8

https://www.youtube.com/watch?v=IfzvXLNSZpU

https://www.youtube.com/watch?v=cHy0vUC2wzg

https://www.youtube.com/watch?v=fM9mcoUt6TE

https://www.youtube.com/watch?v=X5Hj-3eStWQ

https://www.youtube.com/watch?v=O-dCs0gPDMA

https://www.youtube.com/watch?v=ueSMLYO1eXw

https://www.youtube.com/watch?v=aBYOedssgpY

https://www.youtube.com/watch?v=XKZwZMFYzkM

https://www.youtube.com/user/jcldfjcldf

https://www.instagram.com/juliodellaflora/?hl=pt-br

https://hotmart.com/product/hardware-hacking-iot-pentest-e-red-team-gadgets/Q34601203W

Leonardo La Rosa

https://www.youtube.com/user/rl34075

https://acaditi.com.br/curso-hardware-hacking/

https://www.instagram.com/leonardo.cyber/?hl=pt-br

https://github.com/AcadiTi/Hardware-Hacking

Hak5

https://hak5.org/

https://www.youtube.com/channel/UC3s0BtrBJpwNDaflRSoiieQ

https://www.youtube.com/watch?v=nD-F_id3OzQ

Make me Hack

https://www.youtube.com/watch?v=LSQf3iuluYo&list=PLoFdAHrZtKkhcd9k8ZcR4th8Q8PNOx7iU

Talks and Demonostrations

https://www.youtube.com/watch?v=Tq5-7szmxLA

https://www.youtube.com/watch?v=MAXv9pd45Kw

https://www.youtube.com/watch?v=hoPWsOiHkvE

https://www.youtube.com/watch?v=6ofPbclXuZQ

https://www.youtube.com/watch?v=_eSAF_qT_FY

https://www.youtube.com/watch?v=aHLJRcI5jcU

https://www.youtube.com/watch?v=mnvbN-k944k

https://www.youtube.com/watch?v=NiiI_oZ7y64

https://www.youtube.com/watch?v=WWQTlogqF1I

https://www.youtube.com/watch?v=ZuNOD3XWp4A

https://www.youtube.com/watch?v=tV0YqJa-0OA

https://www.youtube.com/watch?v=2atiefWOYsM

https://www.youtube.com/watch?v=h5PRvBpLuJs

  • Subtopic 1

ATM Hacking

https://www.youtube.com/watch?v=FkteGFfvwJ0&t

https://www.youtube.com/watch?v=v-dS4UFomv0&t=363s

https://www.youtube.com/watch?v=4StcW9OPpPc

https://www.youtube.com/watch?v=Ss_RWctTARU

https://www.youtube.com/watch?v=duD4y0tdvg8

https://www.youtube.com/watch?v=sIVy48aaVMk

https://www.youtube.com/watch?v=v7nejPxxc8w

https://www.youtube.com/watch?v=ThPJrPf7O2s

https://www.youtube.com/watch?v=fXWGcu1gyWk

https://www.youtube.com/watch?v=kno0vDhbb7Y

Drone Hacking

https://github.com/dhondta/dronesploit

https://github.com/markszabo/drone-hacking

https://github.com/adava/HackDrone

https://github.com/samyk/skyjack

https://github.com/Ordina-JTech/hack-a-drone

https://dronesec.com/blogs/articles/drone-hacking-tool-analysis-dronesploit

Hackaday https://hackaday.com/category/hardware/

Courses

http://www.grandideastudio.com/hardware-hacking-training/

https://www.educba.com/hardware-hacking/

https://niccs.cisa.gov/training/search/tactical-network-solutions-llc/hardware-hacking-workshop-online

https://advancedsecurity.training/training/live-hardware-intro/?event=live-hardware-intro-spring-2021

Dmitry Nedospasov

and Josh Datko

https://github.com/nedos?tab=repositories

https://twitter.com/nedos

https://github.com/jbdatko

https://twitter.com/cryptotx

Ben Knight

https://hardwarehacking.nz/

https://insomniasec.com/blog/playstation-classic-hacking

Joe Grand

https://twitter.com/joegrand

http://www.grandideastudio.com/

https://hardwaresecurity.training/trainings/hardware-hacking-basics-2019/

https://www.youtube.com/watch?v=1pjrpXLvN0Y

https://www.youtube.com/watch?v=5bcbmef4I3I

https://www.youtube.com/watch?v=hFmNih6QbTI

https://www.youtube.com/watch?v=MhUF4MVnSoo

https://www.youtube.com/watch?v=EI9wiOgNl8U

https://www.youtube.com/watch?v=wG3uUVzWwDc

XMind - Evaluation Version

More Repositories

1

OSCE3-Complete-Guide

OSWE, OSEP, OSED, OSEE
2,568
star
2

Awesome-Red-Team-Operations

1,260
star
3

Guide-CEH-Practical-Master

1,168
star
4

Cloud-Security-Attacks

Azure and AWS Attacks
1,043
star
5

Awesome-Cloud-PenTest

676
star
6

Red-Team-Management

HTML
627
star
7

Offensivesecurity-Checklists

Checklists for Testing Security environment
545
star
8

Awesome-Malware-and-Reverse-Engineering

379
star
9

eWPTX-Preparation

325
star
10

Python-for-Security

HTML
303
star
11

GCP-Pentest-Checklist

213
star
12

OSCP-Survival-Guide

208
star
13

information-security-relatory

Reports from various areas of information security
188
star
14

PNPT-Preparation-Guide

PNPT Exam Preparation - TCM Security
154
star
15

eWPT-Preparation

148
star
16

Red-Team-Exercises

C++
139
star
17

awesome-flipperzero2

Compilation of contents about Flipper Zero
127
star
18

Awesome-PenTest-Practice

Hackthebox, Vulnhub, TryHackMe and Real World PenTest
101
star
19

eCXD-Preparation

eLearnSecurity Certified Exploit Development
98
star
20

Awesome-Blue-Team-Operations

96
star
21

PenTest-Consulting-Creator

Repository with some necessary information for you to create your PenTest consultancy
91
star
22

PenTest-Certifications-Roadmap

83
star
23

Buffer-Overflow-Labs

Practice Labs
80
star
24

Awesome-Exploit-Development

73
star
25

OSCP-in-one-month

72
star
26

RedTeam-Scripts

PowerShell
71
star
27

BadPDF-Generator

Python
64
star
28

Template-CherryTree-PenTest

62
star
29

Adversary-Emulation-Matrix

59
star
30

Web-PenTest-Checklist

48
star
31

Windows-API-for-Red-Team

Python
48
star
32

Facial-Recognition-PenTest-Checklist

47
star
33

PenTest-Report-Collection

41
star
34

CyberSecurityUP

Hack
40
star
35

CyberSecurity-LinkedIn-Materials

34
star
36

Information-Security-Certifications-Map

29
star
37

Powershell-for-PenTest

28
star
38

smart-contracts-audit-checklist

25
star
39

Hackthebox-Privilege-Escalation

24
star
40

Osint-Social-Mapping

OSINT mapping using Twitter, Ficklr, Shodan and Insecam
Python
22
star
41

AV-Bypass-codes

Python, C++ and Go
C++
21
star
42

Windows-Defender-DLL-Hijacking

C++
20
star
43

PhantomsGate

PhantomsGate: Advanced Shellcode Injection Technique
C++
20
star
44

Bug-Bounty-Dorks-Vulns

19
star
45

python-for-hackers

Python
19
star
46

Cybersecurity-Certifications-Guide

19
star
47

Web-PenTest-Resume-Tips

19
star
48

Fuxsociety

Fuxsociety Mr Robot 2.1
Python
18
star
49

CRPYA

Challenge Python
Python
18
star
50

Mitre-Attack-Matrix

17
star
51

Cracking-The-Perimeter-Framework

New Framework Red Team Operations
17
star
52

shellcode-runner-rust

Simple Shellcode Runner in Rust Language
Rust
17
star
53

AWS-Cloud-Practicioner-Notes

15
star
54

PyDorkGPT

Google Hacking using Prompt ChatGPT
Python
14
star
55

Trevorfuscation

A tool that automates the trevorc2 powershell agent obfuscation process with the pyfuscation tool
Shell
14
star
56

Adversary-Emulation-Guide

14
star
57

Cyber-Security-Contents

14
star
58

Physical-PenTest-Methodology

Basic guide for performing a Physical PenTest - Nist 800-12, 800-53, 800-115, 800-152
14
star
59

GCP-Adversary-Emulator

Comprehensive adversary emulation tool for security testing on Google Cloud Platform (GCP) environments.
Python
14
star
60

OSWP-Automated-tools

Shell
13
star
61

Python-Introduction

Python
13
star
62

backup-fu

Automatic cloud backup of Kali Linux data
Shell
12
star
63

Harden-Fu

Shell
11
star
64

C2Matrix-Automation

C2Matrix Automation
Shell
11
star
65

HermitPurple-Maltegoce

Finding Missing People, extract information in Dark Web and Surfaceweb Investigation and Human Trafficking Support
Python
11
star
66

k8senumeration

Kubernetes, Clusters and Dockers Enumeration in GCP and AWS environments
Python
11
star
67

LiesGate

C++
11
star
68

HunterX

King of Bug Bounty Tips Simple Tool
Shell
10
star
69

Malware-Analysis-Exercises

10
star
70

ISO-27002-Document

10
star
71

Ransomware-Codes

Educational repository with source code examples
10
star
72

RansomwarePy

Ransomware Python
Python
7
star
73

TTPs-Mitre-Attack

7
star
74

Red-Team-Operations-Framework

Red Team Operations Framework
7
star
75

study-TI

Auxilios nos seus estudos e planejamento
6
star
76

Challenges

Challenge Inmetrics
HTML
6
star
77

Documentation-of-information-security

6
star
78

stalkfacebook1.0

Python
6
star
79

AWS-Cloud-Architect-Associate-Notes

6
star
80

Simple-Ransomwares

C++
6
star
81

AhmiaDomainExtractor-Maltegoce

Python
6
star
82

Application-Vulnerable

6
star
83

ProcessKiller-BYOVD

BYOVD Technique Example using viragt64 driver
C++
5
star
84

shellcode-templates

Assembly
5
star
85

Standards-and-Controls

5
star
86

facebookstalking2.0

Python
5
star
87

block-website

Bloqueador de website feito em python
Python
5
star
88

Suicide-Prevention-Map

Suicide Prevention Map using Google Place API and Google Search API
Python
5
star
89

SafeBuddy

APK Suicide Prevention
Java
5
star
90

MacInjector-Automated

MacInjector is a tool that lists macOS applications, checks code-signing vulnerabilities, and injects a dynamic library (dylib) into a vulnerable application.
Python
5
star
91

ReconFu

Scripts made in python to automate recognition
Python
5
star
92

DeepFakeDetect-URL

Detect if a photo is deepfake by passing the URL and analyzing
Python
5
star
93

JWTK-Exploits

Python
4
star
94

SilverEye-Twitter-Scraping

A tool created to scrape twitter using its own API
Python
4
star
95

Snake-AI

Edition Code for Python the AI
Python
4
star
96

owasp-asvs-checklist-portugues

4
star
97

reversescripts

Scripts para Engenharia Reversa
Python
4
star
98

CRTO-Study

Zeropoint Course CRTO
HTML
4
star
99

My-CVEs

4
star
100

SyscallHookDetector

C++
4
star