IoT Pentesting 101 && IoT security 101

Approach Methodology

1. Network
2. Web (Front & Backend and Web services)
3. Mobile App(Android & iOS)
4. Wireless Connectivity
5. Firmware Pentesting(Hardware or IoT device OS)
6. Hardware Level Approach
7. Storage Areas

To seen Hacked devices

1. https://blog.exploitee.rs/2018/10/
2. https://www.exploitee.rs/
3. https://forum.exploitee.rs/
4. Your Lenovo Watch X Is Watching You & Sharing What It Learns
5. Your Smart Scale is Leaking More than Your Weight: Privacy Issues in IoT
6. Smart Bulb Offers Light, Color, Music, and… Data Exfiltration?

Contents

Telegram group for IoT Security

• https://t.me/iotsecurity1011

Books

• Android Hacker's Handbook
• Hacking the Xbox
• Car hacker's handbook
• IoT Penetration Testing Cookbook
• Abusing the Internet of Things
• Hardware Hacking: Have Fun while Voiding your Warranty
• Linksys WRT54G Ultimate Hacking
• Linux Binary Analysis
• Firmware

Blogs for iotpentest

1. http://iotpentest.com/
2. https://blog.attify.com
3. https://payatu.com/blog/
4. http://jcjc-dev.com/
5. https://w00tsec.blogspot.in/
6. http://www.devttys0.com/
7. https://www.rtl-sdr.com/
8. https://keenlab.tencent.com/en/
9. https://courk.cc/
10. https://iotsecuritywiki.com/
11. https://cybergibbons.com/
12. http://firmware.re/
13. https://iotmyway.wordpress.com/
14. http://blog.k3170makan.com/
15. https://blog.tclaverie.eu/
16. http://blog.besimaltinok.com/category/iot-pentest/
17. https://ctrlu.net/
18. https://duo.com/decipher/

Search Engines for IoT Devices

1. Shodan
2. FOFA
3. Censys
4. Zoomeye
5. ONYPHE

CTF For IoT's And Embeddded

1. https://github.com/hackgnar/ble_ctf
2. https://www.microcorruption.com/
3. https://github.com/Riscure/Rhme-2016
4. https://github.com/Riscure/Rhme-2017
5. https://blog.exploitlab.net/2018/01/dvar-damn-vulnerable-arm-router.html

YouTube Channels for IoT Pentesting

1. Liveoverflow
2. Binary Adventure
3. EEVBlog
4. JackkTutorials
5. Craig Smith
6. veerababu [Mr-IoT]
7. Besim ALTINOK - IoT - Hardware - Wireless

IoT security vulnerabilites checking guides

• Reflecting upon OWASP TOP-10 IoT Vulnerabilities
• OWASP IoT Top 10 2018 Mapping Project

Exploitation Tools & OS

• Expliot - IoT Exploitation framework - by Aseemjakhar
• AttifyOS - IoT Pentest OS - by Aditya Gupta
• Ubutnu Best Host Linux for IoT's - Use LTS
• A Small, Scalable Open Source RTOS for IoT Embedded Devices
• Skywave Linux- Software Defined Radio for Global Online Listening
• Routersploit (Exploitation Framework for Embedded Devices)
• IoTSecFuzz (comprehensive testing for IoT device)

Reverse Enginnering Tools

• IDA Pro
• GDB
• Radare2
• Ghidra

Introduction

• Introduction to IoT
• IoT Architecture
• IoT attack surface
• IoT Protocols Overview

IoT Protocols Pentesting

MQTT

• Introduction
• Hacking the IoT with MQTT
• thoughts about using IoT MQTT for V2V and Connected Car from CES 2014
• Nmap
• The Seven Best MQTT Client Tools
• A Guide to MQTT by Hacking a Doorbell to send Push Notifications

CoAP

• Introduction
• CoAP client Tools
• CoAP Pentest Tools
• Nmap

Automobile

CanBus

• Introduction and protocol Overview
• PENTESTING VEHICLES WITH CANTOOLZ
• Building a Car Hacking Development Workbench: Part1
• CANToolz - Black-box CAN network analysis framework

Radio IoT Protocols Overview

• Understanding Radio
• Signal Processing
• Software Defined Radio
• Gnuradio
• Creating a flow graph
• Analysing radio signals
• Recording specific radio signal
• Replay Attacks

Base transceiver station (BTS)

• what is base tranceiver station
• How to Build Your Own Rogue GSM BTS

GSM & SS7 Pentesting

• Introduction to GSM Security
• GSM Security 2
• vulnerabilities in GSM security with USRP B200
• Security Testing 4G (LTE) Networks
• Case Study of SS7/SIGTRAN Assessment
• Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP
• ss7MAPer – A SS7 pen testing toolkit
• Introduction to SIGTRAN and SIGTRAN Licensing
• SS7 Network Architecture
• Introduction to SS7 Signaling

Zigbee & Zwave

• Introduction and protocol Overview
• Hacking Zigbee Devices with Attify Zigbee Framework
• Hands-on with RZUSBstick
• ZigBee & Z-Wave Security Brief

BLE

• Traffic Engineering in a Bluetooth Piconet
• BLE Characteristics Reconnaissance (Active and Passive) with HCI Tools
  • btproxy
  • hcitool & bluez
  • Testing With GATT Tool
  • Cracking encryption
  • bettercap

BLE Sniffing/MiTM

• BtleJuice Bluetooth Smart Man-in-the-Middle framework
• gattacker
• BTLEjack Bluetooth Low Energy Swiss army knife

Mobile security (Android & iOS)

• Android
• Android Pentest Video Course
• IOS Pentesting

ARM

• Azeria Labs
• ARM EXPLOITATION FOR IoT
• Static Binary analysis ARMV7

Firmware Pentest

• Firmware analysis and reversing
• Firmware emulation with QEMU
• Dumping Firmware using Buspirate
• Reversing ESP8266 Firmware

Firmware to pentest

• Download From here

IoT hardware Overview

• IoT Hardware Guide

Hardware Gadgets to pentest

• Bus Pirate
• EEPROM readers
• Jtagulator / Jtagenum
• Logic Analyzer
• The Shikra
• FaceDancer21 (USB Emulator/USB Fuzzer)
• RfCat
• Hak5Gear- Hak5FieldKits
• Ultra-Mini Bluetooth CSR 4.0 USB Dongle Adapter
• Attify Badge - UART, JTAG, SPI, I2C (w/ headers)
• Ubertooth

Attacking Hardware Interfaces

• Serial Terminal Basics
• Reverse Engineering Serial Ports
• REVERSE ENGINEERING ARCHITECTURE AND PINOUT OF CUSTOM ASICS

UART

• Identifying UART interface
• onewire-over-uart
• Accessing sensor via UART
• Using UART to connect to a chinese IP cam
• A journey into IoT – Hardware hacking: UART

JTAG

• Identifying JTAG interface
• NAND Glitching Attack

SideChannel Attacks

• All Attacks