Embedded and IoT Security

Pentest framework like Metasploit but specialized for IoT.

Full-featured static analysis framework including extraction of firmware, analysis utilizing different plug-ins and comparison of different firmware versions.Improving your firmware security analysis process with FACT - Conference talk about FACT

Analyze security of firmware based on customized rules. Intended as additional step in DevSecOps, similar to CI.

A comprehensive reverse engineering and manipulation framework for gate-level netlists.

Swiss Army Knife for Pentesting of IoT Devices.

Framework for automatisation of IoT layers security analysis: hardware, software and communication.

Framework for Testing & Auditing ZigBee and IEEE 802.15.4 Networks.

Printer Exploitation Toolkit.

Framework dedicated to exploit embedded devices.

Searches a binary for "interesting" stuff, as well as extracts arbitrary files.

Finds vulnerable patterns in binary executables - ELF support for x86, ARM, and MIPS, experimental bare-metal support.

Analyze Linux-based firmware of embedded devices.

Tries to emulate and pentest a firmware.

Searches extracted firmware images for interesting files and information.

Discovering vulnerabilities in firmware through concolic analysis and function clustering.

Software Reverse Engineering suite; handles arbitrary binaries, if you provide CPU architecture and endianness of the binary.

Software Reverse Engineering framework, also handles popular formats and arbitrary binaries, has an extensive command line toolset.

Searches extracted firmware images for interesting files and information.

Detects container format automatically and executes the corresponding extraction tool.

Extraction tools for several container formats.

Collection of tools for manipulating EPROM files (can convert lots of binary formats).

Add JTAG capabilities to an Arduino.

Free and Open On-Chip Debugging, In-System Programming and Boundary-Scan Testing.

Set of tools for security testing of Internet of Things devices using specific network IoT protocols.

Low-level NAND Flash dump and parsing utility.

Tool for detecting, reading, writing, verifying and erasing flash chips.

Decrypt Samsung SSD firmware updates.

Detects and interacts with hardware debug ports like UART and JTAG.

Detects and interacts with hardware debug ports like UART and JTAG.

Detects and interacts with hardware debug ports like UART and JTAG. Among other protocols.

Detects JTAG Pinouts fast.

Easy to use Logic Analyzer that support many protocols

Alternative to Saleae logic analyzers

Open source multi-tool hardware similar to the BusPirate but with NFC capabilities.

Detects Glitch/Side-channel attacks.

Tool for exploring and debugging different digital interfaces.

J-Link offers USB powered JTAG debug probes for multiple different CPU cores

Open source 2.4 GHz wireless development platform suitable for Bluetooth experimentation.

Easy to use Bluetooth Low Energy sniffer.

ZigBee security research hardware for learning about and evaluating the security of IEEE 802.15.4/ZigBee systems. Killerbee compatible.

Low Cost Battery Operated Wireless Arduino Board that can be turned into a IEEE 802.15.4 protocol sniffer.

Cheapest SDR for beginners. It is a computer based radio scanner for receiving live radio signals frequencies from 500 kHz up to 1.75 GHz.

Software Defined Radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz (half-duplex).

Half-duplex sub-1 GHz wireless transceiver.

Software Defined Radio peripheral capable of transmission or reception of radio signals from 100 KHz to 3.8 GHz (full-duplex).

Software Defined Radio peripheral capable of transmission or reception of radio signals from 47 MHz to 6 GHz (full-duplex).

Software Defined Radio peripheral capable of transmission or reception of radio signals from 70 MHz to 6 GHz (full-duplex).

Powerful general purpose RFID tool. From Low Frequency (125kHz) to High Frequency (13.56MHz) tags.

Programmable, portable tool for NFC security analysis.

Powerful 13.56MHz RFID / NFC platform. Read / write / crack / sniff / emulate.

2020, Fotios Chantzis, Evangel Deirme, Ioannis Stais, Paulino Calderon, Beau Woods: Practical IoT Hacking

2020, Jasper van Woudenberg, Colin O'Flynn: The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks

2019, Yago Hansen: The Hacker's Hardware Toolkit: The best collection of hardware gadgets for Red Team hackers, Pentesters and security researchers

2019, Aditya Gupta: The IoT Hacker's Handbook: A Practical Guide to Hacking the Internet of Things

2018, Mark Swarup Tehranipoor: Hardware Security: A Hands-on Learning Approach

2018, Mark Carney: Pentesting Hardware - A Practical Handbook (DRAFT)

2018, Qing Yang, Lin Huang Inside Radio: An Attack and Defense Guide

2017, Aditya Gupta, Aaron Guzman: IoT Penetration Testing Cookbook

2017, Andrew Huang: The Hardware Hacker: Adventures in Making and Breaking Hardware

2016, Craig Smith: The Car Hacker's Handbook: A Guide for the Penetration Tester

2015, Keng Tiong Ng: The Art of PCB Reverse Engineering

2015, Nitesh Dhanjan: Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts

2015, Joshua Wright , Johnny Cache: Hacking Wireless Exposed

2014, Debdeep Mukhopadhyay: Hardware Security: Design, Threats, and Safeguards

2014, Jack Ganssle: The Firmware Handbook (Embedded Technology)

2013, Andrew Huang: Hacking the XBOX

2020, Oser et al: SAFER: Development and Evaluation of an IoT Device Risk Assessment Framework in a Multinational Organization

2019, Agarwal et al: Detecting IoT Devices and How They Put Large Heterogeneous Networks at Security Risk

2019, Almakhdhub et al: BenchIoT: A Security Benchmark for the Internet of Things

2019, Alrawi et al: SoK: Security Evaluation of Home-Based IoT Deployments

2019, Abbasi et al: Challenges in Designing Exploit Mitigations for Deeply Embedded Systems

2019, Song et al: PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary

2018, Muench et al: What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices

2017, O'Meara et al: Embedded Device Vulnerability Analysis Case Study Using Trommel

2017, Jacob et al: How to Break Secure Boot on FPGA SoCs through Malicious Hardware

2017, Costin et al: Towards Automated Classification of Firmware Images and Identification of Embedded Devices

2016, Kammerstetter et al: Embedded Security Testing with Peripheral Device Caching and Runtime Program State Approximation

2016, Chen et al: Towards Automated Dynamic Analysis for Linux-based Embedded Firmware

2016, Costin et al: Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces

2015, Shoshitaishvili et al:Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware

2015, Papp et al: Embedded Systems Security: Threats, Vulnerabilities, and Attack Taxonomy

2014, Zaddach et al: Avatar: A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares

2014, Alimi et al: Analysis of embedded applications by evolutionary fuzzing

2014, Costin et al: A Large-Scale Analysis of the Security of Embedded Firmwares

2013, Davidson et al: FIE on Firmware: Finding Vulnerabilities in Embedded Systems using Symbolic Execution

Conference talk presenting several real world examples on real bad implementations

Introduction to PS4's security.

CSAW 2019 Embedded Security Challenge (ESC).

Microcorruption: Embedded Security CTF.

Workshop @ BSides Munich 2019.

IoTGoat is a deliberately insecure firmware based on OpenWrt.

First riscure Hack me hardware CTF challenge.

Riscure Hack me 2 is a low level hardware CTF challenge.

Riscure Hack Me 3 embedded hardware CTF 2017-2018.

All things printer.

Development best practices and list of hardware and software tools.

IoT common vulnerabilities and attack surfaces.

Default login credential database sorted by manufacturer.

A Wiki/Archive of all things IC reversing.

Miscellaneous ARM related Tutorials.

A walkthrough covering UART and JTAG bypassing a protected login shell.

Detailed tutorial about how to spot debug pads on a PCB.

An in depth explanation of the UART protocol.

A duo of hackers explaining their step by step approach to finding and exploiting vulnerabilities in embedded devices.

Reverse engineering and hardware hacking of embedded devices.

EU, The Hague, September.USA, Santa Clara, June.