jae/jaeswift-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
jaeswift-website/api/data/awesomelist/fkie-cad--awesome-embedded-and-iot-security.json

1 line
No EOL
17 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{"slug": "fkie-cad--awesome-embedded-and-iot-security", "title": "Awesome Embedded and Iot Security", "description": "A curated list of awesome embedded and IoT security resources.", "github_url": "https://github.com/fkie-cad/awesome-embedded-and-iot-security", "stars": "1.4K", "tag": "Security", "entry_count": 104, "subcategory_count": 13, "subcategories": [{"name": "General", "parent": "", "entries": [{"name": "Software Tools", "url": "#software-tools", "description": ""}, {"name": "Hardware Tools", "url": "#hardware-tools", "description": ""}, {"name": "Books", "url": "#books", "description": ""}, {"name": "Research Papers", "url": "#research-papers", "description": ""}, {"name": "Case Studies", "url": "#case-studies", "description": ""}, {"name": "Free Training", "url": "#free-training", "description": ""}, {"name": "Websites", "url": "#websites", "description": ""}, {"name": "Conferences", "url": "#conferences", "description": ""}, {"name": "Contribute", "url": "#contribute", "description": ""}, {"name": "License", "url": "#license", "description": ""}]}, {"name": "Analysis Frameworks", "parent": "Software Tools", "entries": [{"name": "EXPLIoT", "url": "https://gitlab.com/expliot_framework/expliot", "description": "Pentest framework like Metasploit but specialized for IoT."}, {"name": "FACT - The Firmware Analysis and Comparison Tool", "url": "https://fkie-cad.github.io/FACT_core/", "description": "Full-featured static analysis framework including extraction of firmware, analysis utilizing different plug-ins and comparison of different firmware versions."}, {"name": "FwAnalyzer", "url": "https://github.com/cruise-automation/fwanalyzer", "description": "Analyze security of firmware based on customized rules. Intended as additional step in DevSecOps, similar to CI.", "stars": "474"}, {"name": "HAL The Hardware Analyzer", "url": "https://github.com/emsec/hal", "description": "A comprehensive reverse engineering and manipulation framework for gate-level netlists.", "stars": "480"}, {"name": "HomePWN", "url": "https://github.com/ElevenPaths/HomePWN", "description": "Swiss Army Knife for Pentesting of IoT Devices.", "stars": "787"}, {"name": "IoTSecFuzz", "url": "https://gitlab.com/invuls/iot-projects/iotsecfuzz", "description": "Framework for automatisation of IoT layers security analysis: hardware, software and communication."}, {"name": "Killerbee", "url": "https://github.com/riverloopsec/killerbee", "description": "Framework for Testing & Auditing ZigBee and IEEE 802.15.4 Networks.", "stars": "707"}, {"name": "PRET", "url": "https://github.com/RUB-NDS/PRET", "description": "Printer Exploitation Toolkit.", "stars": "3.6k"}, {"name": "Routersploit", "url": "https://github.com/threat9/routersploit", "description": "Framework dedicated to exploit embedded devices.", "stars": "11k"}]}, {"name": "Analysis Tools", "parent": "Software Tools", "entries": [{"name": "Binwalk", "url": "https://github.com/ReFirmLabs/binwalk", "description": "Searches a binary for \"interesting\" stuff, as well as extracts arbitrary files.", "stars": "9.7k"}, {"name": "cwe\\_checker", "url": "https://github.com/fkie-cad/cwe_checker", "description": "Finds vulnerable patterns in binary executables - ELF support for x86, ARM, and MIPS, experimental bare-metal support.", "stars": "957"}, {"name": "emba", "url": "https://github.com/e-m-b-a/emba", "description": "Analyze Linux-based firmware of embedded devices.", "stars": "2.1k"}, {"name": "Firmadyne", "url": "https://github.com/firmadyne/firmadyne", "description": "Tries to emulate and pentest a firmware.", "stars": "1.7k"}, {"name": "Firmwalker", "url": "https://github.com/craigz28/firmwalker", "description": "Searches extracted firmware images for interesting files and information.", "stars": "942"}, {"name": "Firmware Slap", "url": "https://github.com/ChrisTheCoolHut/Firmware_Slap", "description": "Discovering vulnerabilities in firmware through concolic analysis and function clustering.", "stars": "462"}, {"name": "Ghidra", "url": "https://ghidra-sre.org/", "description": "Software Reverse Engineering suite; handles arbitrary binaries, if you provide CPU architecture and endianness of the binary."}, {"name": "Radare2", "url": "https://github.com/radare/radare2", "description": "Software Reverse Engineering framework, also handles popular formats and arbitrary binaries, has an extensive command line toolset.", "stars": "19k"}, {"name": "Trommel", "url": "https://github.com/CERTCC/trommel", "description": "Searches extracted firmware images for interesting files and information.", "stars": "198"}]}, {"name": "Extraction Tools", "parent": "Software Tools", "entries": [{"name": "FACT Extractor", "url": "https://github.com/fkie-cad/fact_extractor", "description": "Detects container format automatically and executes the corresponding extraction tool.", "stars": "68"}, {"name": "Firmware Mod Kit", "url": "https://github.com/rampageX/firmware-mod-kit/wiki", "description": "Extraction tools for several container formats.", "stars": "726"}, {"name": "The SRecord package", "url": "http://srecord.sourceforge.net/", "description": "Collection of tools for manipulating EPROM files (can convert lots of binary formats)."}]}, {"name": "Support Tools", "parent": "Software Tools", "entries": [{"name": "JTAGenum", "url": "https://github.com/cyphunk/JTAGenum", "description": "Add JTAG capabilities to an Arduino.", "stars": "625"}, {"name": "OpenOCD", "url": "http://openocd.org/", "description": "Free and Open On-Chip Debugging, In-System Programming and Boundary-Scan Testing."}]}, {"name": "Misc Tools", "parent": "Software Tools", "entries": [{"name": "Cotopaxi", "url": "https://github.com/Samsung/cotopaxi", "description": "Set of tools for security testing of Internet of Things devices using specific network IoT protocols.", "stars": "334"}, {"name": "dumpflash", "url": "https://github.com/ohjeongwook/dumpflash", "description": "Low-level NAND Flash dump and parsing utility.", "stars": "264"}, {"name": "flashrom", "url": "https://github.com/flashrom/flashrom", "description": "Tool for detecting, reading, writing, verifying and erasing flash chips.", "stars": "731"}, {"name": "Samsung Firmware Magic", "url": "https://github.com/chrivers/samsung-firmware-magic", "description": "Decrypt Samsung SSD firmware updates.", "stars": "191"}, {"name": "Bus Blaster", "url": "http://dangerousprototypes.com/docs/Bus_Blaster", "description": "Detects and interacts with hardware debug ports like [UART](https://en.wikipedia.org/wiki/Universal_asynchronous_receiver-transmitter) and [JTAG](https://en.wikipedia.org/wiki/JTAG)."}, {"name": "Bus Pirate", "url": "http://dangerousprototypes.com/docs/Bus_Pirate", "description": "Detects and interacts with hardware debug ports like UART and JTAG."}, {"name": "Shikra", "url": "https://int3.cc/products/the-shikra", "description": "Detects and interacts with hardware debug ports like UART and JTAG. Among other protocols."}, {"name": "JTAGULATOR", "url": "http://www.grandideastudio.com/jtagulator/", "description": "Detects JTAG Pinouts fast."}, {"name": "Saleae", "url": "https://www.saleae.com/", "description": "Easy to use Logic Analyzer that support many protocols :euro:."}, {"name": "Ikalogic", "url": "https://www.ikalogic.com/pages/logic-analyzer-sp-series-sp209", "description": "Alternative to Saleae logic analyzers :euro:."}, {"name": "HydraBus", "url": "https://hydrabus.com/hydrabus-1-0-specifications/", "description": "Open source multi-tool hardware similar to the BusPirate but with NFC capabilities."}, {"name": "ChipWhisperer", "url": "https://newae.com/chipwhisperer/", "description": "Detects Glitch/Side-channel attacks."}, {"name": "Glasgow", "url": "https://github.com/GlasgowEmbedded/Glasgow", "description": "Tool for exploring and debugging different digital interfaces.", "stars": "1.8k"}, {"name": "J-Link", "url": "https://www.segger.com/products/debug-probes/j-link/models/model-overview/", "description": "J-Link offers USB powered JTAG debug probes for multiple different CPU cores :euro:."}]}, {"name": "Bluetooth BLE Tools", "parent": "Hardware Tools", "entries": [{"name": "UberTooth One", "url": "https://greatscottgadgets.com/ubertoothone/", "description": "Open source 2.4 GHz wireless development platform suitable for Bluetooth experimentation."}, {"name": "Bluefruit LE Sniffer", "url": "https://www.adafruit.com/product/2269", "description": "Easy to use Bluetooth Low Energy sniffer."}]}, {"name": "ZigBee Tools", "parent": "Hardware Tools", "entries": [{"name": "ApiMote", "url": "http://apimote.com", "description": "ZigBee security research hardware for learning about and evaluating the security of IEEE 802.15.4/ZigBee systems. Killerbee compatible."}, {"name": "Freakduino", "url": "https://freaklabsstore.com/index.php?main_page=product_info\\&cPath=22\\&products_id=219\\&zenid=fpmu2kuuk4abjf6aurt3bjnfk4", "description": "Low Cost Battery Operated Wireless Arduino Board that can be turned into a IEEE 802.15.4 protocol sniffer."}]}, {"name": "SDR Tools", "parent": "Hardware Tools", "entries": [{"name": "RTL-SDR", "url": "https://www.rtl-sdr.com/buy-rtl-sdr-dvb-t-dongles/", "description": "Cheapest SDR for beginners. It is a computer based radio scanner for receiving live radio signals frequencies from 500 kHz up to 1.75 GHz."}, {"name": "HackRF One", "url": "https://greatscottgadgets.com/hackrf/", "description": "Software Defined Radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz (half-duplex)."}, {"name": "YardStick One", "url": "https://greatscottgadgets.com/yardstickone/", "description": "Half-duplex sub-1 GHz wireless transceiver."}, {"name": "LimeSDR", "url": "https://www.crowdsupply.com/lime-micro/limesdr", "description": "Software Defined Radio peripheral capable of transmission or reception of radio signals from 100 KHz to 3.8 GHz (full-duplex)."}, {"name": "BladeRF 2.0", "url": "https://www.nuand.com/bladerf-2-0-micro/", "description": "Software Defined Radio peripheral capable of transmission or reception of radio signals from 47 MHz to 6 GHz (full-duplex)."}, {"name": "USRP B Series", "url": "https://www.ettus.com/product-categories/usrp-bus-series/", "description": "Software Defined Radio peripheral capable of transmission or reception of radio signals from 70 MHz to 6 GHz (full-duplex)."}]}, {"name": "RFID NFC Tools", "parent": "Hardware Tools", "entries": [{"name": "Proxmark 3 RDV4", "url": "https://www.proxmark.com/", "description": "Powerful general purpose RFID tool. From Low Frequency (125kHz) to High Frequency (13.56MHz) tags."}, {"name": "ChamaleonMini", "url": "http://chameleontiny.com/", "description": "Programmable, portable tool for NFC security analysis."}, {"name": "HydraNFC", "url": "https://hydrabus.com/hydranfc-1-0-specifications/", "description": "Powerful 13.56MHz RFID / NFC platform. Read / write / crack / sniff / emulate."}, {"name": "Binary Hardening in IoT products", "url": "https://cyber-itl.org/2019/08/26/iot-data-writeup.html", "description": ""}, {"name": "Cracking Linksys “Encryption”", "url": "http://www.devttys0.com/2014/02/cracking-linksys-crypto/", "description": ""}, {"name": "Deadly Sins Of Development", "url": "https://youtu.be/nXyglaY9N9w", "description": "Conference talk presenting several real world examples on real bad implementations :tv:."}, {"name": "Dumping firmware from a device's SPI flash with a buspirate", "url": "https://www.iotpentest.com/2019/06/dumping-firmware-from-device-using.html", "description": ""}, {"name": "Hacking the DSP-W215, Again", "url": "http://www.devttys0.com/2014/05/hacking-the-dspw215-again/", "description": ""}, {"name": "Hacking the PS4", "url": "https://cturt.github.io/ps4.html", "description": "Introduction to PS4's security."}, {"name": "IoT Security@CERN", "url": "https://doi.org/10.5281/zenodo.1035034", "description": ""}, {"name": "Multiple vulnerabilities found in the D-link DWR-932B", "url": "https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html", "description": ""}, {"name": "Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol", "url": "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html", "description": ""}, {"name": "PWN Xerox Printers (...again)", "url": "https://www.fkie.fraunhofer.de/content/dam/fkie/de/documents/xerox_phaser_6700_white_paper.pdf", "description": ""}, {"name": "Reversing Firmware With Radare", "url": "https://www.bored-nerds.com/reversing/radare/automotive/2019/07/07/reversing-firmware-with-radare.html", "description": ""}, {"name": "Reversing the Huawei HG533", "url": "http://jcjc-dev.com/2016/04/08/reversing-huawei-router-1-find-uart/", "description": ""}, {"name": "CSAW Embedded Security Challenge 2019", "url": "https://github.com/TrustworthyComputing/csaw_esc_2019", "description": "CSAW 2019 Embedded Security Challenge (ESC).", "stars": "33"}, {"name": "Embedded Security CTF", "url": "https://microcorruption.com", "description": "Microcorruption: Embedded Security CTF."}, {"name": "Hardware Hacking 101", "url": "https://github.com/rdomanski/hardware_hacking/tree/master/my_talks/Hardware_Hacking_101", "description": "Workshop @ BSides Munich 2019.", "stars": "37"}, {"name": "IoTGoat", "url": "https://github.com/scriptingxss/IoTGoat", "description": "IoTGoat is a deliberately insecure firmware based on OpenWrt.", "stars": "177"}, {"name": "Rhme-2015", "url": "https://github.com/Riscure/RHme-2015", "description": "First riscure Hack me hardware CTF challenge.", "stars": "105"}, {"name": "Rhme-2016", "url": "https://github.com/Riscure/Rhme-2016", "description": "Riscure Hack me 2 is a low level hardware CTF challenge.", "stars": "286"}, {"name": "Rhme-2017/2018", "url": "https://github.com/Riscure/Rhme-2017", "description": "Riscure Hack Me 3 embedded hardware CTF 2017-2018.", "stars": "84"}, {"name": "Hacking Printers Wiki", "url": "http://hacking-printers.net/wiki/index.php/Main_Page", "description": "All things printer."}, {"name": "OWASP Embedded Application Security Project", "url": "https://owasp.org/www-project-embedded-application-security/", "description": "Development best practices and list of hardware and software tools."}, {"name": "OWASP Internet of Things Project", "url": "https://owasp.org/www-project-internet-of-things/", "description": "IoT common vulnerabilities and attack surfaces."}, {"name": "Router Passwords", "url": "https://192-168-1-1ip.mobi/default-router-passwords-list/", "description": "Default login credential database sorted by manufacturer."}, {"name": "Siliconpr0n", "url": "https://siliconpr0n.org/", "description": "A Wiki/Archive of all things IC reversing."}]}, {"name": "Blogs", "parent": "Websites", "entries": [{"name": "RTL-SDR", "url": "https://www.rtl-sdr.com/", "description": ""}, {"name": "/dev/ttyS0's Embedded Device Hacking", "url": "http://www.devttys0.com/blog/", "description": ""}, {"name": "Exploiteers", "url": "https://www.exploitee.rs/", "description": ""}, {"name": "Hackaday", "url": "https://hackaday.com", "description": ""}, {"name": "jcjc's Hack The World", "url": "https://jcjc-dev.com/", "description": ""}, {"name": "Quarkslab", "url": "https://blog.quarkslab.com/", "description": ""}, {"name": "wrong baud", "url": "https://wrongbaud.github.io/", "description": ""}, {"name": "Firmware Security", "url": "https://firmwaresecurity.com/", "description": ""}, {"name": "PenTestPartners", "url": "https://www.pentestpartners.com/internet-of-things/", "description": ""}, {"name": "Attify", "url": "https://blog.attify.com/", "description": ""}, {"name": "Patayu", "url": "https://payatu.com/blog", "description": ""}, {"name": "GracefulSecurity - Hardware tag", "url": "https://gracefulsecurity.com/category/hardware/", "description": ""}, {"name": "Black Hills - Hardware Hacking tag", "url": "https://www.blackhillsinfosec.com/tag/hardware-hacking/", "description": ""}]}, {"name": "Tutorials and Technical Background", "parent": "Websites", "entries": [{"name": "Azeria Lab", "url": "https://azeria-labs.com/", "description": "Miscellaneous ARM related Tutorials."}, {"name": "JTAG Explained", "url": "https://blog.senr.io/blog/jtag-explained#", "description": "A walkthrough covering UART and JTAG bypassing a protected login shell."}, {"name": "Reverse Engineering Serial Ports", "url": "http://www.devttys0.com/2012/11/reverse-engineering-serial-ports/", "description": "Detailed tutorial about how to spot debug pads on a PCB."}, {"name": "UART explained", "url": "https://www.mikroe.com/blog/uart-serial-communication", "description": "An in depth explanation of the UART protocol."}]}, {"name": "YouTube Channels", "parent": "Websites", "entries": [{"name": "Flashback Team", "url": "https://www.youtube.com/c/FlashbackTeam", "description": "A duo of hackers explaining their step by step approach to finding and exploiting vulnerabilities in embedded devices."}, {"name": "StackSmashing", "url": "https://www.youtube.com/c/stacksmashing", "description": "Reverse engineering and hardware hacking of embedded devices."}, {"name": "Hardwear.io", "url": "https://hardwear.io/", "description": ""}]}]}
Reference in a new issue View git blame Copy permalink