rhetenor/awesome-awesomeness
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update lists

Browse Source
This commit is contained in:
Jonas Zeunert
2025-07-18 22:22:32 +02:00
parent 55bed3b4a1
commit 5916c5c074
3078 changed files with 331679 additions and 357255 deletions
Download Patch File Download Diff File Expand all files Collapse all files

506
html/embeddedandiotsecurity.html Normal file
View File

@@ -0,0 +1,506 @@
<!--lint ignore awesome-license-->
<div data-align="center">
<pre><code>&lt;img width=&quot;500&quot; height=&quot;350&quot; src=&quot;iot_awesome_logo.svg&quot; alt=&quot;Awesome&quot;&gt;</code></pre>
<p><br /></p>
</div>
<h1 id="awesome-embedded-and-iot-security-awesome">Awesome Embedded and
IoT Security <a href="https://awesome.re"><img
src="https://awesome.re/badge.svg" alt="Awesome" /></a></h1>
<blockquote>
<p>A curated list of awesome resources about embedded and IoT security.
The list contains software and hardware tools, books, research papers
and more.</p>
</blockquote>
<p>Botnets like <a
href="https://en.wikipedia.org/wiki/Mirai_(malware)">Mirai</a> have
proven that there is a need for more security in embedded and IoT
devices. This list shall help beginners and experts to find helpful
resources on the topic.<br />
If you are a beginner, you should have a look at the
<ins><em>Books</em></ins> and <ins><em>Case Studies</em></ins>
sections.<br />
If you want to start right away with your own analysis, you should give
the <ins><em>Analysis Frameworks</em></ins> a try. They are easy to use
and you do not need to be an expert to get first meaningful results.</p>
<blockquote>
<p>Items marked with :euro: are comercial products.</p>
</blockquote>
<h2 id="contents">Contents</h2>
<ul>
<li><a href="#software-tools">Software Tools</a>
<ul>
<li><a href="#analysis-frameworks">Analysis Frameworks</a></li>
<li><a href="#analysis-tools">Analysis Tools</a></li>
<li><a href="#extraction-tools">Extraction Tools</a></li>
<li><a href="#support-tools">Support Tools</a></li>
<li><a href="#misc-tools">Misc Tools</a></li>
</ul></li>
<li><a href="#hardware-tools">Hardware Tools</a>
<ul>
<li><a href="#bluetooth-ble-tools">Bluetooth BLE Tools</a></li>
<li><a href="#zigbee-tools">ZigBee Tools</a></li>
<li><a href="#sdr-tools">SDR Tools</a></li>
<li><a href="#rfid-nfc-tools">RFID NFC Tools</a></li>
</ul></li>
<li><a href="#books">Books</a></li>
<li><a href="#research-papers">Research Papers</a></li>
<li><a href="#case-studies">Case Studies</a></li>
<li><a href="#free-training">Free Training</a></li>
<li><a href="#websites">Websites</a>
<ul>
<li><a href="#blogs">Blogs</a></li>
<li><a href="#tutorials-and-technical-background">Tutorials and
Technical Background</a></li>
<li><a href="#youtube-channels">YouTube Channels</a></li>
</ul></li>
<li><a href="#conferences">Conferences</a></li>
<li><a href="#contribute">Contribute</a></li>
<li><a href="#license">License</a></li>
</ul>
<h2 id="software-tools">Software Tools</h2>
<p>Software tools for analyzing embedded/IoT devices and firmware.</p>
<h3 id="analysis-frameworks">Analysis Frameworks</h3>
<ul>
<li><a href="https://gitlab.com/expliot_framework/expliot">EXPLIoT</a> -
Pentest framework like Metasploit but specialized for IoT.</li>
<li><a href="https://fkie-cad.github.io/FACT_core/">FACT - The Firmware
Analysis and Comparison Tool</a> - Full-featured static analysis
framework including extraction of firmware, analysis utilizing different
plug-ins and comparison of different firmware versions.
<ul>
<li><a
href="https://passthesalt.ubicast.tv/videos/improving-your-firmware-security-analysis-process-with-fact/">Improving
your firmware security analysis process with FACT</a> - Conference talk
about FACT :tv:.</li>
</ul></li>
<li><a
href="https://github.com/cruise-automation/fwanalyzer">FwAnalyzer</a> -
Analyze security of firmware based on customized rules. Intended as
additional step in DevSecOps, similar to CI.</li>
<li><a href="https://github.com/emsec/hal">HAL The Hardware
Analyzer</a> - A comprehensive reverse engineering and manipulation
framework for gate-level netlists.</li>
<li><a href="https://github.com/ElevenPaths/HomePWN">HomePWN</a> - Swiss
Army Knife for Pentesting of IoT Devices.</li>
<li><a
href="https://gitlab.com/invuls/iot-projects/iotsecfuzz">IoTSecFuzz</a>
- Framework for automatisation of IoT layers security analysis:
hardware, software and communication.</li>
<li><a href="https://github.com/riverloopsec/killerbee">Killerbee</a> -
Framework for Testing &amp; Auditing ZigBee and IEEE 802.15.4
Networks.</li>
<li><a href="https://github.com/RUB-NDS/PRET">PRET</a> - Printer
Exploitation Toolkit.</li>
<li><a href="https://github.com/threat9/routersploit">Routersploit</a> -
Framework dedicated to exploit embedded devices.</li>
</ul>
<h3 id="analysis-tools">Analysis Tools</h3>
<ul>
<li><a href="https://github.com/ReFirmLabs/binwalk">Binwalk</a> -
Searches a binary for “interesting” stuff, as well as extracts arbitrary
files.</li>
<li><a href="https://github.com/fkie-cad/cwe_checker">cwe_checker</a> -
Finds vulnerable patterns in binary executables - ELF support for x86,
ARM, and MIPS, experimental bare-metal support.</li>
<li><a href="https://github.com/e-m-b-a/emba">emba</a> - Analyze
Linux-based firmware of embedded devices.</li>
<li><a href="https://github.com/firmadyne/firmadyne">Firmadyne</a> -
Tries to emulate and pentest a firmware.</li>
<li><a href="https://github.com/craigz28/firmwalker">Firmwalker</a> -
Searches extracted firmware images for interesting files and
information.</li>
<li><a href="https://github.com/ChrisTheCoolHut/Firmware_Slap">Firmware
Slap</a> - Discovering vulnerabilities in firmware through concolic
analysis and function clustering.</li>
<li><a href="https://ghidra-sre.org/">Ghidra</a> - Software Reverse
Engineering suite; handles arbitrary binaries, if you provide CPU
architecture and endianness of the binary.</li>
<li><a href="https://github.com/radare/radare2">Radare2</a> - Software
Reverse Engineering framework, also handles popular formats and
arbitrary binaries, has an extensive command line toolset.</li>
<li><a href="https://github.com/CERTCC/trommel">Trommel</a> - Searches
extracted firmware images for interesting files and information.</li>
</ul>
<h3 id="extraction-tools">Extraction Tools</h3>
<ul>
<li><a href="https://github.com/fkie-cad/fact_extractor">FACT
Extractor</a> - Detects container format automatically and executes the
corresponding extraction tool.</li>
<li><a href="https://github.com/rampageX/firmware-mod-kit/wiki">Firmware
Mod Kit</a> - Extraction tools for several container formats.</li>
<li><a href="http://srecord.sourceforge.net/">The SRecord package</a> -
Collection of tools for manipulating EPROM files (can convert lots of
binary formats).</li>
</ul>
<h3 id="support-tools">Support Tools</h3>
<ul>
<li><a href="https://github.com/cyphunk/JTAGenum">JTAGenum</a> - Add
JTAG capabilities to an Arduino.</li>
<li><a href="http://openocd.org/">OpenOCD</a> - Free and Open On-Chip
Debugging, In-System Programming and Boundary-Scan Testing.</li>
</ul>
<h3 id="misc-tools">Misc Tools</h3>
<ul>
<li><a href="https://github.com/Samsung/cotopaxi">Cotopaxi</a> - Set of
tools for security testing of Internet of Things devices using specific
network IoT protocols.</li>
<li><a href="https://github.com/ohjeongwook/dumpflash">dumpflash</a> -
Low-level NAND Flash dump and parsing utility.</li>
<li><a href="https://github.com/flashrom/flashrom">flashrom</a> - Tool
for detecting, reading, writing, verifying and erasing flash chips.</li>
<li><a href="https://github.com/chrivers/samsung-firmware-magic">Samsung
Firmware Magic</a> - Decrypt Samsung SSD firmware updates.</li>
</ul>
<h2 id="hardware-tools">Hardware Tools</h2>
<ul>
<li><a href="http://dangerousprototypes.com/docs/Bus_Blaster">Bus
Blaster</a> - Detects and interacts with hardware debug ports like <a
href="https://en.wikipedia.org/wiki/Universal_asynchronous_receiver-transmitter">UART</a>
and <a href="https://en.wikipedia.org/wiki/JTAG">JTAG</a>.</li>
<li><a href="http://dangerousprototypes.com/docs/Bus_Pirate">Bus
Pirate</a> - Detects and interacts with hardware debug ports like UART
and JTAG.</li>
<li><a href="https://int3.cc/products/the-shikra">Shikra</a> - Detects
and interacts with hardware debug ports like UART and JTAG. Among other
protocols.</li>
<li><a href="http://www.grandideastudio.com/jtagulator/">JTAGULATOR</a>
- Detects JTAG Pinouts fast.</li>
<li><a href="https://www.saleae.com/">Saleae</a> - Easy to use Logic
Analyzer that support many protocols :euro:.</li>
<li><a
href="https://www.ikalogic.com/pages/logic-analyzer-sp-series-sp209">Ikalogic</a>
- Alternative to Saleae logic analyzers :euro:.</li>
<li><a
href="https://hydrabus.com/hydrabus-1-0-specifications/">HydraBus</a> -
Open source multi-tool hardware similar to the BusPirate but with NFC
capabilities.</li>
<li><a href="https://newae.com/chipwhisperer/">ChipWhisperer</a> -
Detects Glitch/Side-channel attacks.</li>
<li><a href="https://github.com/GlasgowEmbedded/Glasgow">Glasgow</a> -
Tool for exploring and debugging different digital interfaces.</li>
<li><a
href="https://www.segger.com/products/debug-probes/j-link/models/model-overview/">J-Link</a>
- J-Link offers USB powered JTAG debug probes for multiple different CPU
cores :euro:.</li>
</ul>
<h3 id="bluetooth-ble-tools">Bluetooth BLE Tools</h3>
<ul>
<li><a href="https://greatscottgadgets.com/ubertoothone/">UberTooth
One</a> - Open source 2.4 GHz wireless development platform suitable for
Bluetooth experimentation.</li>
<li><a href="https://www.adafruit.com/product/2269">Bluefruit LE
Sniffer</a> - Easy to use Bluetooth Low Energy sniffer.</li>
</ul>
<h3 id="zigbee-tools">ZigBee Tools</h3>
<ul>
<li><a href="http://apimote.com">ApiMote</a> - ZigBee security research
hardware for learning about and evaluating the security of IEEE
802.15.4/ZigBee systems. Killerbee compatible.</li>
<li>Atmel RZUSBstick - Discontinued product. Lucky if you have one! -
Tool for development, debugging and demonstration of a wide range of low
power wireless applications including IEEE 802.15.4, 6LoWPAN, and ZigBee
networks. Killerbee compatible.</li>
<li><a
href="https://freaklabsstore.com/index.php?main_page=product_info&amp;cPath=22&amp;products_id=219&amp;zenid=fpmu2kuuk4abjf6aurt3bjnfk4">Freakduino</a>
- Low Cost Battery Operated Wireless Arduino Board that can be turned
into a IEEE 802.15.4 protocol sniffer.</li>
</ul>
<h3 id="sdr-tools">SDR Tools</h3>
<ul>
<li><a
href="https://www.rtl-sdr.com/buy-rtl-sdr-dvb-t-dongles/">RTL-SDR</a> -
Cheapest SDR for beginners. It is a computer based radio scanner for
receiving live radio signals frequencies from 500 kHz up to 1.75
GHz.</li>
<li><a href="https://greatscottgadgets.com/hackrf/">HackRF One</a> -
Software Defined Radio peripheral capable of transmission or reception
of radio signals from 1 MHz to 6 GHz (half-duplex).</li>
<li><a href="https://greatscottgadgets.com/yardstickone/">YardStick
One</a> - Half-duplex sub-1 GHz wireless transceiver.</li>
<li><a href="https://www.crowdsupply.com/lime-micro/limesdr">LimeSDR</a>
- Software Defined Radio peripheral capable of transmission or reception
of radio signals from 100 KHz to 3.8 GHz (full-duplex).</li>
<li><a href="https://www.nuand.com/bladerf-2-0-micro/">BladeRF 2.0</a> -
Software Defined Radio peripheral capable of transmission or reception
of radio signals from 47 MHz to 6 GHz (full-duplex).</li>
<li><a
href="https://www.ettus.com/product-categories/usrp-bus-series/">USRP B
Series</a> - Software Defined Radio peripheral capable of transmission
or reception of radio signals from 70 MHz to 6 GHz (full-duplex).</li>
</ul>
<h3 id="rfid-nfc-tools">RFID NFC Tools</h3>
<ul>
<li><a href="https://www.proxmark.com/">Proxmark 3 RDV4</a> - Powerful
general purpose RFID tool. From Low Frequency (125kHz) to High Frequency
(13.56MHz) tags.</li>
<li><a href="http://chameleontiny.com/">ChamaleonMini</a> -
Programmable, portable tool for NFC security analysis.</li>
<li><a
href="https://hydrabus.com/hydranfc-1-0-specifications/">HydraNFC</a> -
Powerful 13.56MHz RFID / NFC platform. Read / write / crack / sniff /
emulate.</li>
</ul>
<h2 id="books">Books</h2>
<ul>
<li>2020, Fotios Chantzis, Evangel Deirme, Ioannis Stais, Paulino
Calderon, Beau Woods: <a
href="https://www.amazon.com/Fotios-Chantzis-ebook/dp/B085BVVSN6/">Practical
IoT Hacking</a></li>
<li>2020, Jasper van Woudenberg, Colin OFlynn: <a
href="https://nostarch.com/hardwarehacking">The Hardware Hacking
Handbook: Breaking Embedded Security with Hardware Attacks</a></li>
<li>2019, Yago Hansen: <a
href="https://github.com/yadox666/The-Hackers-Hardware-Toolkit/blob/master/TheHackersHardwareToolkit.pdf">The
Hackers Hardware Toolkit: The best collection of hardware gadgets for
Red Team hackers, Pentesters and security researchers</a></li>
<li>2019, Aditya Gupta: <a
href="https://www.apress.com/us/book/9781484242995">The IoT Hackers
Handbook: A Practical Guide to Hacking the Internet of Things</a></li>
<li>2018, Mark Swarup Tehranipoor: <a
href="https://www.elsevier.com/books/hardware-security/bhunia/978-0-12-812477-2">Hardware
Security: A Hands-on Learning Approach</a></li>
<li>2018, Mark Carney: <a
href="https://github.com/unprovable/PentestHardware">Pentesting Hardware
- A Practical Handbook (DRAFT)</a></li>
<li>2018, Qing Yang, Lin Huang <a
href="https://link.springer.com/book/10.1007/978-981-10-8447-8">Inside
Radio: An Attack and Defense Guide</a></li>
<li>2017, Aditya Gupta, Aaron Guzman: <a
href="https://www.packtpub.com/networking-and-servers/iot-penetration-testing-cookbook">IoT
Penetration Testing Cookbook</a></li>
<li>2017, Andrew Huang: <a
href="https://nostarch.com/hardwarehackerpaperback">The Hardware Hacker:
Adventures in Making and Breaking Hardware</a></li>
<li>2016, Craig Smith: <a href="https://nostarch.com/carhacking">The Car
Hackers Handbook: A Guide for the Penetration Tester</a></li>
<li>2015, Keng Tiong Ng: <a
href="https://visio-for-engineers.blogspot.com/p/order.html">The Art of
PCB Reverse Engineering</a></li>
<li>2015, Nitesh Dhanjan: <a
href="https://shop.oreilly.com/product/0636920033547.do">Abusing the
Internet of Things: Blackouts, Freakouts, and Stakeouts</a></li>
<li>2015, Joshua Wright , Johnny Cache: <a
href="https://www.mhprofessional.com/9780071827638-usa-hacking-exposed-wireless-third-edition-group">Hacking
Wireless Exposed</a></li>
<li>2014, Debdeep Mukhopadhyay: <a
href="https://www.taylorfrancis.com/books/9780429066900">Hardware
Security: Design, Threats, and Safeguards</a></li>
<li>2014, Jack Ganssle: <a
href="https://www.elsevier.com/books/the-firmware-handbook/ganssle/978-0-7506-7606-9">The
Firmware Handbook (Embedded Technology)</a></li>
<li>2013, Andrew Huang: <a href="https://nostarch.com/xboxfree">Hacking
the XBOX</a></li>
</ul>
<h2 id="research-papers">Research Papers</h2>
<!--lint ignore match-punctuation-->
<ul>
<li>2020, Oser et al: <a
href="https://dl.acm.org/doi/abs/10.1145/3414173">SAFER: Development and
Evaluation of an IoT Device Risk Assessment Framework in a Multinational
Organization</a></li>
<li>2019, Agarwal et al: <a
href="https://www.mdpi.com/1424-8220/19/19/4107">Detecting IoT Devices
and How They Put Large Heterogeneous Networks at Security Risk</a></li>
<li>2019, Almakhdhub et al: <a
href="https://nebelwelt.net/publications/files/19DSN.pdf">BenchIoT: A
Security Benchmark for the Internet of Things</a></li>
<li>2019, Alrawi et al: <a
href="https://alrawi.github.io/static/papers/alrawi_sok_sp19.pdf">SoK:
Security Evaluation of Home-Based IoT Deployments</a></li>
<li>2019, Abbasi et al: <a
href="https://ieeexplore.ieee.org/abstract/document/8806725">Challenges
in Designing Exploit Mitigations for Deeply Embedded Systems</a></li>
<li>2019, Song et al: <a
href="https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_04A-1_Song_paper.pdf">PeriScope:
An Effective Probing and Fuzzing Framework for the Hardware-OS
Boundary</a></li>
<li>2018, Muench et al: <a
href="http://www.eurecom.fr/en/publication/5417/download/sec-publi-5417.pdf">What
You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded
Devices</a></li>
<li>2017, OMeara et al: <a
href="https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=509271">Embedded
Device Vulnerability Analysis Case Study Using Trommel</a></li>
<li>2017, Jacob et al: <a
href="https://eprint.iacr.org/2017/625.pdf">How to Break Secure Boot on
FPGA SoCs through Malicious Hardware</a></li>
<li>2017, Costin et al: <a
href="http://s3.eurecom.fr/docs/ifip17_costin.pdf">Towards Automated
Classification of Firmware Images and Identification of Embedded
Devices</a></li>
<li>2016, Kammerstetter et al: <a
href="https://www.thinkmind.org/download.php?articleid=securware_2016_2_10_30082">Embedded
Security Testing with Peripheral Device Caching and Runtime Program
State Approximation</a></li>
<li>2016, Chen et al: <a
href="https://www.dcddcc.com/docs/2016_paper_firmadyne.pdf">Towards
Automated Dynamic Analysis for Linux-based Embedded Firmware</a></li>
<li>2016, Costin et al: <a
href="http://s3.eurecom.fr/docs/asiaccs16_costin.pdf">Automated Dynamic
Firmware Analysis at Scale: A Case Study on Embedded Web
Interfaces</a></li>
<li>2015, Shoshitaishvili et al:<a
href="https://www.ndss-symposium.org/wp-content/uploads/2017/09/11_1_2.pdf">Firmalice
- Automatic Detection of Authentication Bypass Vulnerabilities in Binary
Firmware</a></li>
<li>2015, Papp et al: <a
href="http://www.cse.psu.edu/~pdm12/cse597g-f15/readings/cse597g-embedded_systems.pdf">Embedded
Systems Security: Threats, Vulnerabilities, and Attack Taxonomy</a></li>
<li>2014, Zaddach et al: <a
href="http://www.eurecom.fr/en/publication/4158/download/rs-publi-4158.pdf">Avatar:
A Framework to Support Dynamic Security Analysis of Embedded Systems
Firmwares</a></li>
<li>2014, Alimi et al: <a
href="http://ieeexplore.ieee.org/document/6903734/">Analysis of embedded
applications by evolutionary fuzzing</a></li>
<li>2014, Costin et al: <a
href="http://www.s3.eurecom.fr/docs/usenixsec14_costin.pdf">A
Large-Scale Analysis of the Security of Embedded Firmwares</a></li>
<li>2013, Davidson et al: <a
href="https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_davidson.pdf">FIE
on Firmware: Finding Vulnerabilities in Embedded Systems using Symbolic
Execution</a></li>
</ul>
<h2 id="case-studies">Case Studies</h2>
<!--lint ignore no-repeat-punctuation-->
<ul>
<li><a
href="https://cyber-itl.org/2019/08/26/iot-data-writeup.html">Binary
Hardening in IoT products</a></li>
<li><a
href="http://www.devttys0.com/2014/02/cracking-linksys-crypto/">Cracking
Linksys “Encryption”</a></li>
<li><a href="https://youtu.be/nXyglaY9N9w">Deadly Sins Of
Development</a> - Conference talk presenting several real world examples
on real bad implementations :tv:.</li>
<li><a
href="https://www.iotpentest.com/2019/06/dumping-firmware-from-device-using.html">Dumping
firmware from a devices SPI flash with a buspirate</a></li>
<li><a
href="http://www.devttys0.com/2014/05/hacking-the-dspw215-again/">Hacking
the DSP-W215, Again</a></li>
<li><a href="https://cturt.github.io/ps4.html">Hacking the PS4</a> -
Introduction to PS4s security.</li>
<li><a href="https://doi.org/10.5281/zenodo.1035034">IoT
Security@CERN</a></li>
<li><a
href="https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html">Multiple
vulnerabilities found in the D-link DWR-932B</a></li>
<li><a
href="https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html">Pwning
the Dlink 850L routers and abusing the MyDlink Cloud protocol</a></li>
<li><a
href="https://www.fkie.fraunhofer.de/content/dam/fkie/de/documents/xerox_phaser_6700_white_paper.pdf">PWN
Xerox Printers (…again)</a></li>
<li><a
href="https://www.bored-nerds.com/reversing/radare/automotive/2019/07/07/reversing-firmware-with-radare.html">Reversing
Firmware With Radare</a></li>
<li><a
href="http://jcjc-dev.com/2016/04/08/reversing-huawei-router-1-find-uart/">Reversing
the Huawei HG533</a></li>
</ul>
<h2 id="free-training">Free Training</h2>
<ul>
<li><a href="https://github.com/TrustworthyComputing/csaw_esc_2019">CSAW
Embedded Security Challenge 2019</a> - CSAW 2019 Embedded Security
Challenge (ESC).</li>
<li><a href="https://microcorruption.com">Embedded Security CTF</a> -
Microcorruption: Embedded Security CTF.</li>
<li><a
href="https://github.com/rdomanski/hardware_hacking/tree/master/my_talks/Hardware_Hacking_101">Hardware
Hacking 101</a> - Workshop @ BSides Munich 2019.</li>
<li><a href="https://github.com/scriptingxss/IoTGoat">IoTGoat</a> -
IoTGoat is a deliberately insecure firmware based on OpenWrt.</li>
<li><a href="https://github.com/Riscure/RHme-2015">Rhme-2015</a> - First
riscure Hack me hardware CTF challenge.</li>
<li><a href="https://github.com/Riscure/Rhme-2016">Rhme-2016</a> -
Riscure Hack me 2 is a low level hardware CTF challenge.</li>
<li><a href="https://github.com/Riscure/Rhme-2017">Rhme-2017/2018</a> -
Riscure Hack Me 3 embedded hardware CTF 2017-2018.</li>
</ul>
<h2 id="websites">Websites</h2>
<ul>
<li><a
href="http://hacking-printers.net/wiki/index.php/Main_Page">Hacking
Printers Wiki</a> - All things printer.</li>
<li><a
href="https://owasp.org/www-project-embedded-application-security/">OWASP
Embedded Application Security Project</a> - Development best practices
and list of hardware and software tools.</li>
<li><a href="https://owasp.org/www-project-internet-of-things/">OWASP
Internet of Things Project</a> - IoT common vulnerabilities and attack
surfaces.</li>
<li><a
href="https://192-168-1-1ip.mobi/default-router-passwords-list/">Router
Passwords</a> - Default login credential database sorted by
manufacturer.</li>
<li><a href="https://siliconpr0n.org/">Siliconpr0n</a> - A Wiki/Archive
of all things IC reversing.</li>
</ul>
<h3 id="blogs">Blogs</h3>
<!--lint ignore no-repeat-punctuation-->
<ul>
<li><a href="https://www.rtl-sdr.com/">RTL-SDR</a></li>
<li><a href="http://www.devttys0.com/blog/">/dev/ttyS0s Embedded Device
Hacking</a></li>
<li><a href="https://www.exploitee.rs/">Exploiteers</a></li>
<li><a href="https://hackaday.com">Hackaday</a></li>
<li><a href="https://jcjc-dev.com/">jcjcs Hack The World</a></li>
<li><a href="https://blog.quarkslab.com/">Quarkslab</a></li>
<li><a href="https://wrongbaud.github.io/">wrong baud</a></li>
<li><a href="https://firmwaresecurity.com/">Firmware Security</a></li>
<li><a
href="https://www.pentestpartners.com/internet-of-things/">PenTestPartners</a></li>
<li><a href="https://blog.attify.com/">Attify</a></li>
<li><a href="https://payatu.com/blog">Patayu</a></li>
<li><a
href="https://gracefulsecurity.com/category/hardware/">GracefulSecurity
- Hardware tag</a></li>
<li><a
href="https://www.blackhillsinfosec.com/tag/hardware-hacking/">Black
Hills - Hardware Hacking tag</a></li>
</ul>
<h3 id="tutorials-and-technical-background">Tutorials and Technical
Background</h3>
<ul>
<li><a href="https://azeria-labs.com/">Azeria Lab</a> - Miscellaneous
ARM related Tutorials.</li>
<li><a href="https://blog.senr.io/blog/jtag-explained#">JTAG
Explained</a> - A walkthrough covering UART and JTAG bypassing a
protected login shell.</li>
<li><a
href="http://www.devttys0.com/2012/11/reverse-engineering-serial-ports/">Reverse
Engineering Serial Ports</a> - Detailed tutorial about how to spot debug
pads on a PCB.</li>
<li><a href="https://www.mikroe.com/blog/uart-serial-communication">UART
explained</a> - An in depth explanation of the UART protocol.</li>
</ul>
<h3 id="youtube-channels">YouTube Channels</h3>
<ul>
<li><a href="https://www.youtube.com/c/FlashbackTeam">Flashback Team</a>
- A duo of hackers explaining their step by step approach to finding and
exploiting vulnerabilities in embedded devices.</li>
<li><a href="https://www.youtube.com/c/stacksmashing">StackSmashing</a>
- Reverse engineering and hardware hacking of embedded devices.</li>
</ul>
<h2 id="conferences">Conferences</h2>
<p>Conferences focused on embedded and/or IoT security.</p>
<ul>
<li><a href="https://hardwear.io/">Hardwear.io</a>
<ul>
<li>EU, The Hague, September.</li>
<li>USA, Santa Clara, June.</li>
</ul></li>
</ul>
<h2 id="contribute">Contribute</h2>
<p>Contributions welcome! Read the <a
href="contributing.md">contribution guidelines</a> first.</p>
<h2 id="license">License</h2>
<p><a href="https://creativecommons.org/publicdomain/zero/1.0/"><img
src="https://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg"
alt="CC0" /></a></p>
<p>To the extent possible under law, Fraunhofer FKIE has waived all
copyright and related or neighboring rights to this work.</p>
<p><a
href="https://github.com/fkie-cad/awesome-embedded-and-iot-security">embeddedandiotsecurity.md
Github</a></p>