awesome-awesomeness/html/vehiclesecurity.html

<h1 id="awesome-vehicle-security-awesome">Awesome Vehicle Security <a
href="https://github.com/sindresorhus/awesome"><img
src="https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg"
alt="Awesome" /></a></h1>
<p><em>A curated list of awesome resources, books, hardware, software,
applications, people to follow, and more cool stuff about vehicle
security, car hacking, and tinkering with the functionality of your
car.</em></p>
<p><img src="assets/car_hacking_jeep.gif" /></p>
<hr />
<p>I would love as much help as I can get. <a
href="https://github.com/jaredmichaelsmith/awesome-vehicle-security/blob/master/contributing.md">Start
contributing!</a></p>
<p>Follow me on <a href="https://twitter.com/jaredthecoder">Twitter</a>
for more security goodness.</p>
<hr />
<h1 id="contents">Contents</h1>
<ul>
<li><a href="#related-lists">Related Lists</a></li>
<li><a href="#learn">Learn</a>
<ul>
<li><a href="#articles">Articles</a></li>
<li><a href="#presentations">Presentations</a></li>
<li><a href="#books">Books</a></li>
<li><a href="#research-papers">Research Papers</a></li>
<li><a href="#courses">Courses</a></li>
<li><a href="#blogs">Blogs</a></li>
<li><a href="#websites">Websites</a></li>
<li><a href="#newsletters">Newsletters</a></li>
<li><a href="#conferences">Conferences</a></li>
<li><a href="#who-to-follow">Who to Follow</a></li>
<li><a href="#podcasts-and-episodes">Podcasts and Episodes</a>
<ul>
<li><a href="#podcasts">Podcasts</a></li>
<li><a href="#episodes">Episodes</a></li>
</ul></li>
<li><a href="#miscellaneous">Miscellaneous</a></li>
</ul></li>
<li><a href="#projects">Projects</a></li>
<li><a href="#hardware">Hardware</a></li>
<li><a href="#software">Software</a>
<ul>
<li><a href="#applications">Applications</a></li>
<li><a href="#libraries-and-tools">Libraries and Tools</a>
<ul>
<li><a href="#c">C</a></li>
<li><a href="#java">Java</a></li>
<li><a href="#c++">C++</a></li>
<li><a href="#python">Python</a></li>
<li><a href="#go">Go</a></li>
<li><a href="#javascript">JavaScript</a></li>
</ul></li>
</ul></li>
<li><a href="#companies-and-jobs">Companies and Jobs</a>
<ul>
<li><a href="#coordinated-disclosure">Coordinated Disclosure</a></li>
</ul></li>
<li><a href="#other-awesome-lists">Other Awesome (non-vehicle related)
Lists</a></li>
<li><a href="#contributing">Contributing</a></li>
</ul>
<h1 id="related-lists">Related Lists</h1>
<p>These lists are related to a specific protocol that you will find in
the world of car hacking.</p>
<ul>
<li><a href="https://github.com/iDoka/awesome-canbus">Awesome CAN Bus -
an awesome list just for CAN Bus-related tools (hardware, software,
etc.)</a></li>
<li><a href="https://github.com/iDoka/awesome-linbus">Awesome LIN Bus -
an awesome list just for LIN-Bus related tools (hardware, software,
etc.)</a></li>
</ul>
<h1 id="learn">Learn</h1>
<h2 id="articles">Articles</h2>
<ul>
<li><a
href="https://medium.freecodecamp.org/hacking-cars-a-guide-tutorial-on-how-to-hack-a-car-5eafcfbbb7ec">How
to hack a car — a quick crash-course</a> - Car enthusiast Kenny Kuchera
illustrates just enough information to get you up and running. An
excellent resource for first timers!</li>
<li><a
href="https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/">Stopping
a Jeep Cherokee on the Highway Remotely</a> - Chris Valasek’s and
Charlie Miller’s pivotal research on hacking into Jeep’s presented at
DEFCON in 2015.</li>
<li><a
href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">Troy
Hunt on Controlling Nissans</a> - Troy Hunt goes into controlling Nissan
vehicles.</li>
<li><a
href="http://www.cnet.com/roadshow/news/tesla-hackers-explain-how-they-did-it-at-def-con-23/">Tesla
hackers explain how they did it at Defcon</a> - Overview of DEFCON 23
presentation on hacking into Tesla cars.</li>
<li><a
href="http://makezine.com/2015/08/11/anatomy-of-the-rolljam-wireless-car-hack/">Anatomy
of the Rolljam Wireless Car Hack</a> - Overview of the RollJam rolling
code exploitation device.</li>
<li><a
href="http://blog.ioactive.com/2013/08/car-hacking-content.html">IOActive’s
Tools and Data</a> - Chris Valasek and Charlie Miller release some of
their tools and data for hacking into vehicles in an effort to get more
people into vehicle security research.</li>
<li><a
href="https://www.sans.org/reading-room/whitepapers/ICS/developments-car-hacking-36607">Developments
in Car Hacking</a> - via the SANS Reading Room, Currie’s paper analyses
the risks and perils of smart vehicle technology.</li>
<li><a
href="http://www.ioactive.com/pdfs/IOActive_Car_Hacking_Poories.pdf">Car
Hacking on the Cheap</a> - A whitepaper from Chris Valasek and IOActive
on hacking your car when you don’t have a lot of resources at your
disposal.</li>
<li><a href="http://illmatics.com/carhacking.html">Car Hacking: The
definitive source</a> - Charlie Miller and Chris Valasek publish all
tools, data, research notes, and papers for everyone for free</li>
<li><a
href="https://community.rapid7.com/community/transpo-security/blog/2017/02/08/car-hacking-on-the-cheap">Car
Hacking on the cheap</a> - Craig Smith wrote a brief article on working
with Metasploit’s HWBrige using ELM327 Bluetooth dongle</li>
<li><a
href="https://phys.org/news/2017-05-tackle-autonomous-vehicle.html">Researchers
tackle autonomous vehicle security</a> - Texas A&amp;M researchers
develop intelligence system prototype.</li>
<li><a
href="https://blog.quarkslab.com/reverse-engineering-of-the-nitro-obd2.html">Reverse
engineering of the Nitro OBD2</a> - Reverse engineering of CAN
diagnostic tools.</li>
<li><a
href="https://p1kachu.pluggi.fr/project/automotive/2018/12/28/subaru-ssm1/">Analysis
of an old Subaru Impreza - Subaru Select Monitor v1 (SSM1)</a> - Digging
into an old ECU through an old protocol and disabling a 1997 Subaru
Impreza’s speed limiter.</li>
<li><a
href="https://brysonpayne.com/2018/10/20/start-car-hacking-in-30-minutes-or-less/">Car
Hacking in 30 Minutes or Less</a> - Using VirtualBox and Kali Linux, you
can start car hacking using completely free open-source software and
tools, including can-utils, ICSim, ScanTool, Wireshark, and tcpdump</li>
</ul>
<h2 id="presentations">Presentations</h2>
<ul>
<li><a
href="https://www.blackhat.com/asia-15/briefings.html#hopping-on-the-can-bus">“Hopping
on the CAN Bus” from BlackHat Asia 2015</a> - A talk from BlackHat Asia
2015 that aims to enable the audience to “gain an understanding of
automotive systems, but will also have the tools to attack them”.</li>
<li><a href="https://samy.pl/defcon2015/">“Drive It Like You Hacked It”
from DEFCON 23</a> - A talk and slides from Samy Kamkar’s DEFCON 23/2015
talk that includes hacking garages, exploiting automotive mobile apps,
and breaking rolling codes to unlock any vehicle with low cost
tools.</li>
<li><a
href="https://www.youtube.com/watch?v=3olXUbS-prU&amp;feature=youtu.be">Samy
Kamkar on Hacking Vehicles with OnStar</a> - Samy Kamkar, the prolific
hacker behind the Samy worm on MySpace, explores hacking into vehicles
with OnStar systems.</li>
<li><a href="https://www.youtube.com/watch?v=OobLb1McxnI">Remote
Exploitation of an Unaltered Passenger Vehicle</a> - DEFCON 23 talk
Chris Valasek and Charlie Miller give their now famous talk on hacking
into a Jeep remotely and stopping it dead in its tracks.</li>
<li><a href="https://www.youtube.com/watch?v=n70hIu9lcYo">Adventures in
Automotive Networks and Control Units</a> - DEFCON 21 talk by Chris
Valasek and Charlie Miller on automotive networks.</li>
<li><a href="https://www.youtube.com/watch?v=orWqKWvIW_0">Can You Trust
Autonomous Vehicles?</a> - DEFCON 24 talk by Jianhao Liu, Chen Yan,
Wenyuan Xu</li>
<li><a href="https://www.youtube.com/watch?v=YLBQdO6a5IQ">Ken Munro
&amp; Dave Lodge - Hacking the Mitsubishi Outlander &amp; IOT</a> - talk
from BSides Manchester 2016 by Ken and Dave of <a
href="#who-to-follow">Pen Test Partners</a></li>
<li><a
href="https://www.blackhat.com/docs/us-17/thursday/us-17-Nie-Free-Fall-Hacking-Tesla-From-Wireless-To-CAN-Bus-wp.pdf">FREE-FALL:
HACKING TESLA FROM WIRELESS TO CAN BUS</a> - Zeronights 2016 and later
BlackHat talk by Sen Nie, Ling Liu, and Yuefeng Du from Tencent and KEEN
Security lab</li>
<li><a href="https://www.youtube.com/watch?v=P-mzo2X47sg">Car Hacking
101</a> - Bugcrowd LevelUp 2017 by Alan Mond</li>
<li><a href="https://www.youtube.com/watch?v=g-a20ORka-A">State of
Automotive Cyber Safety, 2015</a> - State of automotive hacking, policy,
industry changes, etc. from I Am The Cavalry track at BSides Las Vegas,
2015.</li>
<li><a href="https://www.youtube.com/watch?v=WcObDVy2-1I">State of
Automotive Cyber Safety, 2016</a> - State of automotive hacking, policy,
industry changes, etc. from I Am The Cavalry track at BSides Las Vegas,
2016.</li>
<li><a href="https://www.youtube.com/watch?v=KX_0c9R4Fng">How to Hack a
Tesla Model S</a> - DEF CON 23 talk by Marc Rogers and Kevin Mahaffey on
hacking a Tesla. Tesla Co-Founder and CTO, JB Straubel, joins them to
thank them and present a challenge coin.</li>
<li><a
href="http://tekeye.uk/automotive/cyber-security/car-hacking-videos">Car
Hacking Videos</a> - A web page with a long list of videos (40+) that
are available online related to the topic of car hacking. From a 2007
DEF CON talk on modding engine ECUS and onwards (e.g. the 2017 Keen
Security Tesla hack).</li>
<li><a href="https://www.youtube.com/watch?v=C29UGFsIWVI">Self-Driving
and Connected Cars: Fooling Sensors and Tracking Drivers</a> - Black Hat
talk by Jonathan Petit. Automated and connected vehicles are the next
evolution in transportation and will improve safety, traffic efficiency
and driving experience. This talk will be divided in two parts: 1)
security of autonomous automated vehicles and 2) privacy of connected
vehicles. 2015</li>
<li><a href="https://www.youtube.com/watch?v=MAGacjNw0Sw">A Survey of
Remote Automotive Attack Surfaces</a> - Black Hat talk By Charlie Miller
and Chris Valasek. Automotive security concerns have gone from the
fringe to the mainstream with security researchers showing the
susceptibility of the modern vehicle to local and remote attacks.
Discussion of vehicle attack surfaces. 2014.</li>
<li><a
href="https://www.blackhat.com/docs/eu-16/materials/eu-16-Sintsov-Pen-Testing-Vehicles-With-Cantoolz.pdf">Pentesting
vehicles with YACHT (Yet Another Car Hacking Tool)</a> -A presentation
that discusses different attack surfaces of a vehicle, then continues to
describe an approach to car hacking along with tools needed to analyse
and gather useful information.</li>
<li><a href="https://www.youtube.com/watch?v=KU7gl1n1tIs">How to drift
with any car</a> - Introduction to CAN hacking, and using a real car as
an Xbox controller.</li>
<li><a href="https://www.youtube.com/watch?v=F0mYkI2FJ_4">Car
Infotainment Hacking Methodology and Attack Surface Scenario</a> - A
guide on how to attack, hunt bugs or hack your IVI by Jay Turla which
was presented at the Packet Hacking Village / Wall of Sheep during DEF
CON 26.</li>
<li><a href="https://www.youtube.com/watch?v=7D7uNqPWrXw">TR19:
Automotive Penetration Testing with Scapy</a> - Overview on how Scapy
can be used for automotive penetration testing at Troopers Conference
2019.</li>
<li><a href="https://www.youtube.com/watch?v=a1huGwMjjd4">Analysis and
Defense of Automotive Networks</a> - Overview of CAN, security, and
potential intrusion detection approaches at BSides Knoxville 2020</li>
<li><a
href="https://www.youtube.com/watch?v=y4Uzm-CTa0I&amp;ab_channel=CarHackingVillage">Remote
Exploitation of Honda Cars</a> - The Honda Connect app used by Honda
City 5th generation used weak security mechanisms in its APIs for access
control which would allow a malicious user to perform actions like
starting the car, locking/unlocking car etc. remotely by interacting
with it’s Telematics Control Unit (TCU)</li>
<li><a href="https://www.youtube.com/watch?v=c_DqxHmH7kc">TR22: UDS
Fuzzing and the Path to Game Over</a> - UDS diagnostics protocol fuzzing
methodology, presented as a result of numerous penetration testing
projects in the automotive industry, with real world exploitation PoCs,
presented during Troopers Conference 2022.</li>
<li><a href="https://www.youtube.com/watch?v=rAA-agcNeeg">CCC - Horror
Stories From the Automotive Industry</a> - Horrifying examples of common
vulnerabilities in the automotive industry, result of more than 100
penetration tests targeting Tier 1 suppliers and OEMs, with ultimate
goal to raise awareness on the current state of automotive security.
Additionally, PoC of automated week seed randomness exploitation in
automotive components, by using a battery isolator in heavy-duty
vehicles and the UDS protocol, for complete compromise of a target.
Presented in Chaos Communication Camp, DeepSec 2023 and Troopers
Conference 23.</li>
<li><a href="https://www.youtube.com/watch?v=JaF-_KYQ46A">Car Hacking
Scene in the PH: How Far We’ve Come</a> - Car Hacking Village PH
presents their first attempt on the main tracks for ROOTCON. This is a
rundown of CHVPH’s past security research to current research - from
hacking infotainment systems to CAN Bus protocols and a summary of cars
available in the Philippines which are susceptible to car thefts.</li>
<li><a href="https://www.youtube.com/watch?v=4d-uhs2VLCQ">Analysis of an
In-vehicular network: From CAN bus to infotainment</a> - This talk will
feature Div0 CSQ’s 3 test benches as they explore more features on
Connected vehicles. This was presented in ROOTCON 17 Car Hacking
Village.</li>
<li><a href="https://www.youtube.com/watch?v=MfTNv9SXd-o">An overview of
Automotive Defensive Engineering</a> - This talk is for car hackers to
learn about modern defense measures being added to ECUs and Vehicle
Architectures. This was presented in ROOTCON 17 Car Hacking
Village.</li>
<li><a href="https://www.youtube.com/watch?v=akMok3Hb-pE">Hacking Back
Your Car</a> - Kamel Ghali’s talk on ROOTCON 17 about how an attacker’s
perspective on hacking a car and origins of such attacks, how they’ve
been used in different countries over the years, and explore the
technical details of what makes such an attack possible.</li>
</ul>
<h2 id="books">Books</h2>
<ul>
<li><a
href="https://www.amazon.com/Car-Hackers-Manual-Craig-Smith/dp/0990490106">2014
Car Hacker’s Handbook</a> - Free guide to hacking vehicles from
2014.</li>
<li><a
href="https://www.amazon.com/Car-Hackers-Handbook-Penetration-Tester/dp/1593277032">2016
Car Hacker’s Handbook</a> - Latest version of the Car Hacker’s handbook
with updated information to hack your own vehicle and learning vehicle
security. For a physical copy as well unlimited PDF, MOBI, and EPUB
copies of the book, buy it at <a
href="https://www.nostarch.com/carhacking">No Starch Press</a>. Sections
are available online <a
href="https://books.google.com/books?id=Ao_QCwAAQBAJ&amp;lpg=PP1&amp;dq=car%20hacking&amp;pg=PP1#v=onepage&amp;q&amp;f=false">here</a>.</li>
<li><a
href="https://www.amazon.com/Comprehensible-Guide-Controller-Area-Network/dp/0976511606/ref=pd_sim_14_1?ie=UTF8&amp;dpID=41-D9UhlE9L&amp;dpSrc=sims&amp;preST=_AC_UL160_SR124%2C160_&amp;psc=1&amp;refRID=3FH8N10610H0RX8SMB6K">A
Comprehensible Guide to Controller Area Network</a> - An older book from
2005, but still a comprehensive guide on CAN buses and networking in
vehicles.</li>
<li><a
href="https://www.amazon.cn/dp/B075QZXY7W">智能汽车安全攻防大揭秘</a>This
book first introduced some basic knowledge of security for automotive
R&amp;D personnel, such as encryption and decryption, security
authentication, digital signatures, common attack types, and methods.
Then it introduced the working principles of some smart cars for
security researchers, such as the automotive intranet. Protocol, network
architecture, principle of X-By-Wire remote control system, common
potential attack surface, etc. Finally, a detailed analysis of some
actual automotive attack or security test cases, and defense analysis of
the loopholes involved in the case during the analysis process.</li>
<li><a
href="https://www.amazon.com/Controller-Area-Network-Prototyping-Arduino/dp/1938581164/ref=pd_sim_14_2?ie=UTF8&amp;dpID=51J27ZEcl9L&amp;dpSrc=sims&amp;preST=_AC_UL160_SR123%2C160_&amp;psc=1&amp;refRID=V42FKNW09QGVGHW7ZFRR">Controller
Area Network Prototyping with Arduino</a> - This book guides you through
prototyping CAN applications on Arduinos, which can help when working
with CAN on your own car.</li>
<li><a
href="https://www.amazon.com/Embedded-Networking-CANopen-Olaf-Pfeiffer/dp/0929392787/ref=pd_sim_14_37?ie=UTF8&amp;dpID=41UnLKYFpmL&amp;dpSrc=sims&amp;preST=_AC_UL160_SR122%2C160_&amp;psc=1&amp;refRID=V42FKNW09QGVGHW7ZFRR">Embedded
Networking with CAN and CANopen</a> - From 2003, this book fills in gaps
in CAN literature and will educate you further on CAN networks and
working with embedded systems.</li>
<li><a
href="https://www.amazon.com/Inside-Radio-Attack-Defense-Guide/dp/9811084467">Inside
Radio: An Attack and Defense Guide</a>This book discusses the security
issues in a wide range of wireless devices and systems,Chapter 4
433/315MHz Communication (4.3　4.4 4.5 is about car keys Security)</li>
</ul>
<h2 id="research-papers">Research Papers</h2>
<ul>
<li><a href="http://www.autosec.org/pubs/cars-oakland2010.pdf">Koscher
et al. Experimental Security Analysis of a Modern Automobile,
2010</a></li>
<li><a
href="http://static.usenix.org/events/sec11/tech/full_papers/Checkoway.pdf">Comprehensive
Experimental Analyses of Automotive Attack Surfaces, 2011</a></li>
<li><a href="http://illmatics.com/carhacking.html">Miller and
Valasek</a> - Self proclaimed “car hacking the definitive source”.
<ul>
<li><a href="http://illmatics.com/car_hacking.pdf">Adventures in
Automotive Networks and Control Units (aka car hacking)</a></li>
<li><a href="http://illmatics.com/car_hacking_poories.pdf">Car Hacking
for Poories</a></li>
<li><a href="http://illmatics.com/remote%20attack%20surfaces.pdf">A
Survey of Remote Automotive Attack Surfaces, 2014</a></li>
<li><a href="http://illmatics.com/Remote%20Car%20Hacking.pdf">Remote
Compromise of an Unaltered Passenger Vehicle (aka The Jeep Hack),
2015</a></li>
<li><a
href="http://illmatics.com/can%20message%20injection.pdf">Advanced CAN
Message Injection, 2016</a></li>
</ul></li>
<li><a href="https://iamthecavalry.org/5star">5-Star Automotive Cyber
Safety Framework, 2015</a></li>
<li><a
href="https://documents.trendmicro.com/assets/A-Vulnerability-in-Modern-Automotive-Standards-and-How-We-Exploited-It.pdf">A
Vulnerability in Modern Automotive Standards and How We Exploited
It</a></li>
<li><a href="http://ieeexplore.ieee.org/abstract/document/7413993/">A
Car Hacking Experiment: When Connectivity Meets Vulnerability</a></li>
<li><a
href="http://ieeexplore.ieee.org/abstract/document/7223297/">Security
issues and vulnerabilities in connected car systems</a></li>
<li><a href="http://www.autosec.org/pubs/fingerprint.pdf">Automobile
Driver Fingerprinting, 2016</a></li>
<li><a href="https://ieeexplore.ieee.org/document/7427089">Intrusion
detection system based on the analysis of time intervals of CAN messages
for in-vehicle network, 2016</a></li>
<li><a href="https://dl.acm.org/citation.cfm?id=3064816">Modeling
Inter-Signal Arrival Times for Accurate Detection of CAN Bus Signal
Injection Attacks</a></li>
<li><a
href="https://www.computest.nl/documents/9/The_Connected_Car._Research_Rapport_Computest_april_2018.pdf">The
Connected Car - Ways to get unauthorized access and potential
implications, 2018</a></li>
<li><a href="https://arxiv.org/pdf/2006.05993.pdf">CAN-D: A Modular
Four-Step Pipeline for Comprehensively Decoding Controller Area Network
Data</a></li>
<li><a href="https://arxiv.org/pdf/2101.05781.pdf">Time-Based CAN
Intrusion Detection Benchmark</a></li>
<li><a href="https://arxiv.org/pdf/2012.14600.pdf">Addressing the Lack
of Comparability &amp; Testing in CAN Intrusion Detection Research: A
Comprehensive Guide to CAN IDS Data &amp; Introduction of the ROAD
Dataset</a></li>
</ul>
<h2 id="courses">Courses</h2>
<ul>
<li><a href="https://github.com/udacity/self-driving-car">Udacity’s Self
Driving Car Engineer Course</a> - The content for Udacity’s self driving
car software engineer course. The actual course on Udacity’s website is
<a
href="https://www.udacity.com/course/self-driving-car-engineer-nanodegree--nd013">here</a>.</li>
</ul>
<h2 id="blogs">Blogs</h2>
<ul>
<li><a href="http://keenlab.tencent.com/en/">Keen Security Lab Blog</a>
- Blog created by Keen Security Lab of Tencent that posts research on
car security.</li>
</ul>
<h2 id="websites">Websites</h2>
<ul>
<li><a href="https://asrg.io/knowledge/">Automotive Security Research
Group</a> - The Automotive Security Research Group (ASRG) is a
non-profit initiative to promote the development of security solutions
for automotive products.</li>
<li><a href="https://github.com/opengarages">OpenGarages</a> - Provides
public access, documentation and tools necessary to understand today’s
modern vehicle systems.</li>
<li><a href="http://www.carhackingvillage.com/">DEFCON Car Hacking
Village</a> - Car Hacking exercises from DEFCON 24.</li>
<li><a href="http://www.canbushack.com/blog/index.php">canbushack: Hack
Your Car</a> - course on Vehicle Hacking methodology.</li>
<li><a
href="https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project#tab=Community">OWASP
Internet of Things Project</a> - OWASP’s project to secure IoT, from
cars to medical devices and beyond.</li>
<li><a href="https://www.iamthecavalry.org/">I Am The Cavalry</a> -
Global grassroots (eg. volunteer) initiative focused on the intersection
of security and human life/public safety issues, such as cars.
Participation from security researchers, OEMs, Tier 1s, and many others.
Published <a href="https://iamthecavalry.org/5star">Automotive 5-Star
Cyber Safety Framework</a>.</li>
<li><a href="https://community.carloop.io/">Carloop Community</a> -
Community of people interested in car hacking and connecting vehicles to
the cloud.</li>
<li><a href="http://www.pythoncarsecurity.com/">Python Security</a> - A
website for browsing and buying python-integrated cars having certain
vehicular security features.</li>
<li><a href="https://csrc.nist.gov/Projects/auto-cybersecurity-coi">NIST
Automotive Cybersecurity Community of Interest</a> - NIST, the
organization behind the NVD CVE database and modern cryptographic
standards, runs a Community of Interest group for Automotive
Cybersecurity that seeks to “provide a way for NIST to facilitate the
discussions and receive comments and feedback from the automotive
industry, academia, and government.”.</li>
</ul>
<h2 id="newsletters">Newsletters</h2>
<p><a
href="https://github.com/jaredmichaelsmith/awesome-vehicle-security/blob/master/contributing.md">Welcoming
contributions</a>!</p>
<h2 id="conferences">Conferences</h2>
<ul>
<li><a href="http://www.automotivecybersecurity.com/">U.S. Automotve
Cyber Security Summit</a> <a
href="https://automotive-cyber-security.iqpc.de/">European Automotive
Cyber Security Summit</a> - Conference series dedicated to automotive
cyber security involving many OEMs, Tier 1s, academics, consultants,
etc.</li>
<li><a href="https://www.escar.info/">escar conference</a> - Embedded
security in cars. European event has run for over 10 years, and they now
have US and Asia events.</li>
<li><a
href="https://www.vdi-wissensforum.de/en/event/it-security-for-vehicles/">IT
Security for Vehicles</a> - Conference run by the Association of German
Engineers (VDI), with participation from US and European OEMs, Tier 1s,
and others.</li>
<li><a href="https://www.cybertruckchallenge.org/">Cyber Truck
Challenge</a> - Conference that focuses on heavy vehicle cybersecurity
issues. Includes hands-on assessments of heavy vehicles and
subsystems.</li>
</ul>
<h2 id="who-to-follow">Who to Follow</h2>
<ul>
<li>Chris Valasek: Security Lead at <a
href="#companies-and-jobs">UberATC</a>
<ul>
<li><a href="https://twitter.com/nudehaberdasher">Twitter</a></li>
<li><a href="http://chris.illmatics.com/about.html">Website</a></li>
</ul></li>
<li>Charlie Miller: Hacked the first Apple iPhone, now does car
security.
<ul>
<li><a href="https://twitter.com/0xcharlie">Twitter</a></li>
</ul></li>
<li>Samy Kamkar: Created MySpace Worm, RollJam, OwnStar.
<ul>
<li><a href="https://twitter.com/samykamkar">Twitter</a></li>
<li><a href="https://samy.pl">Website</a></li>
</ul></li>
<li>Justin Seitz: Author of Black Hat Python (No Starch Press).
<ul>
<li><a href="https://twitter.com/jms_dot_py">Twitter</a></li>
</ul></li>
<li>Troy Hunt: Pluralsight author. Microsoft Regional Director and MVP
for Developer Security. Creator of <a
href="https://haveibeenpwned.com/">haveibeenpwned</a>.
<ul>
<li><a href="https://twitter.com/troyhunt">Twitter</a></li>
<li><a href="https://www.troyhunt.com/">Website</a></li>
</ul></li>
<li>Ken Munro: British researcher, works at Pen Test Partners; major
interest in vehicle security
<ul>
<li><a href="https://twitter.com/TheKenMunroShow">Twitter</a></li>
</ul></li>
<li>OpenGarages: Initiative to created Vehicle Research Labs around the
world.
<ul>
<li><a href="https://twitter.com/opengarages">Twitter</a></li>
<li><a
href="http://opengarages.org/index.php/Main_Page">Website</a></li>
</ul></li>
<li>Hackaday: Collaborative project hosting for hackers - there are
frequently car projects on here.
<ul>
<li><a href="https://twitter.com/hackaday">Twitter</a></li>
</ul></li>
<li>Pen Test Partners: British penetration testing firm; several posts
concern their disclosed car security vulns
<ul>
<li><a href="https://twitter.com/pentestpartners">Twitter</a></li>
<li><a href="https://www.pentestpartners.com/blog">Website</a></li>
</ul></li>
<li>I Am The Cavalry: Global grassroots (eg. volunteer) initiative
focused on the intersection of security and human life/public safety
issues, such as cars.
<ul>
<li><a href="https://twitter.com/iamthecavalry">Twitter</a></li>
<li><a href="https://iamthecavalry.org">Website</a></li>
<li><a
href="https://groups.google.com/forum/#!forum/iamthecavalry">Discussion
Group</a></li>
</ul></li>
<li>Car Hacking Village
<ul>
<li><a href="https://twitter.com/CarHackVillage">Twitter</a></li>
<li><a href="https://www.carhackingvillage.com/">Website</a></li>
</ul></li>
<li>carfucar: Founder of Car Hacking Village and Speaker or Trainer
<ul>
<li><a href="https://twitter.com/CarHackVillage">Twitter</a></li>
</ul></li>
<li>Ian Tabor / mintynet: Car Hacker, Car Hacking Village staff
<ul>
<li><a href="https://twitter.com/mintynet">Twitter</a></li>
<li><a href="https://www.mintynet.com/">Website</a><br />
</li>
</ul></li>
<li>Daniel Öster: Dala’s EV Repair, electric vehicle CAN
hacking/upgrading
<ul>
<li><a
href="https://www.youtube.com/channel/UCc3g-KhOBoicgOrB4KkMeew">Youtube</a></li>
<li><a href="https://dalasevrepair.fi/">Website</a></li>
</ul></li>
</ul>
<h2 id="podcasts-and-episodes">Podcasts and Episodes</h2>
<p>Podcasts and podcast episodes, that either directly focus on vehicle
security or have some episodes on it.</p>
<h3 id="podcasts">Podcasts</h3>
<ul>
<li><a href="http://securityweekly.com/">Security Weekly</a> - Excellent
podcast covering all ranges of security, with some episodes focusing
portions on vehicle security from cars to drones.</li>
<li><a
href="https://podcasts.apple.com/us/podcast/security-noise/id1428851782">TrustedSec
Podcast</a> - From the people at TrustedSec, leaders in Social
Engineering, their episodes often go into recent vehicle vulnerabilities
and exploits.</li>
<li><a href="https://isc.sans.edu/">SANS Internet Storm Center</a> - the
ISC run a regular podcast going into the latest vulnerabilities and
security news.</li>
<li><a href="https://soundcloud.com/securityledger">Security Ledger</a>
- A podcast focusing on interviewing security experts about topics
related to security.</li>
</ul>
<h3 id="episodes">Episodes</h3>
<ul>
<li><a
href="http://softwareengineeringdaily.com/2015/09/02/car-hacking-with-craig-smith/">Car
Hacking with Craig Smith</a> - Software Engineering Daily did an amazing
episode with Craig Smith, author of the Car Hacking Handbook (above), on
hacking into vehicles.</li>
<li><a href="https://blog.bugcrowd.com/big-bugs-podcast-episode-1">Big
Bugs Podcast Episode 1: Auto Bugs - Critical Vulns found in Cars with
Jason Haddix</a> - Jason Haddix explores major vulnerabilities found in
cars.</li>
<li><a
href="http://www.npr.org/2013/08/02/208270026/hacking-under-the-hood-and-into-your-car">Hacking
Under the Hood and Into Your Car</a> - Chris Valasek and Charlie Miller
discuss with NPR how they were able to hack into vehicles.</li>
<li><a
href="https://soundcloud.com/securityledger/chris-valasek-of-ioactive">Hacking
Connected Vehicles with Chris Valasek of IOActive</a> - Chris Valasek
talks about hacking into connected vehicles.</li>
</ul>
<h2 id="miscellaneous">Miscellaneous</h2>
<ul>
<li><a
href="https://github.com/ps1337/automotive-security-research">Reverse
Engineering Resources</a></li>
<li><a href="https://0xsam.com/road/">Real ORNL Automotive Dynamometer
(ROAD) CAN Intrusion Dataset</a></li>
<li><a href="https://www.youtube.com/shorts/80A5IhvwsJU">CAN DoS Fuzzing
Attack Video</a></li>
<li><a href="https://www.youtube.com/watch?v=HPpGzwWQY5Y">ECU Reflashing
Detector Demo</a></li>
</ul>
<h1 id="projects">Projects</h1>
<ul>
<li><a
href="https://github.com/openvehicles/Open-Vehicle-Monitoring-System">Open
Vehicle Monitoring System</a> - A community project building a hardware
module for your car, a server to talk to it, and a mobile app to talk to
the server, in order to allow developers and enthusiasts to add more
functionality to their car and control it remotely.</li>
<li><a href="https://github.com/PolySync/OSCC">Open Source Car Control
Project</a> - The Open Source Car Control Project is a hardware and
software project detailing the conversion of a late model vehicle into
an autonomous driving research and development vehicle.</li>
<li><a href="https://uptane.github.io/overview.html">Uptane</a> - Uptane
is an open and secure software update system design protecting software
delivered over-the-air to the computerized units of automobiles and is
designed to be resilient even to the best efforts of nation state
attackers.</li>
</ul>
<h1 id="hardware">Hardware</h1>
<p>Overview of hardware, both open source and proprietary, that you can
use when conducting vehicle security research. <a
href="http://makezine.com/2016/04/08/car-hacking-tools-trade/">This
article</a> goes through many of the options below.</p>
<ul>
<li><a href="https://www.arduino.cc/">Arduino</a> - Arduino boards have
a number of shields you can attach to connect to CAN-enabled devices.
<ul>
<li><a
href="https://github.com/watterott/CANdiy-Shield">CANdiy-Shield</a></li>
<li><a
href="http://www.dfrobot.com/index.php?route=product/product&amp;product_id=1444">DFRobot
CAN-BUS Shield For Arduino</a></li>
<li><a href="https://www.sparkfun.com/products/13262">SparkFun CAN-BUS
Shield</a></li>
<li><a
href="https://github.com/latonita/arduino-canbus-monitor">arduino-canbus-monitor</a>
- No matter which shield is selected you will need your own sniffer.
This is implementation of standard Lawicel/SLCAN protocol for Arduino +
any MCP CAN Shield to use with many standard CAN bus analysis software
packages or SocketCAN</li>
</ul></li>
<li><a href="https://cantact.io/cantact/users-guide.html">CANtact</a> -
“The Open Source Car Tool” designed to help you hack your car. You can
buy one or make your own following the guide here.</li>
<li><a
href="http://freematics.com/pages/products/arduino-telematics-kit-3/">Freematics
OBD-II Telematics Kit</a> - Arduino-based OBD-II Bluetooth adapter kit
has both an OBD-II device and a data logger, and it comes with GPS, an
accelerometer and gyro, and temperature sensors.</li>
<li><a href="https://www.elmelectronics.com/obdic.html">ELM327</a> - The
de facto chipset that’s very cheap and can be used to connect to CAN
devices.</li>
<li><a
href="http://goodfet.sourceforge.net/hardware/goodthopter12/">GoodThopter12</a>
- Crafted by a well-known hardware hacker, this board is a general board
that can be used for exploration of automotive networks.</li>
<li><a href="http://www.8devices.com/products/usb2can/">USB2CAN</a> -
Cheap USB to CAN connector that will register a device on linux that you
can use to get data from a CAN network.</li>
<li><a href="http://store.intrepidcs.com/">Intrepid Tools</a> -
Expensive, but extremely versatile tools specifically designed for
reversing CAN and other vehicle communication protocols.</li>
<li><a href="http://redpitaya.com/">Red Pitaya</a> - Replaces expensive
measurement tools such as oscilloscopes, signal generators, and spectrum
analyzers. Red Pitaya has LabView and Matlab interfaces, and you can
write your own tools and applications for it. It even supports
extensions for things like Arduino shields.</li>
<li><a href="http://newae.com/tools/chipwhisperer/">ChipWhisperer</a> -
A system for side-channel attacks, such as power analysis and clock
glitching.</li>
<li><a href="https://greatscottgadgets.com/hackrf/">HackerSDR</a> - A
Software Defined Radio peripheral capable of transmission or reception
of radio signals from 1 MHz to 6 GHz. Designed to enable test and
development of modern and next generation radio technologies.</li>
<li><a href="https://www.carloop.io/">Carloop</a> - Open source
development kit that makes it easy to connect your car to the Internet.
Lowest cost car hacking tool that is compatible with SocketCAN and
can-utils. No OBD-II to serial cable required.</li>
<li><a href="https://gutenshit.github.io/CANBadger/">CANBadger</a> - A
tool for reverse-engineering and testing automotive systems. The
CANBadger consists of both hardware and software. The main interface is
a LPC1768/LPC1769 processor mounted on a custom PCB, which offers two
CAN interfaces, SD Card, a blinky LED, some GPIO pins, power supply for
peripherals and the ethernet port.</li>
<li><a href="https://bitbucket.org/jcdemay/canspy">CANSPY</a> - A
platform giving security auditors to audit CAN devices. It can be used
to block, forward or modify CAN frames on the fly autonomously as well
as interactively.</li>
<li><a href="https://canb.us/">CANBus Triple</a> - General purpose
Controller Area Network swiss army knife and development platform.</li>
<li><a href="http://www.fischl.de/usbtin/">USBtin</a> - USBtin is a
simple USB to CAN interface. It can monitor CAN busses and transmit CAN
messages. USBtin implements the USB CDC class and creates a virtual
comport on the host computer.</li>
<li><a href="http://openxcplatform.com/hardware.html">OpenXC</a> -
OpenXC is a combination of open source hardware and software that lets
you extend your vehicle with custom applications and pluggable modules.
It uses standard, well-known tools to open up a wealth of data from the
vehicle to developers. Started by researchers at Ford, it works for all
2002 and newer MY vehicles (standard OBD-II interface). Researchers at
Ford Motor Company joined up to create a standard way of creating
aftermarket software and hardware for vehicles.</li>
<li><a href="https://www.macchina.cc/m2-introduction">Macchina M2</a> -
Macchina 2.0 is a complete overhaul of our 1.X generation of Macchina.
The goals are still the same: Create an easy-to-use, fully-open, and
super-compatible automotive interface.</li>
<li><a href="https://pandwarf.com/">PandwaRF</a> - PandwaRF is a
pocket-sized, portable RF analysis tool operating the sub-1 GHz range.
It allows the capture, analysis and re-transmission of RF via an Android
device or a Linux PC. Capture any data in ASK/OOK/MSK/2-FSK/GFSK
modulation from the 300-928 MHz band.</li>
<li><a
href="https://www.tindie.com/products/muxsan/can-mitm-bridge-3-port-rev-25/">CAN
MITM Bridge by MUXSCAN</a> - a tool to MITM CAN messages, allowing easy
interaction with your car.</li>
</ul>
<h1 id="software">Software</h1>
<p>Overview of software, both open source and proprietary, as well as
libraries from various programming languages. <a
href="http://makezine.com/2016/04/08/car-hacking-tools-trade/">This
article</a> goes through many of the options below.</p>
<h2 id="applications">Applications</h2>
<p>Software applications that will help you hack your car, investigate
it’s signals, and general tinkering with it.</p>
<ul>
<li><a href="https://www.wireshark.org/">Wireshark</a> - WireShark can
be used for reversing CAN communications.</li>
<li><a href="http://kayak.2codeornot2code.org/">Kayak</a> - Java
application for CAN bus diagnosis and monitoring.</li>
<li><a href="https://github.com/zombieCraig/UDSim/">UDSim</a> - GUI tool
that can monitor a CAN bus and automatically learn the devices attached
to it by watching communications.</li>
<li><a href="http://www.romraider.com/">RomRaider</a> - An open source
tuning suite for the Subaru engine control unit that lets you view and
log data and tune the ECU.</li>
<li><a href="http://store.intrepidcs.com/">Intrepid Tools</a> -
Expensive, but extremely versatile tools specifically designed for
reversing CAN and other vehicle communication protocols.</li>
<li><a
href="http://web.archive.org/web/20201108091723/https://www.vanheusden.com/O2OO/">O2OO</a>
- Works with the ELM327 to record data to a SQLite database for graphing
purposes. It also supports reading GPS data. You can connect this to
your car and have it map out using Google Maps KML data where you
drive.</li>
<li><a href="https://github.com/eik00d/CANToolz">CANToolz</a> - CANToolz
is a framework for analysing CAN networks and devices. It is based on
several modules which can be assembled in a pipeline.</li>
<li><a href="https://rbei-etas.github.io/busmaster/">BUSMASTER</a> -An
Open Source tool to simulate, analyze and test data bus systems such as
CAN, LIN, FlexRay.</li>
<li><a
href="http://openxcplatform.com/getting-started/index.html">OpenXC</a> -
Currently, OpenXC works with <code>Python</code> and
<code>Android</code>, with libraries provided to get started.</li>
<li><a href="https://github.com/commaai/openpilot">openpilot</a> -
openpilot is an open source driving agent that performs the functions of
Adaptive Cruise Control (ACC) and Lane Keeping Assist System (LKAS) for
Hondas and Acuras.</li>
<li><a href="https://github.com/openalpr/openalpr">openalpr</a> - An
open source Automatic License Plate Recognition library written in C++
with bindings in C#, Java, Node.js, Go, and Python.</li>
<li><a
href="https://community.rapid7.com/community/transpo-security/blog/2017/02/02/exiting-the-matrix">metasploit</a>
- The popular metasploit framework now supports Hardware Bridge
sessions, that extend the framework’s capabilites onto hardware devices
such as socketcan and SDR radios.</li>
<li><a href="https://mazdatweaks.com/">Mazda AIO Tweaks</a> - All-in-one
installer/uninstaller for many available Mazda MZD Infotainment System
tweaks.</li>
<li><a
href="https://github.com/shipcod3/mazda_getInfo">mazda_getInfo</a> - A
PoC that the USB port is an attack surface for a Mazda car’s
infotainment system and how Mazda hacks are made (known bug in the
CMU).</li>
<li><a
href="https://github.com/P1kachu/talking-with-cars">talking-with-cars</a>
- CAN related scripts, and scripts to use a car as a gamepad</li>
<li><a href="https://github.com/schutzwerk/CANalyzat0r">CANalyzat0r</a>
- A security analysis toolkit for proprietary car protocols.</li>
</ul>
<h2 id="libraries-and-tools">Libraries and Tools</h2>
<p>Libraries and tools that don’t fall under the larger class of
applications above.</p>
<p><a
href="https://github.com/flyandi/mazda-custom-application-sdk">Custom
Applications SDK for Mazda Connect Infotainment System</a> - A micro
framework that allows you to write and deploy custom applications for
the Mazda Infotainment System.</p>
<h3 id="c">C</h3>
<ul>
<li><a href="https://github.com/linux-can/can-utils">SocketCAN Utils</a>
- Userspace utilites for SocketCAN on Linux.</li>
<li><a href="https://github.com/dn5/vircar">vircar</a> - a Virtual car
userspace that sends CAN messages based on SocketCAN</li>
<li><a href="https://github.com/howerj/dbcc">dbcc</a> - “dbcc is a
program for converting a DBC file primarily into into C code that can
serialize and deserialize CAN messages.” With existing DBC files from a
vehicle, this file allows you to convert them to C code that extracts
the CAN messages and properties of the CAN environment.</li>
</ul>
<h3 id="c-1">C++</h3>
<ul>
<li><a href="https://github.com/iotbzh/high-level-viwi-service">High
Level ViWi Service</a> - High level Volkswagen CAN signaling protocol
implementation.</li>
<li><a href="https://github.com/atlas0fd00m/CanCat">CanCat</a> - A
“swiss-army knife” for interacting with live CAN data. Primary API
interface in Python, but written in C++.</li>
<li><a href="https://github.com/GENIVI/CANdevStudio">CANdevStudio</a> -
Development tool for CAN bus simulation. CANdevStudio enables to
simulate CAN signals such as ignition status, doors status or reverse
gear by every automotive developer.</li>
</ul>
<h3 id="java">Java</h3>
<ul>
<li><a href="https://github.com/alexvoronov/geonetworking">ITS
Geonetworking</a> - ETSI ITS G5 GeoNetworking stack, in Java: CAM-DENM /
ASN.1 PER / BTP / GeoNetworking</li>
</ul>
<h3 id="python">Python</h3>
<ul>
<li><a href="https://github.com/ericevenchick/canard">CANard</a> - A
Python framework for Controller Area Network applications.</li>
<li><a href="https://github.com/CaringCaribou/caringcaribou/">Caring
Caribou</a> - Intended to be the <em>nmap of vehicle security</em>.</li>
<li><a href="https://github.com/zombieCraig/c0f/">c0f</a> - A
fingerprinting tool for CAN communications that can be used to find a
specific signal on a CAN network when testing interactions with a
vehicle.</li>
<li><a href="https://github.com/hardbyte/python-can">Python-CAN</a> -
Python interface to various CAN implementations, including SocketCAN.
Allows you to use Python 2.7.x or 3.3.x+ to communicate over CAN
networks.</li>
<li><a href="https://github.com/brendan-w/python-OBD">Python-OBD</a> - A
Python module for handling realtime sensor data from OBD-II vehicle
ports. Works with ELM327 OBD-II adapters, and is fit for the Raspberry
Pi.</li>
<li><a href="https://github.com/atlas0fd00m/CanCat">CanCat</a> - A
“swiss-army knife” for interacting with live CAN data. Primary API
interface in Python, but written in C++.</li>
<li><a href="https://github.com/secdev/scapy">Scapy</a> - A python
library to send, receive, edit raw packets. Supports CAN and automotive
protocols: see the <a
href="https://scapy.readthedocs.io/en/latest/layers/automotive.html">automotive
doc</a></li>
<li><a href="https://github.com/tbruno25/canopy">CanoPy</a> - A python
gui used to visualize and plot message payloads in real time.</li>
<li><a href="https://github.com/shipcod3/canTot">canTot</a> - A
python-based cli framework based on sploitkit and is easy to use because
it similar to working with Metasploit. This similar to an exploit
framework but focused on known CAN Bus vulnerabilities or fun CAN Bus
hacks.</li>
<li><a
href="https://python-can.readthedocs.io/en/master/interfaces/socketcan.html">SocketCAN</a>
Python interface to SocketCAN</li>
<li><a href="https://github.com/ebroecker/canmatrix">canmatrix</a>
Python module to work with CAN matrix files</li>
<li><a href="https://canopen.readthedocs.io/en/latest/">canopen</a>
Python module to communicate with CANopen devices</li>
<li><a href="https://github.com/eerimoq/cantools">cantools</a> Python
module to decode and encode CAN messages using a DBC file</li>
<li><a href="https://github.com/Cr0wTom/caringcaribounext">Caring
Caribou Next</a> - Upgraded and optimized version of the original Caring
Caribou project.</li>
</ul>
<h3 id="go">Go</h3>
<ul>
<li><a href="https://github.com/Hive13/CANiBUS/">CANNiBUS</a> - A Go
server that allows a room full of researchers to simultaneously work on
the same vehicle, whether for instructional purposes or team reversing
sessions.</li>
<li><a href="https://github.com/carloop/simulator-program">CAN
Simulator</a> - A Go based CAN simulator for the Raspberry Pi to be used
with PiCAN2 or the open source <a
href="https://github.com/carloop/simulator">CAN Simulator board</a></li>
</ul>
<h3 id="javascript">JavaScript</h3>
<ul>
<li><a href="https://github.com/sebi2k1/node-can">NodeJS extension to
SocketCAN</a> - Allows you to communicate over CAN networks with simple
JavaScript functions.</li>
</ul>
<h1 id="companies-and-jobs">Companies and Jobs</h1>
<p>Companies and job opportunities in the vehicle security field.</p>
<ul>
<li><a href="https://www.uber.com/us/en/autonomous/">UberATC</a> - Uber
Advanced Technologies Center, now Uber AV - <a
href="mailto:info@uberatc.com" class="email">info@uberatc.com</a>.</li>
<li><a
href="https://www.tesla.com/careers/search#/filter/?keyword=security&amp;department=1">Tesla</a>
- Tesla hires security professionals for a variety of roles,
particularly securing their vehicles.</li>
<li><a href="https://www.intrepidcs.com/jobs/">Intrepid Control
Systems</a> - Embedded security company building tools for reversing
vehicles.</li>
<li><a href="https://www.rapid7.com/company/careers.jsp">Rapid7</a> -
Rapid7 does work in information, computer, and embedded security.</li>
<li><a href="http://www.ioactive.com/">IOActive</a> - Security
consulting firm that does work on pentesting hardware and embedded
systems.</li>
<li><a href="https://cohdawireless.com/">Cohda Wireless</a> - V2X DSRC
Radio and Software</li>
<li><a href="https://www.vicone.com/">VicOne</a> - A subsidiary of Trend
Micro which focuses on automotive security</li>
</ul>
<h2 id="coordinated-disclosure">Coordinated disclosure</h2>
<ul>
<li><a href="https://hackerone.com/gm">General Motors</a> on HackerOne -
Coordinated disclosure submissions accepted</li>
<li><a href="https://bugcrowd.com/stellantis">Stellantis</a> on Bugcrowd
- Coordinated disclosure submissions accepted, paid bounties
offered</li>
<li><a href="https://bugcrowd.com/tesla">Tesla Motors</a> on Bugcrowd -
Coordinated disclosure submissions accepted, paid bounties offered</li>
<li><a href="https://asrg.io/disclosure/">ASRG</a> - The ASRG Disclosure
Process is to support responsible disclosure when direct communication
with the responsible company is unavailable or not responsive.</li>
<li><a href="https://security.zeekrlife.com/vulnerability">Zeekr</a> -
Zeekr and Geely Responsible disclosure program</li>
</ul>
<h1 id="other-awesome-lists">Other Awesome Lists</h1>
<p>List of lists.</p>
<ul>
<li>Security
<ul>
<li><a href="https://github.com/paragonie/awesome-appsec">Application
Security</a></li>
<li><a
href="https://github.com/sbilly/awesome-security">Security</a></li>
<li><a href="https://github.com/apsdehal/awesome-ctf">Capture the
Flag</a></li>
<li><a href="https://github.com/rshipp/awesome-malware-analysis">Malware
Analysis</a></li>
<li><a
href="https://github.com/ashishb/android-security-awesome">Android
Security</a></li>
<li><a
href="https://github.com/carpedm20/awesome-hacking">Hacking</a></li>
<li><a
href="https://github.com/paralax/awesome-honeypots">Honeypots</a></li>
<li><a
href="https://github.com/meirwah/awesome-incident-response">Incident
Response</a></li>
</ul></li>
<li>Meta
<ul>
<li><a href="https://github.com/sindresorhus/awesome">awesome</a></li>
<li><a href="https://github.com/jnv/lists">lists</a></li>
</ul></li>
</ul>
<h1 id="contributing">Contributing</h1>
<p>Your contributions are always welcome! Please take a look at the <a
href="https://github.com/jaredmichaelsmith/awesome-vehicle-security/blob/master/contributing.md">contribution
guidelines</a> first.</p>