IoT Penetesting 101 && IoT security 101

Approach Methodology

1. Network
2. Web (Front & Backend and Web services)
3. Mobile App(Android & iOS)
4. Wireless Connectivity
5. Firmware Pentesting(Hardware or IoT device OS)
6. Hardware Level Approach

Contents

Books

• Android Hacker's Handbook
• Hacking the Xbox
• Car hacker's handbook
• IoT Penetration Testing Cookbook
• Abusing the Internet of Things
• Hardware Hacking: Have Fun while Voiding your Warranty
• Linksys WRT54G Ultimate Hacking
• Linux Binary Analysis
• Firmware

Blogs for iotpentest

1. http://iotpentest.com/
2. https://blog.attify.com
3. https://payatu.com/blog/
4. http://jcjc-dev.com/
5. https://w00tsec.blogspot.in/
6. http://www.devttys0.com/
7. https://www.rtl-sdr.com/
8. https://keenlab.tencent.com/en/
9. https://courk.cc/
10. https://iotsecuritywiki.com/

IoT security vulnerabilites checking guides

• Reflecting upon OWASP TOP-10 IoT Vulnerabilities

Exploitation Tools & OS

• Exploit - IoT Exploitation framework - by Aseemjakhar
• AttifyOS - IoT Pentest OS - by Aditya Gupta
• Ubutnu Best Host Linux for IoT's - Use LTS
• A Small, Scalable Open Source RTOS for IoT Embedded Devices
• Skywave Linux- Software Defined Radio for Global Online Listening
• Routersploit (Exploitation Framework for Embedded Devices)

Reverse Enginnering Tools

• IDA Pro
• GDB
• Radare2

Introduction

• Introduction to IoT
• IoT Architecture
• IoT attack surface
• IoT Protocols Overview

IoT Protocols Pentesting

MQTT

• Introduction
• Hacking the IoT with MQTT
• thoughts about using IoT MQTT for V2V and Connected Car from CES 2014
• Nmap
• The Seven Best MQTT Client Tools
• A Guide to MQTT by Hacking a Doorbell to send Push Notifications

CoAP

• Introduction
• CoAP client Tools
• CoAP Pentest Tools
• Nmap

Automobile

CanBus

• Introduction and protocol Overview
• PENTESTING VEHICLES WITH CANTOOLZ
• Building a Car Hacking Development Workbench: Part1

Radio IoT Protocols Overview

• Understanding Radio
• Signal Processing
• Software Defined Radio
• Gnuradio
• Creating a flow graph
• Analysing radio signals
• Recording specific radio signal
• Replay Attacks

Base transceiver station (BTS)

• what is base tranceiver station
• How to Build Your Own Rogue GSM BTS

GSM & SS7 Pentesting

• Introduction to GSM Security
• GSM Security 2
• vulnerabilities in GSM security with USRP B200
• Security Testing 4G (LTE) Networks
• Case Study of SS7/SIGTRAN Assessment
• Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP
• ss7MAPer – A SS7 pen testing toolkit
• Introduction to SIGTRAN and SIGTRAN Licensing
• SS7 Network Architecture
• Introduction to SS7 Signaling

Zigbee & Zwave

• Introduction and protocol Overview
• Hacking Zigbee Devices with Attify Zigbee Framework
• Hands-on with RZUSBstick
• ZigBee & Z-Wave Security Brief

BLE

• Traffic Engineering in a Bluetooth Piconet
• BLE Characteristics Reconnaissance (Active and Passive) with HCI Tools
  • btproxy
  • hcitool & bluez
  • Testing With GATT Tool
  • Cracking encryption

Mobile security (Android & iOS)

• Android
• IOS Pentesting

ARM

• Azeria Labs
• ARM EXPLOITATION FOR IoT

Firmware Pentest

• Firmware analysis and reversing
• Firmware emulation with QEMU
• Dumping Firmware using Buspirate

IoT hardware Overview

• IoT Hardware Guide

Hardware Tools

• Bus Pirate
• EEPROM readers
• Jtagulator / Jtagenum
• Logic Analyzer
• The Shikra
• FaceDancer21 (USB Emulator/USB Fuzzer)
• RfCat
• IoT Exploitation Learning Kit
• Hak5Gear- Hak5FieldKits
• Ultra-Mini Bluetooth CSR 4.0 USB Dongle Adapter
• Attify Badge - UART, JTAG, SPI, I2C (w/ headers)

Attacking Hardware Interfaces

• Serial Terminal Basics
• Reverse Engineering Serial Ports

UART

• Identifying UART interface
• onewire-over-uart
• Accessing sensor via UART

JTAG

• Identifying JTAG interface
• NAND Glitching Attack