收集一些与物联网相关的安全文章,包括漏洞分析、安全会议和论文等
作者:Sec-Labs | 发布时间:
项目地址
https://github.com/H4lo/awesome-IoT-security-article
Introduction
收集一些与IoT安全有关的安全文章、教程、资料等url资源,供大家一起学习!
安全教程
Introduction · Reverse Engineering
使ç�¨Binary Ninjaè¿�è¡�IoT设å¤�æ¼�æ´�æ��æ�� | 京ä¸�æ�¢ç´¢ç �究é�¢ä¿¡æ�¯å®�å�¨å®�éª�室
https://forum.defcon.org/node/241835, https://github.com/infobyte/cve-2022-27255
https://mp.weixin.qq.com/s/JT_HCfSS7bpgutk3v2ApNQ
https://mp.weixin.qq.com/s/7cdt5lCmU5ufucUasaKVZA
https://www.s3.eurecom.fr/docs/usenixsec22_arbiter.pdf
https://www.4hou.com/search-post?keywords=深入考察JSON在互操作性方面的安全漏洞,
https://github.com/KathanP19/HowToHunt
安全论坛|博客
[UFA-通用固件分析 Zyxel firmware extraction and password analysis - hn security 系统](https://ufa.360.net/home)
IOTsec-Zone�����社�
James Kettle Research Overview
漏洞分析
网络设备漏洞分析
https://mp.weixin.qq.com/s/js8Pg9xmkqRm0A0TF7pVXQ
https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md
https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md
directory-ttraversal-vulnerability-in-huawei-hg255s-products
CVE-2022-45313: Mikrotik RouterOs flaw can lead to execute arbitrary code
Cool vulns don't live long - Netgear and Pwn2Own
The Last Breath of Our Netgear RAX30 Bugs - A Tragic Tale before Pwn2Own Toronto 2022 | STAR Labs
Horde Webmail - Remote Code Execution via Email
Unauthenticated Remote Code Execution in a Wide Range of DrayTek Vigor Routers
https://mp.weixin.qq.com/s/p5JH8elwd0ze4f8h8xTgiA
Blind exploits to rule WatchGuard firewalls
pfBlockerNG Unauth RCE Vulnerability - IHTeam Security Blog
https://mp.weixin.qq.com/s/efrcXS_uiXp0LzUaaEJ-MA
Netgear Nighthawk r7000p aws_json Unauthenticated Double Stack Overflow Vulnerability
From Patch To Exploit: CVE-2021-35029
SSD Advisory – NETGEAR DGND3700v2 PreAuth Root Access - SSD Secure Disclosure
Reverse Engineering a Netgear Nday | StarkeBlog
https://mp.weixin.qq.com/s/tUikU0U-FCo33kWsmHTCIQ
摄像头漏洞分析
Exploiting: Buffer overflow in Xiongmai DVRs | ret2.me
https://mp.weixin.qq.com/s/K-Zu1M5JVhzT_xb7rb1l0Q
A journey into IoT - Unknown Chinese alarm - Part 1 - Discover components and ports - hn security
智能家居漏洞分析
https://mp.weixin.qq.com/s/WkXbI5lHM2LYnSCMuQAdbA
https://mp.weixin.qq.com/s/4fdD3eEg7aql6_cY81hHOA
nday exploit: netgear orbi unauthenticated command injection (CVE-2020-27861) | hyprblog
嵌入式/物联网设备漏洞分析
https://mp.weixin.qq.com/s/emvk8liLb4MmWpE9L_MkZA
https://mp.weixin.qq.com/s/n_HBOWlHtS9sE7shGpDwxw
Zero Day Initiative — Announcing Pwn2Own Toronto 2022 and Introducing the SOHO Smashup!
https://mp.weixin.qq.com/s/xVU8o5NcbFYmy0yPJfiwVQ
固件分析
DualShock4 Reverse Engineering - Part 1
https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.2/
Shielder - Reversing embedded device bootloader (U-Boot) - p.1
Zyxel firmware extraction and password analysis - hn security
https://mp.weixin.qq.com/s/HwU7rgjhoCsJR0XQAoyHvw
http://xdxd.love/2015/08/24/逆向路由器固件之解包/
无线电安全
Hacking Bluetooth to Brew Coffee from GitHub Actions: Part 1 - Bluetooth Investigation | grack
硬件安全
https://mp.weixin.qq.com/s/XxzANNCKwvVmrq2eOihyTw
Data exfiltration using a COVID-bit attack | Kaspersky official blog
https://mp.weixin.qq.com/s/oDMF3uVyJ_XR8h2rPakU3Q
pfBlockerNG Unauth RCE Vulnerability - IHTeam Security Blog
https://mp.weixin.qq.com/s/K0SXMVVdmkAdZyrNnCorBw
https://ryancor.medium.com/hardware-trojans-under-a-microscope-bf542acbcc29
https://mp.weixin.qq.com/s/G-Aas9ZFjEfUN6gj2hwusw
模糊测试
工具使用
https://mp.weixin.qq.com/s/DZ2Nd5sIjWOuAGwLzBEQGQ
https://mp.weixin.qq.com/s/sBM-I6-ojYuJ9KyfXl87hg
安全论文
https://mp.weixin.qq.com/s/Q2OfKSDsv3-4zdlW3tkgxg
https://mp.weixin.qq.com/s/orbT6HuK6cLN3A2-gcA0Ng
会议
国内会议
国外会议
https://i.blackhat.com/USA-22/Thursday/US-22-Baines-Do-Not-Trust-The-ASA-Trojans.pdf
https://github.com/binarly-io/Research_Publications/blob/main/OffensiveCon_2022/UEFI Firmware Vulns Past, Present and Future.pdf
CTF
安全报道
Ping bug potentially allows remote hack of FreeBSD systemsSecurity Affairs
https://mp.weixin.qq.com/s/Y-_1SEHSDBgWEEOD0dJu6g
https://mp.weixin.qq.com/s/GoYc5SA7cbNIrf2iRMKKSw
https://mp.weixin.qq.com/s/tUikU0U-FCo33kWsmHTCIQ
开源安全项目
https://github.com/romainthomas/reverse-engineering-workshop
https://github.com/Accenture/VulFi
https://github.com/shijin0925/IOT/blob/master/TOTOLINK A3100R/8.md
https://github.com/aaronsvk/CVE-2022-30075
https://github.com/airbus-seclab/AutoResolv
https://github.com/PortSwigger/http-request-smuggler
https://github.com/Le0nsec/SecCrawler
https://github.com/pedrib/PoC/blob/master/advisories/Cisco/DCNMPwn.md
https://github.com/wudipjq/my_vuln/tree/main/ARRIS
https://github.com/Cossack9989/Vulns/tree/master/IoT
车联网安全
Bug in Honda, Nissan, Toyota Cars App Let Hackers Start The Car Remotely
https://mp.weixin.qq.com/s/bx-Rtw1kkSb56iiaUpcqNQ
https://mp.weixin.qq.com/s/0grR0FRCMoWvsGJAGLTfUg
漏洞情报库
National Vulnerability Database(NVD):https://nvd.nist.gov/
Symantec:https://www.symantec.com/security-center/vulnerability-management
Microsoft:https://technet.microsoft.com/en-us/security/
Tenable:https://www.tenable.com/
Rapid7:https://www.rapid7.com/
Zerodium:https://zerodium.com/
Bugtraq:https://www.securityfocus.com/vulnerabilities
vulmon: https://vulmon.com/vulnerabilitydetails?qid=CVE-2022-1040
synk vulndb:https://snyk.io/vuln/search?q=log4j&type=any