收集一些与IoT安全有关的安全文章、教程、资料等url资源,供大家一起学习!
https://mp.weixin.qq.com/s/L3bkD7nuZdDdBQ7DJ4Q-ew
https://mp.weixin.qq.com/s/jZd5BpAmwFZOZuNjc4-oqA
https://mp.weixin.qq.com/s/jZd5BpAmwFZOZuNjc4-oqA
About the book - A Noob's Guide To ARM Exploitation
Introduction · Reverse Engineering
https://forum.defcon.org/node/241835, https://github.com/infobyte/cve-2022-27255
https://mp.weixin.qq.com/s/JT_HCfSS7bpgutk3v2ApNQ
https://mp.weixin.qq.com/s/7cdt5lCmU5ufucUasaKVZA
https://www.s3.eurecom.fr/docs/usenixsec22_arbiter.pdf
https://www.4hou.com/search-post?keywords=深入考察JSON在互操作性方面的安全漏洞,
https://github.com/KathanP19/HowToHunt
[UFA-通用固件分析 Zyxel firmware extraction and password analysis - hn security 系统](https://ufa.360.net/home)
James Kettle Research Overview
Analysis of Pre-Auth RCE in Sophos Web Appliance (CVE-2023-1671) - Blog - VulnCheck
奇安信攻防社区-CVE-2023-25690 Apache HTTP Server 请求走私漏洞 分析与利用
奇安信攻防社区-CVE-2023-25690 Apache HTTP Server 请求走私漏洞 分析与利用
Vulnerability Spotlight: Netgear Orbi router vulnerable to arbitrary command execution
Debugging D-Link: Emulating firmware and hacking hardware
https://mp.weixin.qq.com/s/Hayfe1gxRl_Clk7L8DIEZg
https://mp.weixin.qq.com/s/2joZwexIdVdgc5NL8W3J-A
Puckungfu: A NETGEAR WAN Command Injection – NCC Group Research
https://mp.weixin.qq.com/s/_CQ9jp6-a7wAcImjg8SouQ
https://mp.weixin.qq.com/s/_CQ9jp6-a7wAcImjg8SouQ
Patch diff an old vulnerability in Synology NAS | cq674350529's blog
Patch diff an old vulnerability in Synology NAS | cq674350529's blog
Netgear Nighthawk r7000p upnpd Buffer Overflow Remote Code Execution Vulnerability
RCE in Avaya Aura Device Services – Assetnote
CVE-2023-22374: F5 BIG-IP Format String Vulnerability | Rapid7 Blog
https://mp.weixin.qq.com/s/ie6ydNvxkFjJxmrpOTkcUA
https://mp.weixin.qq.com/s/js8Pg9xmkqRm0A0TF7pVXQ
https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md
https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md
directory-ttraversal-vulnerability-in-huawei-hg255s-products
CVE-2022-45313: Mikrotik RouterOs flaw can lead to execute arbitrary code
Cool vulns don't live long - Netgear and Pwn2Own
The Last Breath of Our Netgear RAX30 Bugs - A Tragic Tale before Pwn2Own Toronto 2022 | STAR Labs
Horde Webmail - Remote Code Execution via Email
Unauthenticated Remote Code Execution in a Wide Range of DrayTek Vigor Routers
https://mp.weixin.qq.com/s/p5JH8elwd0ze4f8h8xTgiA
Blind exploits to rule WatchGuard firewalls
pfBlockerNG Unauth RCE Vulnerability - IHTeam Security Blog
https://mp.weixin.qq.com/s/efrcXS_uiXp0LzUaaEJ-MA
Netgear Nighthawk r7000p aws_json Unauthenticated Double Stack Overflow Vulnerability
From Patch To Exploit: CVE-2021-35029
SSD Advisory – NETGEAR DGND3700v2 PreAuth Root Access - SSD Secure Disclosure
Reverse Engineering a Netgear Nday | StarkeBlog
https://mp.weixin.qq.com/s/tUikU0U-FCo33kWsmHTCIQ
Exploiting: Buffer overflow in Xiongmai DVRs | ret2.me
https://mp.weixin.qq.com/s/K-Zu1M5JVhzT_xb7rb1l0Q
A journey into IoT - Unknown Chinese alarm - Part 1 - Discover components and ports - hn security
https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html
https://mp.weixin.qq.com/s/WkXbI5lHM2LYnSCMuQAdbA
https://mp.weixin.qq.com/s/4fdD3eEg7aql6_cY81hHOA
nday exploit: netgear orbi unauthenticated command injection (CVE-2020-27861) | hyprblog
The printer goes brrrrr, again!
https://mp.weixin.qq.com/s/UwsQH9nr1D4FzK2lhy_W2A
https://mp.weixin.qq.com/s/W2yAcmXh4vrE9pOh02H9Gg
IOTsec-Zone�����社�
CVE-2022-24942 Heap-based buffer overflow in Silicon Labs Gecko SDK
Researcher drops Lexmark RCE zero-day rather than sell vuln ‘for peanuts’ | The Daily Swig
https://github.com/blasty/lexmark
https://mp.weixin.qq.com/s/emvk8liLb4MmWpE9L_MkZA
https://mp.weixin.qq.com/s/n_HBOWlHtS9sE7shGpDwxw
Zero Day Initiative — Announcing Pwn2Own Toronto 2022 and Introducing the SOHO Smashup!
https://mp.weixin.qq.com/s/xVU8o5NcbFYmy0yPJfiwVQ
https://mp.weixin.qq.com/s/BwQ7Ld7cxF9gxxnzxpp6xg
DJI Mavic 3 Drone Firmware Analysis
https://mp.weixin.qq.com/s/RUQKvzoWPks5Y2x6Ou7jCw
2020补天杯复盘:小米小爱音箱 后渗透利用公开 | Clang裁缝店
一种获取 FortiOS 权限的方法 | CataLpa's Home
Firmware key extraction by gaining EL3 - The Cave
Zeus WPI | Reverse engineering an e-ink display
Reverse Engineering BLE Devices — Reverse Engineering BLE Devices documentation
https://mp.weixin.qq.com/s/16V1JLcLaakCcMHjzOBbRA
LinkSys EA6100 AC1200 - Part 1 - PCB reversing
DualShock4 Reverse Engineering - Part 1
https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.2/
Shielder - Reversing embedded device bootloader (U-Boot) - p.1
Zyxel firmware extraction and password analysis - hn security
https://mp.weixin.qq.com/s/HwU7rgjhoCsJR0XQAoyHvw
http://xdxd.love/2015/08/24/逆向路由器固件之解包/
https://mp.weixin.qq.com/s/16V1JLcLaakCcMHjzOBbRA
https://www.nozominetworks.com/downloads/US/Nozomi-Networks-WP-UWB-Real-Time-Locating-Systems.pdf
Hacking Bluetooth to Brew Coffee from GitHub Actions: Part 1 - Bluetooth Investigation | grack
https://mp.weixin.qq.com/s/HMMa44u-FtSRPxQ1R-73jw
https://mp.weixin.qq.com/s/TsDWgCABWGCUMVUUK3f05A
Reverse engineering an EV charger
I'm Building a Self-Destructing USB Drive - Interrupt Labs Blog
https://martinschwarzl.at/media/files/thesis_main.pdf
PCIe DMA Attack against a secured Jetson Nano (CVE-2022-21819) – The Good Penguin
PS5 Hack: Keys incoming for the mysterious CP Box? - Wololo.net
A journey into IoT – Chip identification, BUSSide, and I2C - hn security
https://mp.weixin.qq.com/s/XxzANNCKwvVmrq2eOihyTw
Data exfiltration using a COVID-bit attack | Kaspersky official blog
https://mp.weixin.qq.com/s/oDMF3uVyJ_XR8h2rPakU3Q
pfBlockerNG Unauth RCE Vulnerability - IHTeam Security Blog
https://mp.weixin.qq.com/s/K0SXMVVdmkAdZyrNnCorBw
https://ryancor.medium.com/hardware-trojans-under-a-microscope-bf542acbcc29
https://mp.weixin.qq.com/s/G-Aas9ZFjEfUN6gj2hwusw
https://mp.weixin.qq.com/s/DZ2Nd5sIjWOuAGwLzBEQGQ
https://mp.weixin.qq.com/s/sBM-I6-ojYuJ9KyfXl87hg
https://mp.weixin.qq.com/s/Q2OfKSDsv3-4zdlW3tkgxg
https://mp.weixin.qq.com/s/orbT6HuK6cLN3A2-gcA0Ng
[Page not found - HITBSecConf2023 - Amsterdam](https://conference.hitb.org/hitbsecconf2023ams/materials/D1T1 - Your Not So Home Office - Soho Hacking at Pwn2Own - McCaulay Hudson )
The DEF CON® Media Server - Archives of the conferences
https://i.blackhat.com/USA-22/Thursday/US-22-Baines-Do-Not-Trust-The-ASA-Trojans.pdf
https://github.com/binarly-io/Research_Publications/blob/main/OffensiveCon_2022/UEFI Firmware Vulns Past, Present and Future.pdf
Ping bug potentially allows remote hack of FreeBSD systemsSecurity Affairs
https://mp.weixin.qq.com/s/Y-_1SEHSDBgWEEOD0dJu6g
https://mp.weixin.qq.com/s/GoYc5SA7cbNIrf2iRMKKSw
https://mp.weixin.qq.com/s/tUikU0U-FCo33kWsmHTCIQ
https://github.com/romainthomas/reverse-engineering-workshop
https://github.com/Accenture/VulFi
https://github.com/shijin0925/IOT/blob/master/TOTOLINK A3100R/8.md
https://github.com/aaronsvk/CVE-2022-30075
https://github.com/airbus-seclab/AutoResolv
https://github.com/PortSwigger/http-request-smuggler
https://github.com/Le0nsec/SecCrawler
https://github.com/pedrib/PoC/blob/master/advisories/Cisco/DCNMPwn.md
https://github.com/wudipjq/my_vuln/tree/main/ARRIS
https://github.com/Cossack9989/Vulns/tree/master/IoT
IOTsec-Zone�����社�
IOTsec-Zone�����社�
https://mp.weixin.qq.com/s/LzrqCOq6BjPC6s3SjNvXcw
https://mp.weixin.qq.com/s/O1EfTtvmAc0e2H6DFlElYA
https://mp.weixin.qq.com/s/pFf7hvan2Z9VOxGyuwIvmg
Bug in Honda, Nissan, Toyota Cars App Let Hackers Start The Car Remotely
https://mp.weixin.qq.com/s/bx-Rtw1kkSb56iiaUpcqNQ
https://mp.weixin.qq.com/s/0grR0FRCMoWvsGJAGLTfUg
💀 Sploitus | Exploit 漏洞情报库 Hacktool Search Engine
National Vulnerability Database(NVD):https://nvd.nist.gov/
Symantec:https://www.symantec.com/security-center/vulnerability-management
Microsoft:https://technet.microsoft.com/en-us/security/
Tenable:https://www.tenable.com/
Rapid7:https://www.rapid7.com/
Zerodium:https://zerodium.com/
Bugtraq:https://www.securityfocus.com/vulnerabilities
vulmon: https://vulmon.com/vulnerabilitydetails?qid=CVE-2022-1040
synk vulndb:https://snyk.io/vuln/search?q=log4j&type=any
https://media.defcon.org/DEF CON 30/DEF CON 30 presentations/Daniel (dozer) Jensen - Hunting Bugs in The Tropics V1.0.pdf
https://github.com/horizon3ai/CVE-2022-39952
https://mp.weixin.qq.com/s/ZpIreydFhKbaGtWjKK6wog
https://github.com/infobyte/cve-2022-27255/blob/main/DEFCON/slides.pdf
https://mp.weixin.qq.com/s/xVU8o5NcbFYmy0yPJfiwVQ
[Hardware 其他 https://media.defcon.org/DEF CON 30/DEF CON 30 presentations/Daniel (dozer) Jensen - Hunting Bugs in The Tropics V1.0.pdf
https://github.com/horizon3ai/CVE-2022-39952
https://mp.weixin.qq.com/s/ZpIreydFhKbaGtWjKK6wog
https://github.com/infobyte/cve-2022-27255/blob/main/DEFCON/slides.pdf
https://mp.weixin.qq.com/s/xVU8o5NcbFYmy0yPJfiwVQ Embedded Systems: A little early effort in security can return a huge payoff – NCC Group Research](https://research.nccgroup.com/2022/02/22/hardware-embedded-systems-a-little-early-effort-in-security-can-return-a-huge-payoff/)