Hey Folks! Welcome to our IoT Security Series. We will be publishing posts related to IoT and Automotive security as regularly as possible. We hope to help at least one person jump into IoT and Automotive Security. And for that one reason alone these blogs will remain as a free reference for all. No one needs to pay for anything. You heard it. It’s Free Forever!
What do we plan on doing here? We will be blogging regularly as possible as we too learn things on the way. We will be covering everything from the base up. But we would like to remind you to do your homework as well. Nothing is complete without your cooperation. Try things out. Memorizing theory is not our cup of tea. It shouldn’t be yours too. For some part, you may need only your laptops but there will be places where you will need to get some hardware. We know we know. It will cost you some money. Don’t worry about that part, no one needs every single tool in the beginning:). And as a side note, we might go a bit deep into things. We don’t want anyone to be like skids who doesn’t know how things work. We repeat. Don’t be a Skid.
Before we dive in, We would like to acknowledge the hard work done by others in this field and who among them who have shared their knowledge with everyone. We will be referring to different blogs and videos and we might not be able to tag every single one we referred. So we beg your pardon for that. And as my mentor (Yashin Ikka) taught me, “Give back to the community!”. Help others if you can! Things we will be covering
Introduction
1. Introduction to IoT
2. IoT Architecture
3. Attack Surfaces
4. IoT Protocols Overview
IoT Pentesting
1. Network
→Local
— →1. Wired
— — →1. CanBus
— — →2. CoAP
— — →3. ModBus
— — →4. DICOM
— →2. Wireless
— — →1. ZigBee
— — →2. GSM/LTE
— — →3. BLE
— — →4. LoraWan
— →3. Authentication Bypass and Cryto Vulnerabilities
→Cloud
— →1. MQTT
2. Software
→Hardcoded Credentials
→Memory Corruption Flaws
— →1. Stack Overflows
— →2. Heap Overflows/Spray
— →3. Integer Overflows
— →4. Kernal Space Programs (Drivers and Bootloaders)
— →5. User Space Programs
3. Hardware
→Side Channel Attacks
→Digital Signal Leaks
→Glitching Attacks
→Exposed Debugging Pins
— →1. I2C
— →2. SPI
— →3. UART
— →4. JTAG
→ARM Reverse Engineering and Exploitation
→MISC
This is to give you a rough overview of our plan. We might end up adding more to this. And to be honest with you, we wouldn’t be covering web API and Android and iOS pentesting. It’s way too big and there are already tonnes of good videos and blogs about it. So a hard pass. All these buzz words might sound intimidating. Don’t worry, these will be broken down into Series and Mini-Series. Got anything else to add to the list? You know where to find us :) Cheers Guys
