ایمن سازی دستگاه های اینترنت اشیا نیازمند رویکرد جدیدی است
https://blog.morphisec.com/securing-iot-devices-new-approach
#IoT
@IotPenetrationTesting
https://blog.morphisec.com/securing-iot-devices-new-approach
#IoT
@IotPenetrationTesting
Morphisec
Securing IoT Devices Requires a New Approach
The challenges to securing IoT devices are immense, particularly at the platform level. But in-memory device protection offers a way forward.
درود دوستان کانال ما یعنی @pfk_Security اکانتش پاک شد متاسفتانه مجدد کانال دیگری زدیم و فعالیتمان را مجدد بعد از جوین شما کاربران قدیمی و کاربران جدید اغاز خواهیم کرد .
کانال جدید :
@PfkSecurity
کانال جدید :
@PfkSecurity
#SCADA
"Threat landscape for industrial automation systems. Statistics for H1 2022".
https://ics-cert.kaspersky.com/publications/reports/2022/09/08/threat-landscape-for-industrial-automation-systems-statistics-for-h1-2022
@IotPenetrationTesting
"Threat landscape for industrial automation systems. Statistics for H1 2022".
https://ics-cert.kaspersky.com/publications/reports/2022/09/08/threat-landscape-for-industrial-automation-systems-statistics-for-h1-2022
@IotPenetrationTesting
Kaspersky ICS CERT | Kaspersky Industrial Control Systems Cyber Emergency Response Team
Threat landscape for industrial automation systems. Statistics for H1 2022 | Kaspersky ICS CERT
The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.
CVE-2022-27255
Realtek eCos SDK SIP ALG buffer overflow.
This repository contains de materials for the talk "Exploring the hidden attack surface of OEM #IoT devices: pwning thousands of routers with a vulnerability in Realtek’s SDK for eCos OS.", which was presented at DEFCON30.
https://github.com/infobyte/cve-2022-27255
#cve
@IotPenetrationTesting
Realtek eCos SDK SIP ALG buffer overflow.
This repository contains de materials for the talk "Exploring the hidden attack surface of OEM #IoT devices: pwning thousands of routers with a vulnerability in Realtek’s SDK for eCos OS.", which was presented at DEFCON30.
https://github.com/infobyte/cve-2022-27255
#cve
@IotPenetrationTesting
GitHub
GitHub - infobyte/cve-2022-27255
Contribute to infobyte/cve-2022-27255 development by creating an account on GitHub.
In the latest install of the Call of Duty series: Modern Warfare II (2022) players can conduct DDoS attacks. The DDoS attack will disrupt or disable enemies or enemy equipment.
tl;dr in the future helicopters, tanks, guns, and even human beings will be IoT devices.
tl;dr in the future helicopters, tanks, guns, and even human beings will be IoT devices.
Reversing embedded device bootloader (U-Boot)
Part 1: https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.1
Part 2: https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.2
#IoT
@Iotpenetrationtesting
Part 1: https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.1
Part 2: https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.2
#IoT
@Iotpenetrationtesting
Shielder
Shielder - Reversing embedded device bootloader (U-Boot) - p.1
In the course of these two articles, we will share an analysis of some aspects of reversing a low-level binary.
IoT_Security_CheckList.pdf
401.3 KB
IoT Security Checklist
The checklist lists 39 essential security functions that enable IoT devices to be operated safely even in an environment where threats exist, along with background information on why they are necessary
IoT Security Checklist Diagram, Users Manual, Checklist in .xlsx:
https://www.jpcert.or.jp/english/pub/sr/IoT-SecurityCheckList.html
#IoT
@Iotpenetrationtesting
The checklist lists 39 essential security functions that enable IoT devices to be operated safely even in an environment where threats exist, along with background information on why they are necessary
IoT Security Checklist Diagram, Users Manual, Checklist in .xlsx:
https://www.jpcert.or.jp/english/pub/sr/IoT-SecurityCheckList.html
#IoT
@Iotpenetrationtesting
To some admins to post IoT & ICS Hacking posts on the channel to share with other friends and if possible to offer conferences.
Contact : @NetPwn
Contact : @NetPwn
+ A Collection for IoT Security Resources
https://github.com/V33RU/IoTSecurity101#Books-For-IoT-Pentesting
+ A Virtual environment for Pentesting IoT Devices
https://github.com/IoT-PTv/IoT-PT
#IoT #Pentest
@Iotpenetrationtesting
https://github.com/V33RU/IoTSecurity101#Books-For-IoT-Pentesting
+ A Virtual environment for Pentesting IoT Devices
https://github.com/IoT-PTv/IoT-PT
#IoT #Pentest
@Iotpenetrationtesting
GitHub
GitHub - V33RU/awesome-connected-things-sec: A Curated list of Security Resources for all connected things
A Curated list of Security Resources for all connected things - V33RU/awesome-connected-things-sec
🔥🔥🔥Xiongmai IoT Exploitation(exploited in the wild)
There are a number of reasons Xiongmai devices are interesting targets:
💾 The first reason is there are a lot of them on the internet(around 200,000).
💾The second reason is these devices have been affected by a handful of high or critical vulnerabilities(CVE-2017-7577, CVE-2018-10088, CVE-2020-22253, CVE-2021-41506, CVE-2022-26259, CVE-2022-45045 & CVE-2022-45640)
💾And that’s interesting due to an almost complete lack of high quality exploits for these vulnerabilities.
#IOT
#PrivateShizo
@Iotpenetrationtesting
There are a number of reasons Xiongmai devices are interesting targets:
💾 The first reason is there are a lot of them on the internet(around 200,000).
💾The second reason is these devices have been affected by a handful of high or critical vulnerabilities(CVE-2017-7577, CVE-2018-10088, CVE-2020-22253, CVE-2021-41506, CVE-2022-26259, CVE-2022-45045 & CVE-2022-45640)
💾And that’s interesting due to an almost complete lack of high quality exploits for these vulnerabilities.
#IOT
#PrivateShizo
@Iotpenetrationtesting
VulnCheck
VulnCheck - Outpace Adversaries
Vulnerability intelligence that predicts avenues of attack with speed and accuracy.
ShellCore.pdf
729.6 KB
"ShellCore: Automating Malicious IoT Software Detection by Using Shell Commands Representation", 2021.
#IoT_Security
@Iotpenetrationtesting
#IoT_Security
@Iotpenetrationtesting
Gafgyt.pdf
4.3 MB
A Detailed Analysis of the Gafgyt Malware Targeting IoT Devices , 2022.
#Malware_analysis
#IoT_Security
@Iotpenetrationtesting
#Malware_analysis
#IoT_Security
@Iotpenetrationtesting
awesome-iot-hacks
A Collection of Hacks in IoT Space so that we can address them (hopefully).
https://github.com/nebgnahz/awesome-iot-hacks
#IoT
@Iotpenetrationtesting
A Collection of Hacks in IoT Space so that we can address them (hopefully).
https://github.com/nebgnahz/awesome-iot-hacks
#IoT
@Iotpenetrationtesting
GitHub
GitHub - nebgnahz/awesome-iot-hacks: A Collection of Hacks in IoT Space so that we can address them (hopefully).
A Collection of Hacks in IoT Space so that we can address them (hopefully). - nebgnahz/awesome-iot-hacks
A tool which utilizes Shodan to detect vulnerable IoT devices.
BAMF is an open-source tool designed to leverage Shodan (a search engine for the Internet of Things) to discover routers vulnerable to CVE-2013-6026, commonly known as Joel's Backdoor, a severe vulnerability allowing unauthenticated access to the administration panel of many routers made by D-Link, one of the world's largest manufacturers of routers for home and business.
https://github.com/malwaredllc/bamf
#IoT
@Iotpenetrationtesting
BAMF is an open-source tool designed to leverage Shodan (a search engine for the Internet of Things) to discover routers vulnerable to CVE-2013-6026, commonly known as Joel's Backdoor, a severe vulnerability allowing unauthenticated access to the administration panel of many routers made by D-Link, one of the world's largest manufacturers of routers for home and business.
https://github.com/malwaredllc/bamf
#IoT
@Iotpenetrationtesting
IoTSecurity101
A Curated list of #IoT Security Resources
https://github.com/V33RU/IoTSecurity101
@Iotpenetrationtesting
A Curated list of #IoT Security Resources
https://github.com/V33RU/IoTSecurity101
@Iotpenetrationtesting
GitHub
GitHub - V33RU/awesome-connected-things-sec: A Curated list of Security Resources for all connected things
A Curated list of Security Resources for all connected things - V33RU/awesome-connected-things-sec
IoT-PT
A Virtual environment for Pentesting IoT Devices
https://github.com/IoT-PTv/IoT-PT
Persian :
یک محیط مجازی برای Pentesting دستگاه های IoT
https://github.com/IoT-PTv/IoT-PT
#IoT
@Iotpenetrationtesting
A Virtual environment for Pentesting IoT Devices
https://github.com/IoT-PTv/IoT-PT
Persian :
یک محیط مجازی برای Pentesting دستگاه های IoT
https://github.com/IoT-PTv/IoT-PT
#IoT
@Iotpenetrationtesting
GitHub
GitHub - IoT-PTv/IoT-PT-v1: A Virtual environment for Pentesting IoT Devices
A Virtual environment for Pentesting IoT Devices. Contribute to IoT-PTv/IoT-PT-v1 development by creating an account on GitHub.
درود
بدلیل مشغله کاری از تمامی دوستان فعال در حوزه های سایبری دعوت میشود به آیدی زیر پیام داده و در صورت تایید به عنوان مدیر و ویراستار جدید کانال انتخاب شوند
@Offensive01Bot
بدلیل مشغله کاری از تمامی دوستان فعال در حوزه های سایبری دعوت میشود به آیدی زیر پیام داده و در صورت تایید به عنوان مدیر و ویراستار جدید کانال انتخاب شوند
@Offensive01Bot