@H4l0
2021-05-07T11:54:51.000000Z
字数 10564
阅读 23014
学习资料
IOT
https://github.com/V33RU/IoTSecurity101
http://www.devttys0.com/2011/06/mystery-file-system/
http://www.devttys0.com/2011/05/reverse-engineering-firmware-linksys-wag120n/
TP-Link wr886nv7-V1.1.0 路由器分析 – 固件初步分析
TP-Link wr886nv7-V1.1.0 路由器分析 - VxWorks cmd命令行获取及使用方法
https://www.secpulse.com/archives/75636.html
D-Link DIR-850L路由器分析之获取设备shell
Reverse Engineering VxWorks Firmware: WRT54Gv8
Reversing D-Link’s WPS Pin Algorithm
极路由安全设计架构分析
https://www.freebuf.com/articles/terminal/76046.html
https://github.com/DigitalSecurity/nrf5x-tools
摄像头漏洞挖掘入门教程(固件篇)
固件修改及编译记录
https://www.uedbox.com/post/20483/
物联网安全|手把手带你制作恶意固件
D-Link DIR-816 A2路由器安全研究分享
针对某款摄像头设备的固件重打包及root shell获取过程
【技术分享】物联网设备的固件分析技术
https://www.callmewing.com/2018/10/03/%E9%80%86%E5%90%91PT632_G2%E5%85%89%E7%8C%AB%E5%9B%BA%E4%BB%B6/
逆向路由器固件之信息泄露
逆向路由器固件之敏感信息泄露 Part2
tenda 某路由器信息泄露查找
分析Belkin SURF路由器中的多个漏洞(缓冲区溢出、后门)
360 IOT 人才培养计划
https://bbs.ichunqiu.com/thread-32773-1-1.html?from=beef
Pulse Secure SSL VPN远程代码执行漏洞利用与分析
https://www.pentestpartners.com/security-blog/pwning-cctv-cameras/
Netgear Nighthawk R8300 upnpd PreAuth RCE 分析与复现
https://ssd-disclosure.com/ssd-advisory-netgear-nighthawk-r8300-upnpd-preauth-rce/
6 New Vulnerabilities Found on D-Link Home Routers
New Vulnerabilities in TOTOLINK A3002RU
NetGear WNDR Authentication Bypass / Information Disclosure
https://github.com/darkarnium/secpub/tree/master/Vulnerabilities/NetGear/SOAPWNDR
TP-Link Archer A7 v5 Router USB Symlink Following Vulnerability
https://www.softscheck.com/en/reverse-engineering-tp-link-hs110/
CVE-2018-0296 Cisco ASA 拒绝服务漏洞分析
CVE-2019-1663 Cisco 的多个低端设备的堆栈缓冲区溢出漏洞分析
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp
Asuswrt RT-AC68U 华硕路由器文件删除漏洞 && 栈溢出
ASUSWRT Stack Overflow in wanduck.c
ASUSWRT - Multiple Vulnerabilities
CVE-2020-3119 Cisco CDP 协议栈溢出漏洞分析
http://bobao.360.cn/learning/detail/195.html
D-Link多型号路由器存在任意文件下载漏洞(CVE-2018-10822)
某些型号的Comba和D-Link路由器存在管理员密码泄露漏洞
ZXHN H108N Router Web-Shell and Secrets
Dlink Shareport Web Access Authentication Bypass
CVE-2020-9544: DLink DSL-2640B un-authenticated firmware upgrade
影响 NETGEAR 路由器的 0-Day:KCodes NetUSB 两个安全漏洞披露(CVE-2019-5016/5017)
HEAP OVERFLOW IN THE NETGEAR NIGHTHAWK R6700 ROUTER
http://www.360doc.com/content/14/1009/17/13468863_415575489.shtml
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp
D-Link DIR-615 XSS Via the UPnP Protocol
D-Link DIR-859 —未经身份验证的RCE(CVE-2019–17621)
IT_Security_Research_WirelessIP_camera_family
IT Security Research by Pierre
亚马逊Blink智能摄像头曝出劫持漏洞
- 响应包存在 root 命令注入
海思芯片摄像头后后门、硬编码、栈溢出
https://ssd-disclosure.com/archives/3025
https://www.0x42424242.in/xiongmai/5
Full disclosure: 0day vulnerability (backdoor) in firmware for Xiaongmai-based DVRs, NVRs and IP cameras
https://www.cnblogs.com/mmseh/p/6537924.html
酷视(NEO Coolcam)网络摄像头登录绕过及多个基于堆栈溢出的远程代码执行漏洞及数
https://paper.seebug.org/653/
The Scary World of Baby Monitor 'Hacking'
Reverse Engineering cheap chinese “VRCAM” protocol
http://www.mottoin.com/detail/1073.html
http://www.360doc.com/content/18/0422/10/6932394_747914433.shtml
https://mp.weixin.qq.com/s/aEeVM5wLb0qozU3CfDmRVg
NRF51822 code readout protection bypass- a how-to
嵌入式逆向工程入门:STM32F103C8T6 上 的 FreeRTOS & Libopencm3
嵌入式设备硬件 PCB 级逆向
渗透低性能智能设备的关键技术-固件提取
硬件安全系列——ARM Cortex-M4固件逆向分析
绕过读保护技术_某共享单车蓝牙锁固件提取
https://docs.rust-embedded.org/book/intro/index.html
对BLE智能手环的测试
关于一次智能手表的探索
破解微软智能手环
https://www.exploitee.rs/index.php/FireFU_Exploit
2018年 KCon 议题解读 | 智能家居安全——身份劫持
攻击案例 -- 数字密码锁 - 手把手DIY,教你强攻嵌入式设备那些黑科技
Wemo Insight 智能插座缓冲区溢出漏洞及其利用分析
https://netsecurity.51cto.com/art/201909/603441.htm
【技术分享】看我如何黑掉西部数码的NAS设备(含演示视频)
https://www.anquanke.com/vul/id/2287995
Ruckus IoT 控制器中的远程命令执行(CVE-2020-26878 + CVE-2020-26879)
Wi-Fi Protected Network and Wi-Fi Protected Network 2 Information Disclosure Vulnerability
https://sec.xiaomi.com/article?id=14
智能硬件的攻击面也主要在 协议 这一块, 比如协议数据的加密问题, 协议的权限问题,认证机制以及对数据的处理问题(堆栈溢出)
https://www.cnblogs.com/hac425/p/9674758.html
D-Link DIR-850L路由器分析之获取设备shell
看雪2018峰会回顾_智能设备漏洞挖掘中几个突破点(内有十种固件提取方法和首次公开uboot提取固件方法)
浅谈路由器漏洞挖掘(科普文)
https://quentinkaiser.be/exploitdev/2020/07/14/breaking-cisco-rv-again/
https://github.com/IoT-PTv/List-of-Tools
devttys0
giantbranch
https://github.com/xinali/articles
银河安全实验室
cq
hac425
secwiki 路由器漏洞相关资料
https://github.com/leonW7?tab=repositories
ray-cp
jayway0day
https://wzt.ac.cn/2020/01/10/firmadyne2/
http://www.gandalf.site/
jalalsela
伏宸安全实验室
http://www.atomsec.org/
https://felipe.astroza.cl/
https://blog.3or.de/
https://www.0x42424242.in/
IOT 漏洞收集
http://soh0ro0t.monster/
https://sploit.tech/2019/12/16/Realtek-TOTOLINK.html
larryxi
https://kabeor.cn/
dunkels-adam
atredis
https://research.nccgroup.com/
afl-unicorn: Fuzzing Arbitrary Binary Code
http://www.routerpwn.com/
https://firmwaresecurity.com/
路由器分析之硬件拆卸
https://blog.3or.de/
https://devco.re/
https://pwn2learn.dusuel.fr/blog/nested-backdoors/
https://36.110.234.240/
https://blog.exploitee.rs/
基于 unicorn 的单个函数模拟执行和 fuzzer 实现
基于Unicorn和LibFuzzer的模拟执行fuzzing
https://www.cnblogs.com/studyskill/category/1028655.html
https://github.com/Dor1s/libfuzzer-workshop/tree/master/lessons
Cotopaxi:使用指定IoT网络协议对IoT设备进行安全测试
基于Unicorn和LibFuzzer的模拟执行fuzzing
IOTFUZZER:通过基于应用程序的模糊测试发现物联网中的内存损坏
FIRM-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation
Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware
利用Marvell Avastar Wi-Fi中的漏洞远程控制设备:从零知识入门到RCE漏洞挖掘利用(下)
边界IOT漏洞挖掘精要
家用路由器漏洞挖掘入门
物联网设备漏洞挖掘思路与技巧
ChaMd5安全团队 带你入坑物联网安全
2020-2-29-知世-公开课-路由器PWN
「突围」联合线上技术直播沙龙完整录屏丨漏洞银行直播回顾 - 2020.2.26 - AIOT 安全
https://www.docin.com/p-882254908.html
0ctf2019 Final embedded_heap题解
解压 lzma 格式压缩数据:
lzma -kdc A200.lzma > A200
lzmadec -kd fwr2.lzma>fwr22
binwalk -Me xxx.bin
TOTOLINK
http://www.totolink.net/
FAST
极路由/hiwifi
D-LINK
TP-LINK
MERCURY
Tenda
磊科
维盟
http://www.wayos.com:8081/download/
艾泰
锐捷路由器
飞鱼星
newifi
b-link
华硕
腾达
拓实
netis
华硕
draytek
grandstream
http://www.grandstream.com/support/firmware/
linksys
ruckuswireless
netgear
cisco
sonicwall
https://www.h3c.com/cn/Service/Document_Software/Software_Download/
https://www.ruijie.com.cn/fw/rj/
https://www.zyxel.cn/support/download_landing.shtml
tp-link
杭州-雄迈
avtech
https://drivers.softpedia.com/get/network-ip-surveillance-baby-camera/AVTECH/AVTECH-AVH0801-NVR-Firmware-1012.shtml
https://support.wdc.com/downloads.aspx?lang=cn#firmware
https://www.dahuatech.com/service/download.html
sapido
https://www.ciktel.com/Devices/Router
https://auth1.ruckuswireless.com/login?referer=%2Foauth%2Fauthorize%3Fclient_id%3Df26a12b68eda21c97c3cbdec2dfb96ce31d46d8e995e190bf81f83e4b5e24d11%26redirect_uri%3Dhttps%253A%252F%252Fsupport.ruckuswireless.com%252Fcallback%26response_type%3Dcode%26scope%3Dpublic
http://fibergate.cc/services.html
http://www.totolink.cn/
http://www.trendnet.com.cn/gywm
http://ubnt.joint-harvest.com/
http://www.grandstream.com/
https://drivers.softpedia.com/get/Router-Switch-Access-Point/?utm_source=spd&utm_campaign=postdl_redir
https://teltonika-networks.com/
https://software.cisco.com/download/home/282413304
4G无线路由曝致命漏洞,攻击者可执行任意代码
破解了十款路由器之后,我们有话要说
数数那些坑你的路由器漏洞
腾讯安全团队新发现:智能音箱摇身一变成间谍
大量Ruckus路由器出现漏洞,易受黑客攻击
启明星辰ADLab:某摄像头产品漏洞分析及解决方案
华为海思芯片又有后门?外国研究员刚提出指控,就被打脸了
https://www.pwnwiki.org/index.php?title=Main_Page
https://www.zerodayinitiative.com/advisories/published/
https://www.tenable.com/cve/updated
知识星球搜索:IoT 安全
加入。