Lumos: IoT device detection system
چگونه دوربین و میکروفون مخفی را تشخیص دهیم | وبلاگ رسمی کسپرسکی
https://www.kaspersky.com/blog/how-to-find-spy-cameras-and-other-iot-devices/44833/
@IotPenetrationTesting
چگونه دوربین و میکروفون مخفی را تشخیص دهیم | وبلاگ رسمی کسپرسکی
https://www.kaspersky.com/blog/how-to-find-spy-cameras-and-other-iot-devices/44833/
@IotPenetrationTesting
Kaspersky
How else to detect hidden cameras and microphones
A new method for detecting hidden cameras, microphones and other IoT spy devices that seems to actually work.
Introducing security for unmanaged devices in the Enterprise network with Microsoft Defender for IoT
https://www.microsoft.com/security/blog/2022/07/11/introducing-security-for-unmanaged-devices-in-the-enterprise-network-with-microsoft-defender-for-iot/
#IoT
@IotPenetrationTesting
https://www.microsoft.com/security/blog/2022/07/11/introducing-security-for-unmanaged-devices-in-the-enterprise-network-with-microsoft-defender-for-iot/
#IoT
@IotPenetrationTesting
Microsoft Security Blog
Introducing security for unmanaged devices in the Enterprise network with Microsoft Defender for IoT | Microsoft Security Blog
Microsoft Defender IoT is generally available to help organizations challenged with securing unmanaged Internet of Things devices connected to the network.
ZTNA – An Enterprise Game Changer For Securing Remote Access to #IoT & BYOD
https://gbhackers.com/ztna-an-enterprise-game-changer-for-securing-remote-access-to-iot-byod/
@IotPenetrationTesting
https://gbhackers.com/ztna-an-enterprise-game-changer-for-securing-remote-access-to-iot-byod/
@IotPenetrationTesting
GBHackers Security | #1 Globally Trusted Cyber Security News Platform
ZTNA - An Enterprise Game Changer For Securing Remote Access to IoT & BYOD - GBHackers Security | #1 Globally Trusted Cyber Security…
Internet networks have expanded far beyond the world of traditional desktop computers. Today, we rely on Google Nest to raise or lower the temperature in our house, on Alexa to play music just by shouting the name of the song or band, and on a range of other…
#IoT, #OT cybersecurity challenges: Investments and breaches
https://www.securitymagazine.com/articles/97979-iiot-ot-cybersecurity-challenges-investments-and-breaches
@IotPenetrationTesting
https://www.securitymagazine.com/articles/97979-iiot-ot-cybersecurity-challenges-investments-and-breaches
@IotPenetrationTesting
Security Magazine
IIoT, OT cybersecurity challenges: Investments and breaches
Barracuda research finds organizations are struggling to protect operational technology and getting breached as a result.
The EMUX Firmware Emulation Framework is a collection of noscripts, kernels and filesystems to be used with QEMU to emulate ARM and MIPS Linux #IoT devices. EMUX is aimed to facilitate IoT research by virtualising as much of the physical device as possible. It is the closest we can get to an actual IoT VM.
Devices successfully emulated with EMUX so far:
+ Damn Vulnerable ARM Router
+ Damn Vulnerable MIPS Router (Little Endian) [NEW!]
+ Damn Vulnerable MIPS Router (Big Endian) [NEW!]
+ Trivision NC227WF Wireless IP Camera
+ Tenda AC15 Wi-Fi Router (Github Docs)
+ Archer C9 Wi-Fi Router
https://github.com/therealsaumil/emux
@IotPenetrationTesting
Devices successfully emulated with EMUX so far:
+ Damn Vulnerable ARM Router
+ Damn Vulnerable MIPS Router (Little Endian) [NEW!]
+ Damn Vulnerable MIPS Router (Big Endian) [NEW!]
+ Trivision NC227WF Wireless IP Camera
+ Tenda AC15 Wi-Fi Router (Github Docs)
+ Archer C9 Wi-Fi Router
https://github.com/therealsaumil/emux
@IotPenetrationTesting
GitHub
GitHub - therealsaumil/emux: EMUX Firmware Emulation Framework (formerly ARMX)
EMUX Firmware Emulation Framework (formerly ARMX). Contribute to therealsaumil/emux development by creating an account on GitHub.
Gallia is an extendable pentesting framework with the focus on the automotive domain. The scope of the toolchain is conducting penetration tests from a single #ECU up to whole cars.
Currently, the main focus lies on the UDS interface. Taking advantage of this modular design, the logging and archiving functionality was developed separately.
Acting as a generic interface, the logging functionality implements reproducible tests and enables post-processing tasks. The rendered documentation is available via Github Pages.
https://github.com/Fraunhofer-AISEC/gallia
@IotPenetrationTesting
Currently, the main focus lies on the UDS interface. Taking advantage of this modular design, the logging and archiving functionality was developed separately.
Acting as a generic interface, the logging functionality implements reproducible tests and enables post-processing tasks. The rendered documentation is available via Github Pages.
https://github.com/Fraunhofer-AISEC/gallia
@IotPenetrationTesting
GitHub
GitHub - Fraunhofer-AISEC/gallia: Extendable Pentesting Framework
Extendable Pentesting Framework. Contribute to Fraunhofer-AISEC/gallia development by creating an account on GitHub.
H0neyP0t
Development of Botnet Detection Module for Traffic-Based IoT Devices Using Deep Learning
https://github.com/wja0/H0neyP0t
@IotPenetrationTesting
Development of Botnet Detection Module for Traffic-Based IoT Devices Using Deep Learning
https://github.com/wja0/H0neyP0t
@IotPenetrationTesting
GitHub
GitHub - wja0/IoT-Botnet-Attack-Detection-Module: Development of Botnet Detection Module for Traffic-Based IoT Devices Using Deep…
Development of Botnet Detection Module for Traffic-Based IoT Devices Using Deep Learning - wja0/IoT-Botnet-Attack-Detection-Module
RapperBot IoT Malware
https://www.fortinet.com/blog/threat-research/rapperbot-malware-discovery
#IoT
#malware
@IotPenetrationTesting
https://www.fortinet.com/blog/threat-research/rapperbot-malware-discovery
#IoT
#malware
@IotPenetrationTesting
Fortinet Blog
So RapperBot, What Ya Bruting For?
FortiGuard Labs is tracking a rapidly evolving IoT malware family known as RapperBot. Read to learn how this threat infects and persists on a victim’s device.…
ꓘamerka GUI
Ultimate Internet of Things/Industrial Control Systems reconnaissance tool.
Features:
▫️ More than 100 ICS devices
▫️ Gallery section shows every gathered screenshot in one place
▫️ Interactive Google maps
▫️ Google street view support
▫️ Possibility to implement own exploits or scanning techiques
▫️ Support for NMAP scan in xml format as an input
▫️ Find the route and change location of device
▫️ Statistics for each search
▫️ Search Flick photos nearby your device
▫️ Position for vessels is scraped from device directly, rather than IP based
▫️ Some devices return hints or location in the response. It's parsed and displayed as an indicator that helps to geolocate device.
https://github.com/woj-ciech/Kamerka-GUI
#IoT #ICS
@IotPenetrationTesting
Ultimate Internet of Things/Industrial Control Systems reconnaissance tool.
Features:
▫️ More than 100 ICS devices
▫️ Gallery section shows every gathered screenshot in one place
▫️ Interactive Google maps
▫️ Google street view support
▫️ Possibility to implement own exploits or scanning techiques
▫️ Support for NMAP scan in xml format as an input
▫️ Find the route and change location of device
▫️ Statistics for each search
▫️ Search Flick photos nearby your device
▫️ Position for vessels is scraped from device directly, rather than IP based
▫️ Some devices return hints or location in the response. It's parsed and displayed as an indicator that helps to geolocate device.
https://github.com/woj-ciech/Kamerka-GUI
#IoT #ICS
@IotPenetrationTesting
Trojan-Ransom.Python.ChastityLock #IoT ransomware source that encrypts "Male Chastity devices" (without translation)
https://github.com/vxunderground/MalwareSourceCode/tree/main/Python
@IotPenetrationTesting
https://github.com/vxunderground/MalwareSourceCode/tree/main/Python
@IotPenetrationTesting
GitHub
MalwareSourceCode/Python at main · vxunderground/MalwareSourceCode
Collection of malware source code for a variety of platforms in an array of different programming languages. - vxunderground/MalwareSourceCode
Securing your #IoT devices against cyber attacks in 5 steps
https://www.bleepingcomputer.com/news/security/securing-your-iot-devices-against-cyber-attacks-in-5-steps/
@IotPenetrationTesting
https://www.bleepingcomputer.com/news/security/securing-your-iot-devices-against-cyber-attacks-in-5-steps/
@IotPenetrationTesting
BleepingComputer
Securing your IoT devices against cyber attacks in 5 steps
How is IoT being used in the enterprise, and how can it be secured? We will demonstrate important security best practices and how a secure password policy is paramount to the security of devices.
NSA shares guidance to help secure #OT/ICS critical infrastructure
https://www.bleepingcomputer.com/news/security/nsa-shares-guidance-to-help-secure-ot-ics-critical-infrastructure/
@IotPenetrationTesting
https://www.bleepingcomputer.com/news/security/nsa-shares-guidance-to-help-secure-ot-ics-critical-infrastructure/
@IotPenetrationTesting
BleepingComputer
NSA shares guidance to help secure OT/ICS critical infrastructure
The National Security Agency (NSA) and CISA have issued guidance on how to secure operational technology (OT) and industrial control systems (ICSs) part of U.S. critical infrastructure.
New #Malware Targeting Linux Systems and #IoT Devices!!!
https://systemweakness.com/new-malware-targeting-linux-systems-and-iot-devices-3e5502672542?source=rss----f20a9840e177---4
@IotPenetrationTesting
https://systemweakness.com/new-malware-targeting-linux-systems-and-iot-devices-3e5502672542?source=rss----f20a9840e177---4
@IotPenetrationTesting
Medium
New Malware Targeting Linux Systems and IoT Devices!!!
A new piece of stealthy Linux malware called Shikitega has been uncovered adopting a multi-stage infection chain to compromise endpoints…
ایمن سازی دستگاه های اینترنت اشیا نیازمند رویکرد جدیدی است
https://blog.morphisec.com/securing-iot-devices-new-approach
#IoT
@IotPenetrationTesting
https://blog.morphisec.com/securing-iot-devices-new-approach
#IoT
@IotPenetrationTesting
Morphisec
Securing IoT Devices Requires a New Approach
The challenges to securing IoT devices are immense, particularly at the platform level. But in-memory device protection offers a way forward.
درود دوستان کانال ما یعنی @pfk_Security اکانتش پاک شد متاسفتانه مجدد کانال دیگری زدیم و فعالیتمان را مجدد بعد از جوین شما کاربران قدیمی و کاربران جدید اغاز خواهیم کرد .
کانال جدید :
@PfkSecurity
کانال جدید :
@PfkSecurity
#SCADA
"Threat landscape for industrial automation systems. Statistics for H1 2022".
https://ics-cert.kaspersky.com/publications/reports/2022/09/08/threat-landscape-for-industrial-automation-systems-statistics-for-h1-2022
@IotPenetrationTesting
"Threat landscape for industrial automation systems. Statistics for H1 2022".
https://ics-cert.kaspersky.com/publications/reports/2022/09/08/threat-landscape-for-industrial-automation-systems-statistics-for-h1-2022
@IotPenetrationTesting
Kaspersky ICS CERT | Kaspersky Industrial Control Systems Cyber Emergency Response Team
Threat landscape for industrial automation systems. Statistics for H1 2022 | Kaspersky ICS CERT
The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.
CVE-2022-27255
Realtek eCos SDK SIP ALG buffer overflow.
This repository contains de materials for the talk "Exploring the hidden attack surface of OEM #IoT devices: pwning thousands of routers with a vulnerability in Realtek’s SDK for eCos OS.", which was presented at DEFCON30.
https://github.com/infobyte/cve-2022-27255
#cve
@IotPenetrationTesting
Realtek eCos SDK SIP ALG buffer overflow.
This repository contains de materials for the talk "Exploring the hidden attack surface of OEM #IoT devices: pwning thousands of routers with a vulnerability in Realtek’s SDK for eCos OS.", which was presented at DEFCON30.
https://github.com/infobyte/cve-2022-27255
#cve
@IotPenetrationTesting
GitHub
GitHub - infobyte/cve-2022-27255
Contribute to infobyte/cve-2022-27255 development by creating an account on GitHub.