Gallia is an extendable pentesting framework with the focus on the automotive domain. The scope of the toolchain is conducting penetration tests from a single #ECU up to whole cars.
Currently, the main focus lies on the UDS interface. Taking advantage of this modular design, the logging and archiving functionality was developed separately.
Acting as a generic interface, the logging functionality implements reproducible tests and enables post-processing tasks. The rendered documentation is available via Github Pages.
https://github.com/Fraunhofer-AISEC/gallia
@IotPenetrationTesting
Currently, the main focus lies on the UDS interface. Taking advantage of this modular design, the logging and archiving functionality was developed separately.
Acting as a generic interface, the logging functionality implements reproducible tests and enables post-processing tasks. The rendered documentation is available via Github Pages.
https://github.com/Fraunhofer-AISEC/gallia
@IotPenetrationTesting
GitHub
GitHub - Fraunhofer-AISEC/gallia: Extendable Pentesting Framework
Extendable Pentesting Framework. Contribute to Fraunhofer-AISEC/gallia development by creating an account on GitHub.
H0neyP0t
Development of Botnet Detection Module for Traffic-Based IoT Devices Using Deep Learning
https://github.com/wja0/H0neyP0t
@IotPenetrationTesting
Development of Botnet Detection Module for Traffic-Based IoT Devices Using Deep Learning
https://github.com/wja0/H0neyP0t
@IotPenetrationTesting
GitHub
GitHub - wja0/IoT-Botnet-Attack-Detection-Module: Development of Botnet Detection Module for Traffic-Based IoT Devices Using Deep…
Development of Botnet Detection Module for Traffic-Based IoT Devices Using Deep Learning - wja0/IoT-Botnet-Attack-Detection-Module
RapperBot IoT Malware
https://www.fortinet.com/blog/threat-research/rapperbot-malware-discovery
#IoT
#malware
@IotPenetrationTesting
https://www.fortinet.com/blog/threat-research/rapperbot-malware-discovery
#IoT
#malware
@IotPenetrationTesting
Fortinet Blog
So RapperBot, What Ya Bruting For?
FortiGuard Labs is tracking a rapidly evolving IoT malware family known as RapperBot. Read to learn how this threat infects and persists on a victim’s device.…
ꓘamerka GUI
Ultimate Internet of Things/Industrial Control Systems reconnaissance tool.
Features:
▫️ More than 100 ICS devices
▫️ Gallery section shows every gathered screenshot in one place
▫️ Interactive Google maps
▫️ Google street view support
▫️ Possibility to implement own exploits or scanning techiques
▫️ Support for NMAP scan in xml format as an input
▫️ Find the route and change location of device
▫️ Statistics for each search
▫️ Search Flick photos nearby your device
▫️ Position for vessels is scraped from device directly, rather than IP based
▫️ Some devices return hints or location in the response. It's parsed and displayed as an indicator that helps to geolocate device.
https://github.com/woj-ciech/Kamerka-GUI
#IoT #ICS
@IotPenetrationTesting
Ultimate Internet of Things/Industrial Control Systems reconnaissance tool.
Features:
▫️ More than 100 ICS devices
▫️ Gallery section shows every gathered screenshot in one place
▫️ Interactive Google maps
▫️ Google street view support
▫️ Possibility to implement own exploits or scanning techiques
▫️ Support for NMAP scan in xml format as an input
▫️ Find the route and change location of device
▫️ Statistics for each search
▫️ Search Flick photos nearby your device
▫️ Position for vessels is scraped from device directly, rather than IP based
▫️ Some devices return hints or location in the response. It's parsed and displayed as an indicator that helps to geolocate device.
https://github.com/woj-ciech/Kamerka-GUI
#IoT #ICS
@IotPenetrationTesting
Trojan-Ransom.Python.ChastityLock #IoT ransomware source that encrypts "Male Chastity devices" (without translation)
https://github.com/vxunderground/MalwareSourceCode/tree/main/Python
@IotPenetrationTesting
https://github.com/vxunderground/MalwareSourceCode/tree/main/Python
@IotPenetrationTesting
GitHub
MalwareSourceCode/Python at main · vxunderground/MalwareSourceCode
Collection of malware source code for a variety of platforms in an array of different programming languages. - vxunderground/MalwareSourceCode
Securing your #IoT devices against cyber attacks in 5 steps
https://www.bleepingcomputer.com/news/security/securing-your-iot-devices-against-cyber-attacks-in-5-steps/
@IotPenetrationTesting
https://www.bleepingcomputer.com/news/security/securing-your-iot-devices-against-cyber-attacks-in-5-steps/
@IotPenetrationTesting
BleepingComputer
Securing your IoT devices against cyber attacks in 5 steps
How is IoT being used in the enterprise, and how can it be secured? We will demonstrate important security best practices and how a secure password policy is paramount to the security of devices.
NSA shares guidance to help secure #OT/ICS critical infrastructure
https://www.bleepingcomputer.com/news/security/nsa-shares-guidance-to-help-secure-ot-ics-critical-infrastructure/
@IotPenetrationTesting
https://www.bleepingcomputer.com/news/security/nsa-shares-guidance-to-help-secure-ot-ics-critical-infrastructure/
@IotPenetrationTesting
BleepingComputer
NSA shares guidance to help secure OT/ICS critical infrastructure
The National Security Agency (NSA) and CISA have issued guidance on how to secure operational technology (OT) and industrial control systems (ICSs) part of U.S. critical infrastructure.
New #Malware Targeting Linux Systems and #IoT Devices!!!
https://systemweakness.com/new-malware-targeting-linux-systems-and-iot-devices-3e5502672542?source=rss----f20a9840e177---4
@IotPenetrationTesting
https://systemweakness.com/new-malware-targeting-linux-systems-and-iot-devices-3e5502672542?source=rss----f20a9840e177---4
@IotPenetrationTesting
Medium
New Malware Targeting Linux Systems and IoT Devices!!!
A new piece of stealthy Linux malware called Shikitega has been uncovered adopting a multi-stage infection chain to compromise endpoints…
ایمن سازی دستگاه های اینترنت اشیا نیازمند رویکرد جدیدی است
https://blog.morphisec.com/securing-iot-devices-new-approach
#IoT
@IotPenetrationTesting
https://blog.morphisec.com/securing-iot-devices-new-approach
#IoT
@IotPenetrationTesting
Morphisec
Securing IoT Devices Requires a New Approach
The challenges to securing IoT devices are immense, particularly at the platform level. But in-memory device protection offers a way forward.
درود دوستان کانال ما یعنی @pfk_Security اکانتش پاک شد متاسفتانه مجدد کانال دیگری زدیم و فعالیتمان را مجدد بعد از جوین شما کاربران قدیمی و کاربران جدید اغاز خواهیم کرد .
کانال جدید :
@PfkSecurity
کانال جدید :
@PfkSecurity
#SCADA
"Threat landscape for industrial automation systems. Statistics for H1 2022".
https://ics-cert.kaspersky.com/publications/reports/2022/09/08/threat-landscape-for-industrial-automation-systems-statistics-for-h1-2022
@IotPenetrationTesting
"Threat landscape for industrial automation systems. Statistics for H1 2022".
https://ics-cert.kaspersky.com/publications/reports/2022/09/08/threat-landscape-for-industrial-automation-systems-statistics-for-h1-2022
@IotPenetrationTesting
Kaspersky ICS CERT | Kaspersky Industrial Control Systems Cyber Emergency Response Team
Threat landscape for industrial automation systems. Statistics for H1 2022 | Kaspersky ICS CERT
The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.
CVE-2022-27255
Realtek eCos SDK SIP ALG buffer overflow.
This repository contains de materials for the talk "Exploring the hidden attack surface of OEM #IoT devices: pwning thousands of routers with a vulnerability in Realtek’s SDK for eCos OS.", which was presented at DEFCON30.
https://github.com/infobyte/cve-2022-27255
#cve
@IotPenetrationTesting
Realtek eCos SDK SIP ALG buffer overflow.
This repository contains de materials for the talk "Exploring the hidden attack surface of OEM #IoT devices: pwning thousands of routers with a vulnerability in Realtek’s SDK for eCos OS.", which was presented at DEFCON30.
https://github.com/infobyte/cve-2022-27255
#cve
@IotPenetrationTesting
GitHub
GitHub - infobyte/cve-2022-27255
Contribute to infobyte/cve-2022-27255 development by creating an account on GitHub.
In the latest install of the Call of Duty series: Modern Warfare II (2022) players can conduct DDoS attacks. The DDoS attack will disrupt or disable enemies or enemy equipment.
tl;dr in the future helicopters, tanks, guns, and even human beings will be IoT devices.
tl;dr in the future helicopters, tanks, guns, and even human beings will be IoT devices.
Reversing embedded device bootloader (U-Boot)
Part 1: https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.1
Part 2: https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.2
#IoT
@Iotpenetrationtesting
Part 1: https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.1
Part 2: https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.2
#IoT
@Iotpenetrationtesting
Shielder
Shielder - Reversing embedded device bootloader (U-Boot) - p.1
In the course of these two articles, we will share an analysis of some aspects of reversing a low-level binary.
IoT_Security_CheckList.pdf
401.3 KB
IoT Security Checklist
The checklist lists 39 essential security functions that enable IoT devices to be operated safely even in an environment where threats exist, along with background information on why they are necessary
IoT Security Checklist Diagram, Users Manual, Checklist in .xlsx:
https://www.jpcert.or.jp/english/pub/sr/IoT-SecurityCheckList.html
#IoT
@Iotpenetrationtesting
The checklist lists 39 essential security functions that enable IoT devices to be operated safely even in an environment where threats exist, along with background information on why they are necessary
IoT Security Checklist Diagram, Users Manual, Checklist in .xlsx:
https://www.jpcert.or.jp/english/pub/sr/IoT-SecurityCheckList.html
#IoT
@Iotpenetrationtesting
To some admins to post IoT & ICS Hacking posts on the channel to share with other friends and if possible to offer conferences.
Contact : @NetPwn
Contact : @NetPwn