H0neyP0t
Development of Botnet Detection Module for Traffic-Based IoT Devices Using Deep Learning
https://github.com/wja0/H0neyP0t
@IotPenetrationTesting
Development of Botnet Detection Module for Traffic-Based IoT Devices Using Deep Learning
https://github.com/wja0/H0neyP0t
@IotPenetrationTesting
GitHub
GitHub - wja0/IoT-Botnet-Attack-Detection-Module: Development of Botnet Detection Module for Traffic-Based IoT Devices Using Deep…
Development of Botnet Detection Module for Traffic-Based IoT Devices Using Deep Learning - wja0/IoT-Botnet-Attack-Detection-Module
RapperBot IoT Malware
https://www.fortinet.com/blog/threat-research/rapperbot-malware-discovery
#IoT
#malware
@IotPenetrationTesting
https://www.fortinet.com/blog/threat-research/rapperbot-malware-discovery
#IoT
#malware
@IotPenetrationTesting
Fortinet Blog
So RapperBot, What Ya Bruting For?
FortiGuard Labs is tracking a rapidly evolving IoT malware family known as RapperBot. Read to learn how this threat infects and persists on a victim’s device.…
ꓘamerka GUI
Ultimate Internet of Things/Industrial Control Systems reconnaissance tool.
Features:
▫️ More than 100 ICS devices
▫️ Gallery section shows every gathered screenshot in one place
▫️ Interactive Google maps
▫️ Google street view support
▫️ Possibility to implement own exploits or scanning techiques
▫️ Support for NMAP scan in xml format as an input
▫️ Find the route and change location of device
▫️ Statistics for each search
▫️ Search Flick photos nearby your device
▫️ Position for vessels is scraped from device directly, rather than IP based
▫️ Some devices return hints or location in the response. It's parsed and displayed as an indicator that helps to geolocate device.
https://github.com/woj-ciech/Kamerka-GUI
#IoT #ICS
@IotPenetrationTesting
Ultimate Internet of Things/Industrial Control Systems reconnaissance tool.
Features:
▫️ More than 100 ICS devices
▫️ Gallery section shows every gathered screenshot in one place
▫️ Interactive Google maps
▫️ Google street view support
▫️ Possibility to implement own exploits or scanning techiques
▫️ Support for NMAP scan in xml format as an input
▫️ Find the route and change location of device
▫️ Statistics for each search
▫️ Search Flick photos nearby your device
▫️ Position for vessels is scraped from device directly, rather than IP based
▫️ Some devices return hints or location in the response. It's parsed and displayed as an indicator that helps to geolocate device.
https://github.com/woj-ciech/Kamerka-GUI
#IoT #ICS
@IotPenetrationTesting
Trojan-Ransom.Python.ChastityLock #IoT ransomware source that encrypts "Male Chastity devices" (without translation)
https://github.com/vxunderground/MalwareSourceCode/tree/main/Python
@IotPenetrationTesting
https://github.com/vxunderground/MalwareSourceCode/tree/main/Python
@IotPenetrationTesting
GitHub
MalwareSourceCode/Python at main · vxunderground/MalwareSourceCode
Collection of malware source code for a variety of platforms in an array of different programming languages. - vxunderground/MalwareSourceCode
Securing your #IoT devices against cyber attacks in 5 steps
https://www.bleepingcomputer.com/news/security/securing-your-iot-devices-against-cyber-attacks-in-5-steps/
@IotPenetrationTesting
https://www.bleepingcomputer.com/news/security/securing-your-iot-devices-against-cyber-attacks-in-5-steps/
@IotPenetrationTesting
BleepingComputer
Securing your IoT devices against cyber attacks in 5 steps
How is IoT being used in the enterprise, and how can it be secured? We will demonstrate important security best practices and how a secure password policy is paramount to the security of devices.
NSA shares guidance to help secure #OT/ICS critical infrastructure
https://www.bleepingcomputer.com/news/security/nsa-shares-guidance-to-help-secure-ot-ics-critical-infrastructure/
@IotPenetrationTesting
https://www.bleepingcomputer.com/news/security/nsa-shares-guidance-to-help-secure-ot-ics-critical-infrastructure/
@IotPenetrationTesting
BleepingComputer
NSA shares guidance to help secure OT/ICS critical infrastructure
The National Security Agency (NSA) and CISA have issued guidance on how to secure operational technology (OT) and industrial control systems (ICSs) part of U.S. critical infrastructure.
New #Malware Targeting Linux Systems and #IoT Devices!!!
https://systemweakness.com/new-malware-targeting-linux-systems-and-iot-devices-3e5502672542?source=rss----f20a9840e177---4
@IotPenetrationTesting
https://systemweakness.com/new-malware-targeting-linux-systems-and-iot-devices-3e5502672542?source=rss----f20a9840e177---4
@IotPenetrationTesting
Medium
New Malware Targeting Linux Systems and IoT Devices!!!
A new piece of stealthy Linux malware called Shikitega has been uncovered adopting a multi-stage infection chain to compromise endpoints…
ایمن سازی دستگاه های اینترنت اشیا نیازمند رویکرد جدیدی است
https://blog.morphisec.com/securing-iot-devices-new-approach
#IoT
@IotPenetrationTesting
https://blog.morphisec.com/securing-iot-devices-new-approach
#IoT
@IotPenetrationTesting
Morphisec
Securing IoT Devices Requires a New Approach
The challenges to securing IoT devices are immense, particularly at the platform level. But in-memory device protection offers a way forward.
درود دوستان کانال ما یعنی @pfk_Security اکانتش پاک شد متاسفتانه مجدد کانال دیگری زدیم و فعالیتمان را مجدد بعد از جوین شما کاربران قدیمی و کاربران جدید اغاز خواهیم کرد .
کانال جدید :
@PfkSecurity
کانال جدید :
@PfkSecurity
#SCADA
"Threat landscape for industrial automation systems. Statistics for H1 2022".
https://ics-cert.kaspersky.com/publications/reports/2022/09/08/threat-landscape-for-industrial-automation-systems-statistics-for-h1-2022
@IotPenetrationTesting
"Threat landscape for industrial automation systems. Statistics for H1 2022".
https://ics-cert.kaspersky.com/publications/reports/2022/09/08/threat-landscape-for-industrial-automation-systems-statistics-for-h1-2022
@IotPenetrationTesting
Kaspersky ICS CERT | Kaspersky Industrial Control Systems Cyber Emergency Response Team
Threat landscape for industrial automation systems. Statistics for H1 2022 | Kaspersky ICS CERT
The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.
CVE-2022-27255
Realtek eCos SDK SIP ALG buffer overflow.
This repository contains de materials for the talk "Exploring the hidden attack surface of OEM #IoT devices: pwning thousands of routers with a vulnerability in Realtek’s SDK for eCos OS.", which was presented at DEFCON30.
https://github.com/infobyte/cve-2022-27255
#cve
@IotPenetrationTesting
Realtek eCos SDK SIP ALG buffer overflow.
This repository contains de materials for the talk "Exploring the hidden attack surface of OEM #IoT devices: pwning thousands of routers with a vulnerability in Realtek’s SDK for eCos OS.", which was presented at DEFCON30.
https://github.com/infobyte/cve-2022-27255
#cve
@IotPenetrationTesting
GitHub
GitHub - infobyte/cve-2022-27255
Contribute to infobyte/cve-2022-27255 development by creating an account on GitHub.
In the latest install of the Call of Duty series: Modern Warfare II (2022) players can conduct DDoS attacks. The DDoS attack will disrupt or disable enemies or enemy equipment.
tl;dr in the future helicopters, tanks, guns, and even human beings will be IoT devices.
tl;dr in the future helicopters, tanks, guns, and even human beings will be IoT devices.
Reversing embedded device bootloader (U-Boot)
Part 1: https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.1
Part 2: https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.2
#IoT
@Iotpenetrationtesting
Part 1: https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.1
Part 2: https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.2
#IoT
@Iotpenetrationtesting
Shielder
Shielder - Reversing embedded device bootloader (U-Boot) - p.1
In the course of these two articles, we will share an analysis of some aspects of reversing a low-level binary.
IoT_Security_CheckList.pdf
401.3 KB
IoT Security Checklist
The checklist lists 39 essential security functions that enable IoT devices to be operated safely even in an environment where threats exist, along with background information on why they are necessary
IoT Security Checklist Diagram, Users Manual, Checklist in .xlsx:
https://www.jpcert.or.jp/english/pub/sr/IoT-SecurityCheckList.html
#IoT
@Iotpenetrationtesting
The checklist lists 39 essential security functions that enable IoT devices to be operated safely even in an environment where threats exist, along with background information on why they are necessary
IoT Security Checklist Diagram, Users Manual, Checklist in .xlsx:
https://www.jpcert.or.jp/english/pub/sr/IoT-SecurityCheckList.html
#IoT
@Iotpenetrationtesting
To some admins to post IoT & ICS Hacking posts on the channel to share with other friends and if possible to offer conferences.
Contact : @NetPwn
Contact : @NetPwn
+ A Collection for IoT Security Resources
https://github.com/V33RU/IoTSecurity101#Books-For-IoT-Pentesting
+ A Virtual environment for Pentesting IoT Devices
https://github.com/IoT-PTv/IoT-PT
#IoT #Pentest
@Iotpenetrationtesting
https://github.com/V33RU/IoTSecurity101#Books-For-IoT-Pentesting
+ A Virtual environment for Pentesting IoT Devices
https://github.com/IoT-PTv/IoT-PT
#IoT #Pentest
@Iotpenetrationtesting
GitHub
GitHub - V33RU/awesome-connected-things-sec: A Curated list of Security Resources for all connected things
A Curated list of Security Resources for all connected things - V33RU/awesome-connected-things-sec
🔥🔥🔥Xiongmai IoT Exploitation(exploited in the wild)
There are a number of reasons Xiongmai devices are interesting targets:
💾 The first reason is there are a lot of them on the internet(around 200,000).
💾The second reason is these devices have been affected by a handful of high or critical vulnerabilities(CVE-2017-7577, CVE-2018-10088, CVE-2020-22253, CVE-2021-41506, CVE-2022-26259, CVE-2022-45045 & CVE-2022-45640)
💾And that’s interesting due to an almost complete lack of high quality exploits for these vulnerabilities.
#IOT
#PrivateShizo
@Iotpenetrationtesting
There are a number of reasons Xiongmai devices are interesting targets:
💾 The first reason is there are a lot of them on the internet(around 200,000).
💾The second reason is these devices have been affected by a handful of high or critical vulnerabilities(CVE-2017-7577, CVE-2018-10088, CVE-2020-22253, CVE-2021-41506, CVE-2022-26259, CVE-2022-45045 & CVE-2022-45640)
💾And that’s interesting due to an almost complete lack of high quality exploits for these vulnerabilities.
#IOT
#PrivateShizo
@Iotpenetrationtesting
VulnCheck
VulnCheck - Outpace Adversaries
Vulnerability intelligence that predicts avenues of attack with speed and accuracy.