Todo
%% Surveillance project with JavaScript and machine learning face detection as per project in my Personal trello.
%% Listened to this: https://hanselminutes.com/521/march-is-for-makers-arduinos-javascript-and-johnny-five-with-lyza-danger-gardner
%% https://shahmeeramir.com/conducting-an-iot-pentest-6fa573ac6668
%% Talk about how IoT is going to kill us due to an explosion of open sockets: https://vimeo.com/135347162
%% Presentation at AusCERT2016 "Hardware Hacking Chronicles: IoT Hacking for Offence and Defence" by Fatih Ozavci had many good resources. I sent email requesting slide-deck with all the hardware bits he's using. %% https://iotsecuritywiki.com/
%% Possibly call this chapter Internet of Compromisable Things (IoCT)
%% https://www.youtube.com/playlist?list=PL9fPq3eQfaaBAmA0G2oEptwL0tpCAZJ_b
%% Chris CampbellAlso, remind me to lend you my Arduino USB stick at KiwiCon. Or you can grab one from Jaycar for next to nothing: %% http://www.jaycar.co.nz/Kits%2C-Science-%26-Learning/Electronic-Project-Kits/Computer-%26-Programming/LeoStick-Arduino-Compatible/p/XC4266 %% They are a pretty good alternative to Teensy, and there's even a script that can convert Ducky Scripts to run on them - although I haven't had much luck with it: %% http://www.adebenham.com/files/leo/compile_payload.sh
%% malware that took down krebs with many IoT devices: https://github.com/0x27/linux.mirai
Bruce Schneier has good insight on the problems to come I believe.
%% https://www.linux.com/news/event/open-source-leadership-summit/2017/3/bruce-schneier-new-security-threats-internet-things %% https://www.schneier.com/blog/archives/2017/02/security_and_pr.html
If you think of the attack surface that Wi-Fi brought with it, you could probably double that for what we are going to experience with IoT, and I fear that may be an underestimate.
https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project
OWASP also has an IoT Top 10 https://www.owasp.org/index.php/OWASP_Internet_of_Things_Top_Ten_Project which I could potentially fill in.
Todo
%% Implement an IoT device on maybe the tessel 2 using a fork of nodeminder, or on possibly raspberry pi using zoneminder. Some writing around this in the Physical chapter under ### Cameras, Sensors and Alarms. Link to this once done. %% Possibly using containers?
%% Tessel 2 podcast on NodeUp 85_01 covering RX.js, functional programming, piping.
%% Details around luvit, Tessels use of Duktape and LuaJIT: NodeUp83_libuv.txt
%% Another option would be to create a FPGA or use one for brute forcing bcrypt hashes. Details in the Web Applications chapter under #web-applications-countermeasures-data-store-compromise
%% Submit CFP to Saturn no later than January 15, 2016.
%% See TimS_IoT
%% BSidesLV talk: Crash The IoT Train Yourself: https://t.co/jJof0frCmW
%% Submit PR once this fascicle is moving: ashishb/android-security-awesome#58
%% Metasploit module for testing IoT devices: http://www.darkreading.com/iot/new-metasploit-extension-available-for-testing-iot-device-security/d/d-id/1328452 %% https://community.rapid7.com/community/metasploit/blog/2017/03/21/metasploits-rf-transceiver-capabilities?platform=hootsuite