How to use nmap to map a connected product's attack surface without crashing fragile embedded TCP stacks. A field guide...

How Zigbee security fails when devices join with the default link key, recovering the network key from a capture, and...

How to test IoT Wi-Fi security, capturing a handshake and cracking a weak default passphrase offline, and why the LAN...

How voltage glitching and fault injection make a chip skip a security check, bypassing secure boot, and the defenses that...

Why the USB port is a pre-auth attack surface on embedded devices, from exposed gadgets to parser bugs, and how...

How UPnP and SSDP expose connected products, opening firewall ports and leaking device details, and how to reduce the exposure.

How to threat model an IoT product with STRIDE, finding design flaws before a line of code is written, and...

How a TPM binds secrets to a known-good boot state on embedded Linux, with sealed storage, measured boot, and attestation.

How to test TLS certificate validation on embedded clients by intercepting their traffic, and why encryption without validation fails.

How sniffing I2C and SPI buses reveals EEPROM contents, command traffic, and keys, and why secrets must never cross a...

How to secure over-the-air firmware updates with signed manifests, rollback protection, and TLS, the three controls you must have.

How embedded secure boot builds a chain of trust, how to prove it rejects tampering, and why rollback protection is...

How to reverse engineer firmware with Ghidra, pivoting from strings and cross-references to the decompiled logic and hidden backdoors.

How weak random number generation silently breaks keys and nonces on embedded devices, how to audit entropy, and how to...

How RFID access control fails when badges use broken MIFARE Classic, demonstrated with a Proxmark3, and the move to modern...

How a secure element like the ATECC608 protects device keys by generating them on-chip so a firmware dump yields nothing...

How power side-channel analysis with ChipWhisperer recovers an AES key from a chip's power draw, and the constant-time defenses against...

How Modbus security fails on a modern network, reading and writing a PLC with no authentication, and the segmentation that...

How one trusting MQTT broker exposes and controls an entire IoT fleet, and the per-device auth and topic ACLs that...

How LoRaWAN security is undermined by static ABP keys and ignored frame counters, and how OTAA with unique keys fixes...

How to harden U-Boot for production by locking the console, requiring verified boot, and protecting the environment before a product...

How to harden a FreeRTOS application with the MPU port, stack overflow detection, and unprivileged tasks so one bug cannot...

How to harden an embedded Linux userland with BusyBox and Dropbear, dropping privilege and shrinking what a foothold can reach.

How to fuzz embedded network protocols with boofuzz to find parser crashes and memory bugs before a malformed packet does...

How to extract and analyze firmware with binwalk, identify and carve the filesystem, and spot encryption with an entropy scan.

How to find JTAG and SWD debug ports on a board, what they expose, and why enabling readout protection before...

How to hunt hardcoded secrets in firmware, from grep to verified secret scanners, and how to keep keys out of...

The embedded exploit mitigations that matter, from stack canaries to MPU isolation, and how to confirm they are active on...

How to emulate firmware with QEMU to test a device's services at scale without the hardware, with snapshots and a...

How to dump eMMC and NAND flash from embedded Linux devices, verify the image, and why data at rest must...

How to dump SPI flash off the board with a clip and flashrom to extract firmware, and why secrets must...

Why IoT default credentials remain one of the most damaging weaknesses, how Mirai exploited them, and how to design the...

How to decode UART, SPI, and I2C with a logic analyzer and sigrok, turning wiggling wires into readable protocol traffic...

How DNS rebinding turns a browser into a foothold on local IoT devices, why it works, and how to make...

How command injection in IoT web interfaces turns a diagnostics field into a root shell, where it hides, and how...

How to assess CoAP security on constrained IoT devices, enumerate resources, and why unauthenticated writable resources are a remote control.

How CAN bus security fails, sniffing and injecting frames with can-utils, and the segmentation and message authentication that defend it.

Why stack buffer overflows still hand attackers full control on microcontrollers, how the crash looks, and the mitigations that stop...

How to test a BLE device, from scanning to writing the GATT characteristic that unlocks it, and why the radio...

How attackers find a UART serial console on an embedded device and turn it into an unauthenticated root shell, plus...

How ARM TrustZone splits a chip into secure and normal worlds, where Trusted Execution Environments break, and how to keep...