Nmap for Embedded and IoT Pen Testing: A Field Guide

How to use nmap to map a connected product’s attack surface without crashing fragile embedded TCP stacks. A field guide for IoT penetration testing.

Zigbee Security Testing for Smart Home Devices

How Zigbee security fails when devices join with the default link key, recovering the network key from a capture, and how to defend it.

Wi-Fi Security Testing for IoT Devices

How to test IoT Wi-Fi security, capturing a handshake and cracking a weak default passphrase offline, and why the LAN is not a trust boundary.

Voltage Glitching and Fault Injection on Embedded Devices

How voltage glitching and fault injection make a chip skip a security check, bypassing secure boot, and the defenses that stop it.

USB Attack Surface on Embedded Devices

Why the USB port is a pre-auth attack surface on embedded devices, from exposed gadgets to parser bugs, and how to harden it.

UPnP and SSDP Exposure on Connected Products

How UPnP and SSDP expose connected products, opening firewall ports and leaking device details, and how to reduce the exposure.

Threat Modeling an IoT Product with STRIDE

How to threat model an IoT product with STRIDE, finding design flaws before a line of code is written, and turning them into fixes.

TPM-Backed Security for Embedded Linux

How a TPM binds secrets to a known-good boot state on embedded Linux, with sealed storage, measured boot, and attestation.

TLS Certificate Validation on Embedded Clients

How to test TLS certificate validation on embedded clients by intercepting their traffic, and why encryption without validation fails.

Sniffing I2C and SPI Buses

How sniffing I2C and SPI buses reveals EEPROM contents, command traffic, and keys, and why secrets must never cross a bus in the clear.