Scoping a Hardware Penetration Test

A good hardware pen test starts with good scope. Here is how to define what gets tested, how deeply, and what the risks are before any probe touches a board.

Writing a Hardware Pentest Report That Gets Fixed

A finding nobody fixes is wasted work. Here is how to write a hardware penetration test report that engineers act on instead of filing away.

From Recon to Root: An Embedded Pentest Walkthrough

A start-to-finish look at how an embedded penetration test goes, from first contact with the board to a root shell and what it means.

Persistence Techniques on Embedded Devices

Getting onto a device is one thing; staying there across reboots and updates is another. Here is how persistence works on embedded systems and how to detect it.

A Repeatable Hardware Security Test Plan

Ad-hoc probing finds some bugs. A repeatable plan finds them consistently. Here is the structure of a hardware security test plan that scales across products.

Using the OWASP IoT Methodology in Practice

The OWASP IoT testing guidance gives a shared structure for assessing connected devices. Here is how to apply it to real products.

Privilege Escalation on Embedded Linux

A foothold on an embedded Linux device is rarely root at first. Here are the privilege-escalation paths that are common on embedded systems.