¶ Provided By and with permission From Andrew Bellini AKA DigitalAndrew. All work in this section is provided by Andrew
¶ Intro
The most frequent follow-up question I get from students finishing my Beginner’s Guide to IoT and Hardware Hacking course is “That was great but where can I learn more”.
Unfortunately, I haven’t had time to finish an intermediate-level course and to my knowledge, there isn’t anything similar to my course in its delivery style and price range so there isn’t a natural follow-on course. I have however compiled a list of additional resources that I’ve shared so many times now I figured it was time to host it somewhere.
I’ll keep this list updated as best as I can as I find new resources, and if you have any suggestions please let me know. I’ve split it up into free and paid, keep in mind for Iot/Hardware Hacking paid courses some of these are going to be in a whole different ballpark of prices from a TCM or Udemy course. Final note, I’ve got no skin in the game for any of these links, none of them are affiliates and I don’t get any kickback (except for the one to my course), they are listed in no particular order. Most of the paid training I have not taken but have heard good things about.
¶ Free
Matt Brown: a host of great hardware and IoT hacking tutorials and videos https://www.youtube.com/@mattbrwn
Make Me Hack: awesome series on hacking a gemtek router https://www.youtube.com/@MakeMeHack
Flashback Team: Some interesting tutorials and walkthroughs on how they found vulnerabilities and developed exploits on their YouTube, most of their training is paid though https://www.youtube.com/@FlashbackTeam
Hackaday: Repository of tutorials, projects and hacks mostly focused around hardware https://hackaday.com/
ZeroDayInitiative: Some great blogs about previous vulnerabilities and exploits and how they were found https://www.zerodayinitiative.com/blog/
OWASP IoT: Just like OWASP for web but for IoT, less hardware related but some really good examples and resources including a vulnerable firmware sample to practice on (IoT GOAT) https://owasp.org/www-project-internet-of-things/
Hardwear.io: Some great talks and conference videos here, they also have a conference and paid training https://www.youtube.com/@hardweario
**Iot Village at DEFCON:*## * Lots of great trainings and workshops here, putting it in free because they have other resources available through their website but of course if you want to attend in person it costs the admission to DEFCON but usually the workshops and villages inside are all free https://www.iotvillage.org/index.html
¶ Paid
Beginner’s Guide to IoT and Hardware Hacking: Okay maybe I’m a little biased on this one, but I’ve had pretty much only good feedback and you can get this course for as little $29.99 if you finish it in a month https://academy.tcm-sec.com/p/beginner-s-guide-to-iot-and-hardware-hacking
Practical IoT Hacking: This is a “No Starch Press” book and it’s an awesome resource, well worth it. I have a copy I reference frequently. Has a good of mix of hardware and no hardware-based methodology. Amazon link here but you can get this lots of places https://www.amazon.ca/Practical-IoT-Hacking-Fotios-Chantzis/
Hardware Hacking Handbook: Another “No Starch Press” and excellent resource, this one more focused purely on hardware hacking. There is a bit of overlap with the Practical IoT Hacking book. If you’re going to get just one I’d get the IoT one but there is lots of value in having them both. Amazon link again https://www.amazon.ca/Hardware-Hacking-Handbook-Breaking-Embedded
Securing Hardware: I’ve heard great things about their courses and they are also the maker of the tigard board (awesome hardware hacking Swiss army tool). They have both online and in-person classes https://securinghardware.com/training/
Flashback Team: As mentioned above in linking their YouTube channel, these guys have some in-person training events that I’ve also heard good things about https://www.flashback.sh/training
SANS SEC556: Good Old SANS, if you can afford it or get your employer to pay for it then go for it, their training is top notch but if you’re not familiar with their pricing you might be in for a shock https://www.sans.org/cyber-security-courses/iot-penetration-testing/
Hardwear.io: This is a conference but it also has some great hands-on training, and some top-notch instructors like Joe Grand https://hardwear.io/usa-2024/training.php
WeHackInDisguise: The course syllabus for this looks promising, but I haven’t heard much else about them https://www.whid.ninja/store