Referring sites and talks
- Industrial Embedded Systems Hardware Penetration Testing Course - Udemy course
- NanoKVM vulnerability report based on EMBA run - Github issue
- One Day Pentest - Post
- Basics of EMBA: A Firmware Analyze Tool for Cybersecurity - Medium article
- Reverse Engineering the Eufy Ecosystem: A Deep Dive into Security Vulnerabilities and Proprietary Protocols - Paper
| Intro page | EMBA note |
|---|---|
 |
 |
- SET-TOP BOX RE: 6-PART SERIES - Blogpost
- 0xFFF: Understanding Unknown Binaries - Firmware Recon - Blogpost
| Main article | Intro with EMBA shoutout |
|---|---|
 |
 |
- Firmware Guide for Pen Testers - Blogpost
- Crowdstrike: The Aftermath - PSW #836
| PSW in action | EMBA in the PSW |
|---|---|
 |
 |
- THIS WEEK IN SECURITY: SNOWFLAKE, THE CVD TENSION, AND KASPERSKY’S EXIT — AND BREAKING BSOD - Hackaday weekly news
| News overview | EMBA in the weekly news |
|---|---|
 |
 |
- CyMed: A Framework for Testing Cybersecurity of Connected Medical Devices - Paper [EN]
| Paper abstract | EMBA in the paper |
|---|---|
 |
 |
- ECLYPSIUM TOOLBOX: EXTENDING SUPPLY CHAIN SECURITY TO NEW IT/OT/IOT DEVICES - Blog
| Introduction | Eclypsium Toolbox |
|---|---|
 |
 |
- ERS0: Enhancing Military Cybersecurity with AI-Driven SBOM for Firmware Vulnerability Detection and Asset Management - Paper / 16th International Conference on Cyber Conflict: Over the Horizon
| Introduction | Evaluation of SBOM matching |
|---|---|
 |
 |
- Using Open Source and Built-In Tools for Supply Chain Validation - Eclypsium webinar
| Analyzing Firmware with EMBA | EMBA Tips and Tricks |
|---|---|
 |
 |
- Internet of Things Security: Firmware Approach - Paper
- Corpus Christi: Establishing Replicability when Sharing the Bread is Not Allowed - Paper
- A Crash Course in Hardware Hacking Methodology: The Ones and Zeros - Article
- Packet Protector PP009: Don't Forget the Firmware - Podcast
| PP009 | EMBA reference |
|---|---|
 |
 |
- 20 essential open-source cybersecurity tools that save you time - Article
| Introduction | EMBA reference |
|---|---|
 |
 |
- LINUX SUPPLY CHAIN VALIDATION CHEAT SHEET - Blog
| Introduction | EMBA reference |
|---|---|
 |
 |
- Blackbox-Fuzzing of IoT Devices Using the Router TL-WR902AC as Example - Paper
| Introduction | EMBA in the paper |
|---|---|
 |
 |
| Agenda | EMBA on stage |
|---|---|
 |
 |
- SNHACK Attack: How Hackers Could Turn Your Smart Pet Feeder into an All-You-Can-Eat Buffet - Post
| Paper intro | EMBA reference |
|---|---|
 |
 |
- FITS: Inferring Intermediate Taint Sources for Effective Vulnerability Analysis of IoT Device Firmware - Paper
| Paper intro | EMBA reference |
|---|---|
 |
 |
- FLATLINED: ANALYZING PULSE SECURE FIRMWARE AND BYPASSING INTEGRITY CHECKING - Blog
| Paper intro | EMBA results |
|---|---|
 |
 |
- Automated firmware security static analysis tools - Blog
- Multiple vulnerabilities in Lantronix EDS-MD IoT gateway for medical devices - Pentagrid advisory
- Difficulties in Dynamic Analysis of Drone Firmware and Its Solutions - Paper
- EXPLORING EMBA: UNRAVELING FIRMWARE SECURITY WITH CONFIDENCE by Paul Asadoorian - Link
- HELP NET SECURITY - EMBA: Open-source security analyzer for embedded devices - Link
- Paul's Security Weekly - LogoFAIL, Default Passwords and Android Hacking – PSW #810
- Unveiling Vulnerabilities: A Deep Dive into WiFi Camera Security - Link [EN]
- You can learn some more IoT stuff with EMBA at Hard box training [EN]
- 41 Open-source and Free Vulnerability Scanners For Pentesting and Web App Security - Link [EN]
- BrucCON 0x0F Talk by Nate Warfield - Ghost in the machine - Schedule/Slides/Recording [EN]
| Picture from live BruCON (thx to @twallutis) | EMBA on the stream |
|---|---|
 |
 |
- Software Bill of Materials (SBOM) in Practice - Link [EN]
- Free IoT Security Seminar by KU Leuven - Web site [EN]
| Training overview | EMBA in Walkthrough documentation |
|---|---|
 |
 |
- PRACTICAL IOT HACKING Training - Black Hat USA 2023 [EN]
| Training overview | EMBA live in class |
|---|---|
 |
 |
- Leveraging EMBA for Static Firmware Vulnerability Analysis in Physical Security Products - Blog post [EN]
| Our Open-Source Initiative with EMBA | Example report |
|---|---|
 |
 |
- Report on Qubo IoT Device Vulnerability (CVE-2023-22906) - Paper [EN]
| CVE-2023-22906: Introduction | CVE-2023-22906: EMBA |
|---|---|
 |
 |
- ISSA Talk by Nate Warfield - Building on Shaky Ground: Unveiling the Vulnerabilities of Firmware - Schedule/Slides [EN]
| EMBA: Overview | EMBA: Vulnerability Research |
|---|---|
 |
 |
- VENDOR RE-USE OPENS THE APERTURE ON MANY VULNERABILITIES - Blog post from Nate Warfield [EN]
- Small term paper on the topic of the Internet of Vulnerable Things by Tobias Müller - Hochschule Offenburg Paper/Github page [EN]
- Shmoocon 2023 firetalk by Amit Serper - A 15-minute Crash Course to Building your Own IoT Hacking Lab at Home Schedule/Slides [EN]
| Intro | From a binary blob to a Linux filesystem |
|---|---|
 |
 |
- DEF CON 30 Talk by Jay Lagorio - Tear Down this Zywall: Breaking Open Zyxel Encrypted Firmware Schedule/Slides/Recording [EN]
| DEF CON | EMBA: The future |
|---|---|
 |
 |
- How to Search for Vulnerabilities in Embedded Software (June 2021) [EN]
- HackTricks book [EN]
- OWASP Firmware Security Testing Methodology [EN]
- embedsysweekly.com newsletter issue 84 [EN]
- libhunt.com repository summary [EN]
- Summary video AMOS development project for EMBArk [EN]
- Awesome Embedded and IoT Security list [EN]
- IoTSecurity101 [EN]