# 附录7: 参考资料 ### 一、参考网页 [IoT漏洞研究(一)固件基础 ](https://www.freebuf.com/articles/endpoint/254257.html) [IoT漏洞研究(二)Web服务](https://www.freebuf.com/articles/endpoint/254258.html) [IoT漏洞研究(三)硬件剖析](https://www.freebuf.com/articles/endpoint/255742.html) [IoT漏洞研究(三)硬件剖析](https://www.freebuf.com/articles/endpoint/255742.html) [IoT漏洞研究(四)协议分析](https://www.freebuf.com/articles/endpoint/257628.html) [IoT漏洞研究(五)APP应用](https://www.freebuf.com/articles/endpoint/258586.html) [IoT固件Rehosting综述](https://www.freebuf.com/articles/endpoint/335783.html) [FACT固件分析平台二次开发指北](https://www.freebuf.com/sectool/323613.html) [物联网安全百科](https://iot-security.wiki/) [OWASP固件安全性测试指南](https://scriptingxss.gitbook.io/firmware-security-testing-methodology/v/zhong-wen-fstm/#0x01-xin-xi-sou-ji) [物联网终端安全入门与实践之玩转物联网固件](https://www.freebuf.com/articles/endpoint/335030.html) [获取固件的几种方法](https://cool-y.github.io/2019/07/24/%E8%8E%B7%E5%8F%96%E5%9B%BA%E4%BB%B6/) [固件安全性 - Azure 安全性](https://docs.microsoft.com/zh-cn/azure/security/fundamentals/firmware) [IoT固件Rehosting综述 - FreeBuf网络安全行业门户](https://www.freebuf.com/articles/endpoint/335783.html) [Capstone, Keystone, Unicorn, Qemu 以及 QiLing 等工具逆向](https://blog.csdn.net/song_lee/article/details/116541135) [浅谈angr的缓解状态爆炸策略](https://www.anquanke.com/post/id/251984) [开发者头条](https://toutiao.io/posts/osghylg/preview) [阅读笔记 I 挖掘0day的新"姿势"](http://smatrix.org/forum/forum.php?mod=viewthread\&tid=2386\&extra=page%3D1) [IoT 设备固件分析之网络协议 fuzz](https://mp.weixin.qq.com/s/5gwJpqj7ysue19OcoPI16A) [物联网安全系列之探索IoT通信安全的研究之道](https://security.tencent.com/index.php/blog/msg/171) [适用于 Azure IoT 的安全性建议](https://docs.microsoft.com/zh-cn/azure/iot-fundamentals/security-recommendations) [Binary Hardening in IoT products](https://cyber-itl.org/2019/08/26/iot-data-writeup.html) [Delikely's Blog](https://delikely.github.io/) [SecWiki-安全维基](https://sec-wiki.com/index.php) [ctf-all-in-one](https://firmianay.gitbook.io/ctf-all-in-one) ### 二、Github [IoTSecurity101](https://github.com/V33RU/IoTSecurity101) [SaTC](https://github.com/NSSL-SJTU/SaTC) [HatLab\_IOT\_Wiki](https://github.com/DasSecurity-HatLab/HatLab_IOT_Wiki) [BinAbsInspector](https://github.com/KeenSecurityLab/BinAbsInspector) [OWASP/IoTGoat](https://github.com/OWASP/IoTGoat) [MiSecurity消费级物联网安全基线](https://github.com/MiSecurity/Cyber-Security-Baseline-for-Consumer-Internet-of-Things) [VulnTotal安全团队](https://github.com/VulnTotal-Team) ### 三、商业平台 [FirmwareTotal](https://ft.iotsec.360.cn/#/) [IoT固件安全检测](https://iot.aliyun.com/products/fss) [IoT固件安全](https://www.kiwisec.com/product/iot-detection.html) [固件加固](https://help.aliyun.com/document_detail/209413.html) [顶象](https://www.dingxiang-inc.com/business/iot) [360政企安全](https://360.net/solution/operators/beijixing) [物联网固件漏检](https://docs.jdcloud.com/cn/iot-devfss/product-overview)