Resources to get started vulnerability research on IoT/embedded devices. All resources credits goes to the respectful authors.
- Practical IoT Hacking
- The Hardware Hacking Handbook
- Blue Fox: Arm Assembly Internals and Reverse Engineering
- Fuzzing Against the Machine
- MIPS Assembly Programmming
- pentest hardware
- Car Hacker's Handbook
- Microcontroller Exploits
- Attacking and Securing U-Boot
- stacksmashing
- Flashback Team
- Matt Brown
- LiveOverflow (RHme CTF)
- LiveOverflow (Hardware security research)
- gamozolabs (Printer Hacking)
- Make Me Hack (Hardware Hacking Tutorial)
- Foscam R2C camera
- Colin O'Flynn
- AVR reverse engineering (HACKADAY)
- Joe Grand
- Reverse engineering raw firmware: tool to get you started
- Embedded Reverse Engineering with Professor Plum
- The Hackers Guide to Hardware Debugging: Matthew Alt
- Hacking the Minut M2 IoT sensor
- Intro to Firmware Analysis with QEMU and Ghidra
- RECESSIM
- IoT binary analysis & emulation part -1
- MINDSHARE: DEALING WITH ENCRYPTED ROUTER FIRMWARE
- MINDSHARE: HOW TO "JUST EMULATE IT WITH QEMU"
- MINDSHARE: HARDWARE REVERSING WITH THE TP-LINK TL-WR841N ROUTER
- MINDSHARE: HARDWARE REVERSING WITH THE TP-LINK TL-WR841N ROUTER - PART 2
- EXPLOITING THE SONOS ONE SPEAKER THREE DIFFERENT WAYS: A PWN2OWN TORONTO HIGHLIGHT
- Unauthenticated RCE on a RIGOL oscilloscope
- Emulating IoT Firmware Made Easy: Start Hacking Without the Physical Device
- THE DRAGON WHO SOLD HIS CAMARO: ANALYZING CUSTOM ROUTER IMPLANT
- NETGEAR Routers: A Playground for Hackers?
- I HACK, U-BOOT
- PCB Reverse Engineering: A Comprehensive Guide
- Debugging D-Link: Emulating firmware and hacking hardware
- hyprblog
- TP-Link Tapo c200 Camera Unauthenticated RCE (CVE-2021-4045)
- pwn-hisilicon-dvr
- Breaking Secure Boot on Google Nest Hub (2nd Gen) to run Ubuntu
- ROP-ing on Aarch64 - The CTF Style
- The Oddest Place You Will Ever Find PAC
- Azeria Labs
- When an N-Day turns into a 0day. (Part 1 of 2)
- Payatu blog
- Attify blog
- STAR Labs blog
- wrongbaud's blog
- DUMPING THE SONOS ONE SMART SPEAKER
- PULL UP YOUR BOOTLOADER
- How to Speak your Hardware’s Language
- Dissection of a Payment Terminal
- Dissection of a Payment Terminal: Part 2
- Breaking (bad) firmware encryption. Case study on the Netgear Nighthawk M1
- An introduction to printer exploitation
- Breaking the D-Link DIR3060 Firmware Encryption - Recon - Part 1
- Breaking the D-Link DIR3060 Firmware Encryption - Static analysis of the decryption routine - Part 2.1
- Breaking the D-Link DIR3060 Firmware Encryption - Static analysis of the decryption routine - Part 2.2
- LinkSys EA6100 AC1200 - Part 1 - PCB reversing
- LinkSys EA6100 AC1200 - Part 2 - A serial connection FTW!
- study notes about ARM AArch64 Assembly and the ARM Trusted Execution Environment (TEE)
- 5 part series on reversing huawei router
- Xiongmai IoT Exploitation
- Exploiting: Buffer overflow in Xiongmai DVRs
- Introduction to PS4's security, and userland ROP
- Hacking the PS4, part 2 Userland code execution
- Hacking the PS4, part 3 Kernel exploitation
- 4 part series on Dlink camera 0 day
- Identifying Bugs in Router Firmware at Scale with Taint Analysis
- ASUSWRT URL Processing Stack Buffer Overflow
- Reverse IoT devices
- Hacking into TP-Link Archer C6 – shell access without physical disassembly
- Modern Vulnerability Research Techniques on Embedded Systems
- Embedded Hardware Hacking 101 – The Belkin WeMo Link
- The ABCs of NFC chip security
- Reversing Raw Binary Firmware Files in Ghidra
- SYNful Knock - A Cisco router implant - Part I
- MIPS Assembly
- Fail0verflow console security
- starkes blog
- Evaluating IoT firmware through emulation and fuzzing
- Quentin kaiser blogs
- TCP backdoor 32764 or how we could patch the Internet (or part of it ;))
- Reverse Engineering a VxWorks OS Based Router
- Reverse Engineering a Philips TriMedia CPU based IP camera - Part 1
- Reverse Engineering a Philips TriMedia CPU based IP camera - Part 2
- Reverse Engineering a Philips TriMedia CPU based IP camera - Part 3
- Flash Dumping - Part I
- Reversing Mac Donald's table beacon
- day to 0day(CVE-2022-30024) on TP-Link TL-WR841N
- Triple Threat: Breaking Teltonika Routers Three Ways
- Methods for Extracting Firmware from OT Devices for Vulnerability Research
- Local Privilege Escalation on the DJI RM500 Smart Controller
- Bypassing password protection and getting a shell through UART in NEC Aterm WR8165N Wi-Fi router
- Faraday CTF 2022 Write-up: Reverse Engineering and Exploiting an IoT bug
- The .text Dilemma
- JTAG 'Hacking' the Original Xbox in 2023
- Hacking 101 to mobile data
- Enabot Hacking: Part 1
- Enabot Hacking: Part 2
- Enabot Hacking: Part 3
- Setting up a Research Environment for IP Cameras
- Hacking Reolink cameras for fun and profit
- Reverse Engineering Yaesu FT-70D Firmware Encryption
- Basics of hardware hacking
- Reversing embedded device bootloader (U-Boot) - p.1
- Reversing embedded device bootloader (U-Boot) - p.2
- How I Hacked my Car
- Google Pixel Watch Root Guide using Magisk
- 1day to 0day(CVE-2022-30024) on TP-Link TL-WR841N
- TP-Link TL-WR940N: 1-days analysis after story. (CVE-2022-43636 & CVE-2022-43635)
- NETGEAR R6700v3: 1day Analysis (CVE-2021-34982) Buffer Overflow RCE Vulnerability
- Research IOT - Analyze Bootloader - notBootSecure
- 14-829: Mobile and IoT Security
- Simulating and hunting firmware vulnerabilities with Qiling
- Voidstar Security Research Blog
- Analyzing bare metal firmware binaries in Ghidra
- Reverse engineering of ARM microcontrollers
- Reverse engineering microcontrollers WITHOUT a datasheet
- Dynamic analysis of firmware components in IoT devices
- 🔌 Hardware All The Things
- Reverse Engineering IoT Firmware: Where to Start
- CAN Injection: keyless car theft
- Reverse Engineering a VxWorks OS Based Router
- Solving a Little Mystery
- IOActive Labs blogs
- Analyzing a buffer overflow in the DLINK DIR-645 with Qiling framework, Part I
- Analyzing a buffer overflow in the DLINK DIR-645 with Qiling framework, Part II
- A Tourist’s Phrasebook for Reversing Embedded ARM in the Dialect of the Cortex M Series
- Bypassing upgrade limitations on a TP-Link TL-WR841N
- Diving into Starlink's User Terminal Firmware
- HOW TO ROOT THE LG WATCH URBANE
- JTAGulator vs. JTAGenum, Tools for Identifying JTAG Pins in IoT Devices
- Chasing doorbells: Finding IoT vulnerabilities in embedded devices
- Methods for Extracting Firmware from OT Devices for Vulnerability Research
- Hacking Transcend WiFi SD Cards
- Rooting Xiaomi WiFi Routers
- A bowl full of security problems: Examining the vulnerabilities of smart pet feeders
- CVE–2019–8985 RCE
- Emulating and Exploiting UEFI Firmware
- Reverse Engineering Router Firmware - But the Firmware is Encrypted
- From zero to botnet – GL.iNet going wild
- Low Budget Router
- Firmware Fuzzing 101
- Looking at the ChargePoint Home Flex Threat Landscape
- Attack Surface of the Ubiquiti Connect EV Station
- A Detailed Look at Pwn2Own Automotive EV Charger Hardware
- How To: Modifying EV Chargers for Benchtop Experiments
- Looking at the Attack Surface of the Sony XAV-AX5500 Head Unit
- Exploiting n-day in Home Security Camera
- A tour of automotive systems from 20 years ago
- Dumping old ECUs (P30 analysis p.1)
- Reversing old ECUs (P30 analysis p.2)
- icanhack.nl blogs
- Hunting for Unauthenticated n-days in Asus Routers
- Triple Threat: Breaking Teltonika Routers Three Ways
- Hacking my “smart” toothbrush
- Reverse engineering an EV charger
- Hacking Bluetooth speaker/FM radio firmware
- Reverse engineer a Bluetooth (BLE) SmartBand
- How to hack a car — a quick crash-course
- No Hardware, No Problem: Emulation and Exploitation
- Reverse engineering of the Nitro OBD2
- Firmware dumping technique for an ARM Cortex-M0 SoC
- Reversing the Dropcam Part 1: Wireless and network communications
- Reversing the Dropcam Part 2: Rooting your Dropcam
- Reversing the Dropcam Part 3: Digging into complied Lua functionality
- Jailbreaking Subaru StarLink
- Hardware Hacking to Bypass BIOS Passwords
- Rooting a Hive Camera
- Building a Faraday cage with data passthrough for ESP32 reverse engineering
- LimitedResults blog's
- Bypassing Readout Protection in Nordic Semiconductor Microcontrollers
- Cross-Execute Your Linux Binaries, Don’t Cross-Compile Them
- Hacking Millions of Modems (and Investigating Who Hacked My Modem)
- Hacking microcontroller firmware through a USB
- Hacking a Router: Tenda AC8 V4 Stack Overflow & PoCs
- Read secure firmware from STM32F1xx flash using ChipWhisperer
- Dumping Firmware from eMMC
- Hacking a $100K Gas Chromatograph without Owning One
- An Introduction to Fault Injection (Part 1/3)
- Software-Based Fault Injection Countermeasures (Part 2/3)
- Alternative Approaches for Fault Injection Countermeasures (Part 3/3)
- Hacking a Chinese IP camera: part 1
- Hacking a Chinese IP camera: part 2
- Firmware Emulation with Qiling
- CVE-2024-20356: Jailbreaking a Cisco appliance to run DOOM
- eCos firmware security research
- Printing Fake Fiscal Receipts - An Italian Job p.1
- Printing Fake Fiscal Receipts - An Italian Job p.2
- How to bypass Debug Disabling on SM32F103
- Apple Lightning
- TEAM.ENVY research on NVR
- Hacking a 2014 tablet... in 2024!
- Reverse Engineering of a Not-so-Secure IoT Device
- (0x64 ∧ 0x6d) ∨ 0x69
- STM32 firmware reverse engineering
- Exploiting buffer overflows on embedded ARM devices
- Destructive IoT Malware Emulation – Part 1 of 3 – Environment Setup
- Destructive IoT Malware Emulation – Part 2 of 3 – Hooking Techniques
- Destructive IoT Malware Emulation – Part 3 of 3 – Statistics
- Hacking a Secure Industrial Remote Access Gateway
- A Guide to ARM64 / AArch64 Assembly on Linux with Shellcodes and Cryptography
- From Patch To Exploit: CVE-2021-35029
- RealWorldCTF: Let's party in the house - Write Up
- Unauthenticated RCE in TP-Link TD-W9970v1
- Remote Code Execution by reverse engineering an Askey Wifi-Extender
- CVE-2020-8423: exploiting the TP-LINK TL-WR841N V10 router
- Automating binary vulnerability discovery with Ghidra and Semgrep
- Fault Injection – Down the Rabbit Hole
- Getting root on a Zyxel VMG8825-T50 router
- Exploiting a stack-based buffer overflow in practice
- FLAG (PWN 451) RealWorldCTF writeup
- Dumping K360 wireless keyboard firmware with a GreatFET
- Reversing the Pokémon Snap Station without a Snap Station
- Making a GameCube memory card editor with Raspberry Pi
- Modifying Embedded Filesystems in ARM Linux zImages
- How to add a new architecture to QEMU - Part 1 # series of blog on adding AVR32 CPU support to QEMU
- Analysing a router firmware vulnerability: Tenda AC15
- Hacking Swann & FLIR/Lorex home security camera video
- Reverse Engineering the Duco Connectivity Board: From Black Box to Home Assistant
- Laser Fault Injection on a Budget: RP2350 Edition
- TP-Link Firmware Decryption C210 V2 cloud camera bootloaders
- Reverse Engineering PixMob LED Concert Bracelets Part One
- How I Also Hacked my Car
- HardBreak - Hardware Hacking Wiki
- haxx.in
- Retreading The AMLogic A113X TrustZone Exploit
- ROPing our way to RCE
- Critically Insecure Router
- Pacemaker Pwn Pt.1
- FaultyCat Introduction
- GL iNet 300M Fun (Pt.3)
- NAND On My Watch
- something from nothing
- JabberJaw – Convert your Router to a Portable Network Attack Device!
- Jooki - Taking Control of a Forgotten Device
- Investigating an "evil" RJ45 dongle
- How to Get Root Access to Your Sleep Number Bed
- Xbox 360 security in details: the long way to RGH3
- Hack the channel: A Deep Dive into DVB Receiver Security
- Pwning Millions of Smart Weighing Machines with API and Hardware Hacking
- Hack The Emulated Planet: Vulnerability Hunting on Planet WGS-804HPT Industrial Switches
- Looking into the Nintendo Alarmo
- The Insecure IoT Cloud Strikes Again: RCE on Ruijie Cloud-Connected Devices
- Reversing, Discovering, And Exploiting A TP-Link Router Vulnerability — CVE-2024–54887
- Fuzzing embedded systems - Part 1, Introduction
- Fuzzing embedded systems - Part 2, Writing a fuzzer with LibAFL
- Remotely compromise devices by using bugs in Marvell Avastar Wi-Fi: from zero knowledge to zero-click RCE
- Pwning a Brother labelmaker, for fun and interop!
- Discovering a 0-day Authenticated RCE on my router
- ROPing Routers from scratch: Step-by-step Tenda Ac8v4 Mips 0day Flow-control ROP -> RCE
- Multiple vulnerabilities in Zyxel zysh
- Unpacking Firmware Images from Cable Modems
- Binwally: Directory tree diff tool using Fuzzy Hashing
- Analyzing Malware for Embedded Devices: TheMoon Worm
- AyySSHush: Tradecraft of an emergent ASUS botnet
- ASUS Series-Router SQLi in libbwdpi_sql.so
- World’s First MIDI Shellcode
- Replacing a Space Heater Firmware Over WiFi
- FiberGateway GR241AG - Full Exploit Chain
- Dumping the Nokia 8110 4G Firmware
- Hacking the Nokia Fastmile
- Arcadyan AW1000 (Telstra 5G Modem) Carrier Unlock
- GigaVulnerability: readout protection bypass on GigaDevice GD32 MCUs
- Extracting Embedded MultiMediaCard (eMMC) contents in-system
- Firmware Security: Alcatel-Lucent ALE-DeskPhone
- Time Travel Analysis with QEMU on IoT Targets: Not Always That Hard - Part I
- Exploiting a router vulnerability: Tenda AC15 | Part I
- Exploiting a router vulnerability: Tenda AC15 | Part II
- U-Boot NFS RCE Vulnerabilities (CVE-2019-14192)
- FortiWeb Pre-Auth RCE (CVE-2025-25257)
- FortMajeure: Authentication Bypass in FortiWeb (CVE-2025-52970)
- Hacking Sonoff Smart Home IoT Device - Extract, Modify, Boot, Intercept, Clone!
- Private Investigation - Kobo eReader - First Contact
- Exploiting embedded mitel phones for unauthenticated remote code execution
- There’s A Hole In Your SoC: Glitching The MediaTek BootROM
- Firmware Acquisition: U-Boot
- Root Shell on Credit Card Terminal
- Hacking a VoIP Phone
- Dumping the Amlogic A113X Bootrom
- Dump Amlogic S905D3 BootROM from Khadas VIM3L board
- Reverse Engineering the AM335x Boot ROM
- A dive into the Rockchip Bootloader
- "No grave but the SIP": Reversing a VoIP phone firmware
- Disassembling a Cortex-M raw binary file with Ghidra
- LG WebOS TV Path Traversal, Authentication Bypass and Full Device Takeover
- Exploitation of Philips Smart TV
- Analysis and reverse-engineering of the original Starlink router
- Now You See mi: Now You're Pwned
- "Good enough” emulation: Fuzzing a single thread to uncover vulnerabilities
- Sonicwall Firmware Deep Dive - SWI Firmware Decryption
- It’s 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable
- Do the CONTEC CMS8000 Patient Monitors Contain a Chinese Backdoor? The Reality is More Complicated
- Introducing VxWorks Support for Binary Ninja Ultimate
- Fuzzing Zephyr with AFL and Renode
- Breaking the Ledger Security Model
- Bits to Binary to Bootloader to Glitch: Exploiting ROM for Non-invasive Attacks
- CVE-2025-29338 - Buffer Overflow in NXP moal.ko Wi-Fi Kernel Driver
- From breaking into my ISP router to finding a MediaTek kernel 0day
- Unitree Robot BLE Service Command Injection Analysis
- Drone Hacking Part 1: Dumping Firmware and Bruteforcing ECC
- APPROTECT Bypass on NRF52832
- Bootloader to Iris: A Security Teardown of a Hardware Wallet
- Oculus 2 research
- Attacking UPS Network Cards to Take Down Data Centers
- Turning Up the Heat: Hacking Trane HVAC Controllers
- Black Box Probing: a Security Analysis of Xiaomi's MJA1 Secure Chip
- Pwn2Own Toronto 22: Exploit Netgear Nighthawk RAX30 Routers
- Exploiting the HP Printer without the printer (Pwn2Own 2022)
- THE PRINTER GOES BRRRRR, AGAIN!
- PwnAgent: A One-Click WAN-side RCE in Netgear RAX Routers with CVE-2023-24749
- Pwn2Own 2021 Canon ImageCLASS MF644Cdw writeup
- Competing in Pwn2Own 2021 Austin: Icarus at the Zenith
- THE PRINTER GOES BRRRRR!!!
- COOL VULNS DON'T LIVE LONG - NETGEAR AND PWN2OWN
- PWN2OWN AUSTIN 2021 : DEFEATING THE NETGEAR R6700V3
- YOUR VULNERABILITY IS IN ANOTHER OEM!
- PWN2OWN TOKYO 2020: DEFEATING THE TP-LINK AC1750
- Pwn2Own: A Tale of a Bug Found and Lost Again
- Rooting Samsung Q60T Smart TV
- The Last Breath of Our Netgear RAX30 Bugs - A Tragic Tale before Pwn2Own Toronto 2022
- Analysis & Exploitation of a Recent TP-Link Archer A7 Vulnerability
- Our Pwn2Own journey against time and randomness (part 1)
- Our Pwn2Own journey against time and randomness (part 2)
- Your NAS is not your NAS !
- Your printer is not your printer ! - Hacking Printers at Pwn2Own Part I
- Your printer is not your printer ! - Hacking Printers at Pwn2Own Part II
- Pwn2Own Toronto 2022 : A 9-year-old bug in MikroTik RouterOS
- Pwn2Own: WAN-to-LAN Exploit Showcase, Part 1
- Pwn2Own: Pivoting from WAN to LAN to Attack a Synology BC500 IP Camera, Part 2
- Pwn2Own Toronto 2023: Part 1 – How it all started
- Pwn2Own Toronto 2023: Part 2 – Exploring the Attack Surface
- Pwn2Own Toronto 2023: Part 3 – Exploration
- Pwn2Own Toronto 2023: Part 4 – Memory Corruption Analysis
- Pwn2Own Toronto 2023: Part 5 – The Exploit
- [TeamT5] Pwn2Own Contest Experience Sharing and Vulnerability Demonstration
- RCE on the HP M479fdw printer
- Pwn2Own IoT 2024 -Lorex 2K Indoor Wi-FiSecurityCamera
- Exploiting the Lorex 2K Indoor Wifi at Pwn2Own Ireland
- Not All Roads Lead to PWN2OWN: Hardware Hacking (Part 1)
- Not All Roads Lead to PWN2OWN: Firmware Reverse Engineering (Part 2)
- Not All Roads Lead to PWN2OWN: CGI Fuzzing, AFL and ASAN (Part 3)
- Exploiting a Blind Format String Vulnerability in Modern Binaries: A Case Study from Pwn2Own Ireland 2024
- Exploiting the Tesla Wall connector from its charge port connector
- Streaming Zero-Fi Shells to Your Smart Speaker
- Exploiting the Synology DiskStation with Null-byte Writes
- Pwn2Own Automotive: CHARX Vulnerability Discovery
- Pwn2Own Automotive: Popping the CHARX SEC-3100
- Philips Hue Bridge Investigations: Part I
- HEXACON2022 - Emulate it until you make it! Pwning a DrayTek Router by Philippe Laulheret
- OffensiveCon22 - Radek Domanski and Pedro Ribeiro - Pwn2Own’ing Your Router Over the Internet
- OffensiveCon20 - b1ack0wl - Don't forget to SUBSCRIBE
- OffensiveCon23 - Stacksmashing- Inside Apple’s Lightning: JTAGging the iPhone for Fuzzing and Profit
- DEF CON 24 Internet of Things Village - Elvis Collado - Reversing and Exploiting Embedded Devices
- #HITBCW2021 D2 - HITB LAB: ARM IoT Firmware Extraction And Emulation Using ARMX - Saumil Shah
- Philippe Laulheret - Intro to Hardware Hacking - DEF CON 27 Conference
- Nullcon Goa 2023 | IoT Hacking 101: Reverse Engineering The Xiaomi Ecosystem By Dennis Giese
- HEXACON2022 - 0-click RCE on the Tesla Model 3 by David Berard & Vincent Dehors
- DEF CON Safe Mode Payment Village - Aleksei Stennikov - PoS Terminal Security Uncovered
- OffensiveCon18 - Maddie Stone - The Smarts Behind Hacking Dumb Devices
- HEXACON2024 - HSM Security and Exploitation of USB over SPI bug by Sergei Volokitin
- No Hat 2021 - F. Yamaguchi & C. Ursache - Ghidra2cpg: From graph queries to vulnerabilities in ...
- No Hat 2024 - Jacopo Jannone - Exploring and Exploiting an Android “Smart POS” Payment Terminal
- Embedded kernel emulation in QEMU for security assessment | Stephane Duverger | hardwear.io Webinar
- Listen Up: Sonos Over-The-Air Remote Kernel Exploitation and Covert Wiretap
- Exploitation Against the Clock: Xiaomi S3 Smartwatch
- BAM BAM On A Budget: You CAN Do It! - Hash Salehi
- Kylie McDevitt - From Plug to Pwn
- Glitching the Switch
- A Disassembler for ROM Recovery
- 38C3 - Demystifying Common Microcontroller Debug Protocols
- 38C3 - Reverse engineering U-Boot for fun and profit
- 0days on A Shoestring: Breaking Embedded Systems With LLMs And Junk Hardware - Peter Geissler
- unblob
- binwalk
- Ghidra # Free decompiler for most of the architectures
- IDA Pro # Costs a lot for decompilers
- Qiling binary emulation & instrumentation framework
- Unicon CPU emulator framework
- Qemu emulator
- Buildroot cross-compiler
- bugprove - Automatic firmware analysis platform
- TritonDSE Library # emulation & symbolic execution library
- gdb, gdb-multiarch, gdbserver for cross-architecture debugging
- picocom, minicom, putty, screen for serial interfacing
- AFL++ a Coverage guided fuzzer
- SVD-Loader for Ghidra
- cpu_rec identify cpu architecture from a binary blob
- binbloom (analyse a raw binary firmware to find Loading address, Endianness, etc..)
- afl-unicorn
- SCOUT - Deterministic firmware-to-exploit evidence engine. 42-stage pipeline producing SARIF + CycloneDX SBOM + verified exploit chains. Tested on 1,123 firmware (FirmAE corpus, 98.8% success rate). Auto-detects Ghidra; zero pip dependencies.
- #HITBLockdown D2 - Virtual Lab - Firmware Hacking With Ghidra - Thomas Roth & Dmitry Nedospasov
- #HITBLockdown002 VIRTUAL LAB: Qiling Framework: Build a Fuzzer Based on a 1day Bug - Lau Kai Jern
- Firmware Bug hunting with Taint analysis
- Hacking The Art of Exploitation
- Leaked Malware source code
- SEC661: ARM Exploit Development and an Introduction to Router Emulation
- #HITBCyberWeek D1 LAB - Writing Bare-Metal ARM Shellcode
- ARM Assembly and Shellcode Basics - Saumil Shah at 44CON 2017 - Workshop
- BSidesMCR 2018: Introduction To Return Oriented Exploitation On ARM64 by Billy Ellis
- Billy Ellis # Youtube channel about IOS security
- #68 [GUIDE] Reverse engineering 🖥 firmware 📃
- Reverse Engineering & Vulnerability Analysis
- Remoticon 2020 // Introduction to Firmware Reverse Engineering
- qiling Lab
- Practical Binary Analysis
- A-noobs-guide-to-arm-exploitation
- What is a "good" memory corruption vulnerability?