Platform Security Assessment Framework
-
Updated
Jul 13, 2026 - Python
Platform Security Assessment Framework
Toolkit to emulate firmware and analyse it for security vulnerabilities
IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices.
D-Link firmware decryption PoC
Firmware Guide
Openwrt 18.06.5 featured with the Exein's security framework
Self-hosted, agentic vulnerability research for binaries & firmware: an AI agent decompiles, fuzzes, and verifies exploits inside a sandbox, recording every finding to a typed graph. BYOK, fully local.
Offline security checklist & report generator
Deterministic firmware-to-exploit evidence engine. Drop a firmware blob, get hash-anchored findings with SARIF + CycloneDX SBOM + verified exploit chains.
Open-source NVMe sanitization framework with 50 cycles and per-cycle Log Page 0x81 hardware confirmation. PDF Certificate of Destruction. Designed to align with NIST SP 800-88 Rev.2. Free.
A simple 16-bit RISC CPU written from scratch in C. topics: cpu risc virtual-machine c computer-architecture systems-programming emulator
Bootloader for tinyAVR 0-, 1- and 2-series, and megaAVR 0-series, supporting signed and encrypted firmware loaded from external I2C memory.
Lab about hacking, vulnerabilities exploitation, ...
CVE-2021-21735 write-up: ZTE ZXHN H168N V3.5 wizard-page information leak, firmware routing flaw, and the path from exposed PPPoE/WLAN data to full admin compromise.
Bare-metal secure bootloader for STM32F407 with AES-GCM encrypted transfer, ECDSA signature verification and anti-rollback protection
Open-source Rust-based post-quantum secure embedded OS for critical edge infrastructure — ARM Cortex-M & RISC-V | Apache-2.0
Palimpsest is an LLM-assisted semantic code enhancement framework that bridges Ghidra decompilation and CodeQL database construction. It is optimized for IoT device firmware analysis and for generating CodeQL-buildable source code.
20 hands-on security engineering labs covering attack surface discovery, reverse engineering, protocol analysis, fuzzing, CVSS scoring, and responsible disclosure.
Scan firmware blobs and filesystem dumps for hardcoded private keys, API tokens, default creds, and weak RSA/ECC material.
Validate OTA update packages end-to-end: signature chains, rollback protection, anti-downgrade counters, and delta-patch integrity.
Add a description, image, and links to the firmware-security topic page so that developers can more easily learn about it.
To associate your repository with the firmware-security topic, visit your repo's landing page and select "manage topics."