TL;DR
I recently spent some time exploring the potential capabilities that an
evil IoT device might have within an AWS IoT Core environment. This culminated in the thoughts I've transcribed in this
blog post, as well as
a command-line tool
to help with enumeration and data harvesting during security assessments of
products that interact with AWS IoT Core.
