Home -> Resources

Resources for the Ethical SCADA Hacker

This page is a compilation of a variety of resources that can be used to help Assess, Test and Secure industrial control systems.  Information contained on these pages is a combination of that developed by SCADAhacker, as well as other forms of open-source information collected through various forums, websites, conferences, etc.  Whenever possible, a link to the original source will be provided; however, since some of these sites may no longer be active, some material will be downloaded directly from this site. 

Dragonfly/Havex Resources

Dragonfly/Havex Reference Material

Vulnerability Trend Data

BY YEAR   BY TYPE
2014 201 Other 312
2013 176 Denial of Service (DoS) 194
2012 240 Buffer Overflow 203
2011 172 Code Execution 68
2010 43 Cross-Site Scription (XSS) 38
2009 28 Arbitrary File 33
2008 31 Information Disclosure 25
2007 17 SQL Database Injection 25
2006 7 Privilege Escalation 22
2005 7 Memory Corruption 13
2004 1 Cross-Site Request Forgery 9
2003 6 Local File Inclusion 1
2001 9
1983 1

Last update:  December 18, 2014 (03:30UTC) - Open-Source Vulnerability Database (OSVDB)

(Click here to search ICS vulnerability disclosures on OSVDB for 2014 | All)

ICS Security Alerts and Advisories

U.S. ICS-CERT Advisories
U.S. ICS-CERT Alerts

ABB - Cyber Security Alerts and Notifications
GE-IP - Security Advisories
Invensys - Cyber Security Updates
Rockwell Automation (Allen-Bradley) - Security Advisory Index [login required]
Schneider Electric - Product Vulnerability and Security Advisories
Siemens - ProductCERT Security Advisories


Generated from SCADAhacker Public List ICS-Vulnerability-Data

Cyber Response and Incident Handling

Worldwide Computer Emergency Readiness Team (CERT) Organizations
Forum of Incident Response and Security Teams (FIRST) - Alphabetical List of Members

Learning Feed from Twitter


Generated using Twitter Custom Timeline

How-To Reference and Training Information

Demonstration Videos
Webcasts
Cheat Sheets
Training Material via External Websites
Linux/UNIX Reference Material and Websites
Useful Video Feeds

SANS ICS Resources

Webcasts
ICS Security Posters and Brochures
Surveys
ICS Summit Archives
Newsbites
White Papers
Helpful Websites
Press

Conferences and Summits

2014 Event Archives
Kuwait Industrial Automation & Control System (KIACS) Cyber Security 2014
DigitalBond S4x14

ICS-CERT Industrial Control Systems Joint Working Group (ICSJWG)
ICSJWG - May 2013 - Whitepapers and Presentations [*] (Conference not held due to sequestration)
ICSJWG - Fall - 2012 Conference [*] 
ICSJWG - Spring - 2012 Conference [*]
ICSJWG - Fall - 2011 Conference [*] 
ICSJWG - Spring - 2011 Conference [*] 
ICSJWG - Fall - 2010 Conference [*] 
ICSJWG - Spring - 2010 Conference [*]
[*] Homeland Security Information Network (HSIN) access privileges required to view content.

SCADA at BlackHat 2013
Out of Control: SCADA Device Exploitation - Cimation ( Slides | Paper )
The SCADA That Didn't Cry Wolf - Trend Micro

2013 Event Archives
EnergySec 9th Annual Security Summit Presentation Archive (September 17-19, 2013)
DigitalBond S4x13

SANS ICS Summit Archives
ICS Security Europe - Amsterdam 2014 (65.8MB)
ICS Security Summit - Orlando 2014 (25.5MB)
ICS Security Summit - Orlando 2013 (32.1MB)
ICS Security Summit - Singapore 2013 (34.6MB)
ICS Security Summit - Orlando 2012 (47.2MB)
ICS Security Summit - Barcelona 2012 (30.3MB)
ICS Security Summit - Orlando 2011 (35.1MB)
ICS Security Summit - Rome 2011 (25.8MB)
ICS Security Summit - Orlando 2010 (60.3MB)
ICS Security Summit - London 2010 (52.3MB)
ICS Security Summit - Orlando 2009 (19.4MB)
ICS Security Summit - Stockholm 2009 (8.73MB)
ICS Security Summit - Orlando 2008 (9.54MB)
ICS Security Summit - Amsterdam 2008 (12/6MB)

Technical Presentations and Papers

EnergySec 9th Annual Security Summit Presentation Archive (September 17-19, 2013)
Black Hat Webinar - The State of Security Vulnerabilities in 2011 (presented Dec. 8, 2011)
Hacking Embedded Systems for Fun & Profit
SCADA and PLC Vulnerabilities in Correctional Facilities (view Video Interview on Blip.tv)

Webinars / Webcasts

Stronger than Firewalls - And Cheaper Too! published September 20, 2012
Cyber Security for Industrial Control Systems presented at The Automation Conference - May 22, 2012
Future of Security Industrial Endpoints published February 16, 2012
Guidance for Unidirection, Routable Communications (NERC CAN-0024) published January 24, 2012

Information Sharing

Industrial Control System - Information Sharing & Analysis Center (ICS-ISAC)
National Electric Sector Cybersecurity Organization (NESCO)
EnergySec
InfraGard

Open-Source Intelligence - Vulnerabilities & Exploits

Bugtraq (seclists.org)
Computer Security Vulns
Exploit-DB
National Vulnerability Database (NIST)
Open-Source Vulnerability Database
Rapid 7 (Metasploit) Vulnerabilities & Exploit Modules
Secunia
Security Focus (by Symantec)

Industrial Automation, Safety and Security Reading

Automation.com
Automation World
Control Engineering
Control Global
Industrial Safety & Security Source (ISSSource)

Using Shodan

Shodanhq Web Site
ICS/SCADA/PLC Google/Shodan Cheat Sheet (SCADAStrangeLove)
Shodan for Pen Testers (Def Con 18)
What You Should Know About SHODAN and SCADA (DigitalBond)
Project SHINE: 1,000,000 Internet-Connected SCADA and ICS Systems and Counting (Tofino Security)

A SCADA Hacker's Toolset

Security Testing Frameworks
Individual Installable Tools for Windows, Linux and MAC OS
Android and Tablet Security Applications
Documentation
Websites
Supplimental Tools

SCADA/ICS System Exploits

SCADA/ICS Vulnerability Reference List
Metasploit Modules for SCADA-related Vulnerabilities
Gleg SCADA+ Professional Pack for Immunity Canvas (updates)

Dillon Beresford at Black Hat 2011 - Exploiting Siemens SIMATIC S7 PLCs

WellinTech KingView SCADA - Heap Overflow in HistorySvr Service
WellinTech KingView SCADA - Heap Overflow in KVWebSvr.dll ActiveX Control
Siemens  Tecnomatix FactoryLink
Iconics GENESIS32 and GENESIS64
7-Technologies IGSS
RealFlex RealWin

SCADA/ICS Demonstration & Evaluation Software

Broadwin (Advantech) WebAccess download product info
Cogent Datahub download product info
General Electric Proficy CIMPLICITY order demo software product info
General Electric Proficy iFIX order demo software product info
IGSS download product info
ICONICS GENESIS32 download product info
ICONICS GENESIS64 download product info
Inductive Automation Ignition download product info
OPC Systems .NET download product info
Realflex RealWin SCADA download product info
Rockwell Auomation - MicroLogix / RSLinx download product info
Rockwell Automation - General download  
Schneider CitectSCADA download product info
Schneider ClearSCADA download product info
WellinTech (KingView, KingSCADA, KingHistorian) download product info

Network Exploits

Coming soon ....

Host-based Exploits

Windows Machines Compromised by Default Configuration Flaw in IPv6

Duqu Resources

Duqu Reference Material

Stuxnet Resources

Stuxnet Reference Material
Stuxnet Mitigation Recommendations
Demonstration Video - Introduction, Installation, and Injection Methods
Demonstration Video - Using Software Restrition Policy as a Mitigation

On the Lighter Side

CNN talks with Kevin Mitnick  (August 31, 2011)
BBC Outriders Podcast with Kevin Mitnick  (August 23, 2011)
Steven Colbert talks to Kevin Mitnick  (August 18, 2011)
Steven Colbert talks to David Albright about Stuxnet