Home -> Resources

Resources for the Ethical SCADA Hacker

This page is a compilation of a variety of resources that can be used to help Assess, Test and Secure industrial control systems.  Information contained on these pages is a combination of that developed by SCADAhacker, as well as other forms of open-source information collected through various forums, websites, conferences, etc.  Whenever possible, a link to the original source will be provided; however, since some of these sites may no longer be active, some material will be downloaded directly from this site. 

Vulnerability Trend Data

BY YEAR   BY TYPE
2014 57 Other 263
2013 172 Denial of Service (DoS) 169
2012 239 Buffer Overflow 158
2011 172 Code Execution 59
2010 43 Cross-Site Scription (XSS) 33
2009 28 Arbitrary File 32
2008 31 SQL Database Injection 21
2007 17 Information Disclosure 19
2006 7 Privilege Escalation 16
2005 7 Memory Corruption 13
2004 1 Cross-Site Request Forgery 7
2003 6
2001 9
1983 1

Last update:  Apr. 15, 2014 (13:55UTC) - Open-Source Vulnerability Database (OSVDB)

(Click here to see all ICS vulnerability disclosures on OSVDB for 2014)

ICS Security Alerts and Advisories

U.S. ICS-CERT Advisories
U.S. ICS-CERT Alerts

ABB - Cyber Security Alerts and Notifications
Invensys - Cyber Security Updates
Rockwell Automation (Allen-Bradley) - Security Advisory Index [login required]
Schneider Electric - Product Vulnerability and Security Advisories
Siemens - ProductCERT Security Advisories


Generated from SCADAhacker Public List ICS-Vulnerability-Data

Cyber Response and Incident Handling

Worldwide Computer Emergency Readiness Team (CERT) Organizations

Learning Feed from Twitter


Generated using Twitter Custom Timeline

How-To Reference and Training Information

Demonstration Videos
Webcasts
Cheat Sheets
Training Material via External Websites
Linux/UNIX Reference Material and Websites
Useful Video Feeds

Conferences and Summits

EnergySec 9th Annual Security Summit Presentation Archive (September 17-19, 2013)
ICSJWG - May 2013 - Whitepapers and Presentations [*] (Conference not held due to sequestration)
ICSJWG - Fall - 2012 Conference [*] 
ICSJWG - Spring - 2012 Conference [*]
ICSJWG - Fall - 2011 Conference [*] 
ICSJWG - Spring - 2011 Conference [*] 
ICSJWG - Fall - 2010 Conference [*] 
ICSJWG - Spring - 2010 Conference [*]

[*] Homeland Security Information Network (HSIN) access privileges required to view content.

Technical Presentations and Papers

EnergySec 9th Annual Security Summit Presentation Archive (September 17-19, 2013)
Black Hat Webinar - The State of Security Vulnerabilities in 2011 (presented Dec. 8, 2011)
Hacking Embedded Systems for Fun & Profit
SCADA and PLC Vulnerabilities in Correctional Facilities (view Video Interview on Blip.tv)

Webinars / Webcasts

The Future of Securing Industrial Endpoints published February 16, 2012
Guidance for Unidirection, Routable Communications (NERC CAN-0024) published January 24, 2012

Open-Source Intelligence - Vulnerabilities & Exploits

Bugtraq (seclists.org)
Computer Security Vulns
Exploit-DB
National Vulnerability Database (NIST)
Open-Source Vulnerability Database
Rapid 7 (Metasploit) Vulnerabilities & Exploit Modules
Secunia
Security Focus (by Symantec)

Industrial Automation, Safety and Security Reading

Automation.com
Automation World
Control Engineering
Control Global
Industrial Safety & Security Source (ISSSource)

Using Shodan

Shodanhq Web Site
ICS/SCADA/PLC Google/Shodan Cheat Sheet (SCADAStrangeLove)
Shodan for Pen Testers (Def Con 18)
What You Should Know About SHODAN and SCADA (DigitalBond)
Project SHINE: 1,000,000 Internet-Connected SCADA and ICS Systems and Counting (Tofino Security)

A SCADA Hacker's Toolset

Security Testing Frameworks
Individual Installable Tools for Windows, Linux and MAC OS
Android and Tablet Security Applications
Documentation
Websites
Supplimental Tools

SCADA/ICS System Exploits

SCADA/ICS Vulnerability Reference List
Metasploit Modules for SCADA-related Vulnerabilities
Gleg SCADA+ Professional Pack for Immunity Canvas (updates)

Dillon Beresford at Black Hat 2011 - Exploiting Siemens SIMATIC S7 PLCs

WellinTech KingView SCADA - Heap Overflow in HistorySvr Service
WellinTech KingView SCADA - Heap Overflow in KVWebSvr.dll ActiveX Control
Siemens  Tecnomatix FactoryLink
Iconics GENESIS32 and GENESIS64
7-Technologies IGSS
RealFlex RealWin

SCADA/ICS Demonstration & Evaluation Software

Broadwin (Advantech) WebAccess download product info
Cogent Datahub download product info
General Electric Proficy CIMPLICITY order demo software product info
General Electric Proficy iFIX order demo software product info
IGSS download product info
ICONICS GENESIS32 download product info
ICONICS GENESIS64 download product info
Inductive Automation Ignition download product info
OPC Systems .NET download product info
Realflex RealWin SCADA download product info
Rockwell Auomation - MicroLogix / RSLinx download product info
Rockwell Automation - General download  
Schneider CitectSCADA download product info
Schneider ClearSCADA download product info
WellinTech (KingView, KingSCADA, KingHistorian) download product info

Network Exploits

Coming soon ....

Host-based Exploits

Windows Machines Compromised by Default Configuration Flaw in IPv6

Duqu Resources

Duqu Reference Material

Stuxnet Resources

Stuxnet Reference Material
Stuxnet Mitigation Recommendations
Demonstration Video - Introduction, Installation, and Injection Methods
Demonstration Video - Using Software Restrition Policy as a Mitigation

On the Lighter Side

CNN talks with Kevin Mitnick  (August 31, 2011)
BBC Outriders Podcast with Kevin Mitnick  (August 23, 2011)
Steven Colbert talks to Kevin Mitnick  (August 18, 2011)
Steven Colbert talks to David Albright about Stuxnet