Home -> Resources

Ethical Hacking for Industrial Control Systems is NOW OPEN for registration! Check out TRAINING for more details and registration.

Resources for the Ethical SCADA Hacker

This page is a compilation of a variety of resources that can be used to help Assess, Test and Secure industrial control systems.  Information contained on these pages is a combination of that developed by SCADAhacker, as well as other forms of open-source information collected through various forums, websites, conferences, etc.  Whenever possible, a link to the original source will be provided; however, since some of these sites may no longer be active, some material will be downloaded directly from this site. 

Dragonfly/Havex Resources

Dragonfly/Havex Reference Material

Vulnerability Trend Data

2015 98 (see Note) Other 366
2014 223 Buffer Overflow 222
2013 180 Denial of Service (DoS) 215
2012 240 Code Execution 81
2011 172 Cross-Site Scription (XSS) 41
2010 43 Arbitrary File 33
2009 28 Information Disclosure 35
2008 31 SQL Database Injection 27
2007 17 Privilege Escalation 24
2006 7 Memory Corruption 13
2005 7 Cross-Site Request Forgery 11
2004 1 Local File Inclusion 1
2003 6
2001 9
1983 1      

Last update:  June 25, 2015 (10:40UTC) - Open-Source Vulnerability Database (OSVDB)

(Click here to search ICS vulnerability disclosures on OSVDB for 2015 | All)

Note: OSVDB appears to have stopped collected ICS-specific vulnerables in late-May 2015.  It is unclear if they will correct this problem in the near future. Data for 2015 should not be used for annual comparative analysis.

ICS Security Alerts and Advisories

U.S. ICS-CERT Advisories
U.S. ICS-CERT Alerts

ABB - Cyber Security Alerts and Notifications
GE-IP - Security Advisories
Invensys - Cyber Security Updates
Rockwell Automation (Allen-Bradley) - Security Advisory Index [login required]
Schneider Electric - Product Vulnerability and Security Advisories
Siemens - ProductCERT Security Advisories

Generated from SCADAhacker Public List ICS-Vulnerability-Data

Cyber Response and Incident Handling

Worldwide Computer Emergency Readiness Team (CERT) Organizations
Forum of Incident Response and Security Teams (FIRST) - Alphabetical List of Members

Learning Feed from Twitter

Generated using Twitter Custom Timeline

How-To Reference and Training Information

Demonstration Videos
Cheat Sheets
Training Material via External Websites
Linux/UNIX Reference Material and Websites
Useful Video Feeds

SANS ICS Resources

ICS Security Posters and Brochures
ICS Summit Archives
White Papers
Helpful Websites

Conferences and Summits

2014 Event Archives
Kuwait Industrial Automation & Control System (KIACS) Cyber Security 2014
DigitalBond S4x14

ICS-CERT Industrial Control Systems Joint Working Group (ICSJWG)
ICSJWG - May 2013 - Whitepapers and Presentations [*] (Conference not held due to sequestration)
ICSJWG - Fall - 2012 Conference [*] 
ICSJWG - Spring - 2012 Conference [*]
ICSJWG - Fall - 2011 Conference [*] 
ICSJWG - Spring - 2011 Conference [*] 
ICSJWG - Fall - 2010 Conference [*] 
ICSJWG - Spring - 2010 Conference [*]
[*] Homeland Security Information Network (HSIN) access privileges required to view content.

SCADA at BlackHat 2013
Out of Control: SCADA Device Exploitation - Cimation ( Slides | Paper )
The SCADA That Didn't Cry Wolf - Trend Micro

2013 Event Archives
EnergySec 9th Annual Security Summit Presentation Archive (September 17-19, 2013)
DigitalBond S4x13

SANS ICS Summit Archives
ICS Security Europe - Amsterdam 2014 (65.8MB)
ICS Security Summit - Orlando 2014 (25.5MB)
ICS Security Summit - Orlando 2013 (32.1MB)
ICS Security Summit - Singapore 2013 (34.6MB)
ICS Security Summit - Orlando 2012 (47.2MB)
ICS Security Summit - Barcelona 2012 (30.3MB)
ICS Security Summit - Orlando 2011 (35.1MB)
ICS Security Summit - Rome 2011 (25.8MB)
ICS Security Summit - Orlando 2010 (60.3MB)
ICS Security Summit - London 2010 (52.3MB)
ICS Security Summit - Orlando 2009 (19.4MB)
ICS Security Summit - Stockholm 2009 (8.73MB)
ICS Security Summit - Orlando 2008 (9.54MB)
ICS Security Summit - Amsterdam 2008 (12/6MB)

Technical Presentations and Papers

EnergySec 9th Annual Security Summit Presentation Archive (September 17-19, 2013)
Black Hat Webinar - The State of Security Vulnerabilities in 2011 (presented Dec. 8, 2011)
Hacking Embedded Systems for Fun & Profit
SCADA and PLC Vulnerabilities in Correctional Facilities (view Video Interview on Blip.tv)

Webinars / Webcasts

Stronger than Firewalls - And Cheaper Too! published September 20, 2012
Cyber Security for Industrial Control Systems presented at The Automation Conference - May 22, 2012
Future of Security Industrial Endpoints published February 16, 2012
Guidance for Unidirection, Routable Communications (NERC CAN-0024) published January 24, 2012

Information Sharing

Industrial Control System - Information Sharing & Analysis Center (ICS-ISAC)
National Electric Sector Cybersecurity Organization (NESCO)

Open-Source Intelligence - Vulnerabilities & Exploits

Bugtraq (seclists.org)
Computer Security Vulns
National Vulnerability Database (NIST)
Rapid 7 (Metasploit) Vulnerabilities & Exploit Modules
Security Focus (by Symantec)

Industrial Automation, Safety and Security Reading

Automation World
Control Engineering
Control Global
Industrial Safety & Security Source (ISSSource)

Using Shodan

Shodanhq Web Site
ICS/SCADA/PLC Google/Shodan Cheat Sheet (SCADAStrangeLove)
Shodan for Pen Testers (Def Con 18)
What You Should Know About SHODAN and SCADA (DigitalBond)
Project SHINE: 1,000,000 Internet-Connected SCADA and ICS Systems and Counting (Tofino Security)

A SCADA Hacker's Toolset

Security Testing Frameworks
Industrial Protocol Fuzzers
Individual Installable Tools for Windows, Linux and MAC OS
Android and Tablet Security Applications
Supplimental Tools

SCADA/ICS System Exploits

Due to issues with GoDaddy, this content is unavailable at this time. I hope to have this resolved shortly. Thank you for your patience.

SCADA/ICS Demonstration & Evaluation Software

Broadwin (Advantech) WebAccess download product info
Cogent Datahub download product info
General Electric Proficy CIMPLICITY order demo software product info
General Electric Proficy iFIX order demo software product info
IGSS download product info
ICONICS GENESIS32 download product info
ICONICS GENESIS64 download product info
Inductive Automation Ignition download product info
OPC Systems .NET download product info
Realflex RealWin SCADA download product info
Rockwell Auomation - MicroLogix / RSLinx download product info
Rockwell Automation - General download  
WellinTech (KingView, KingSCADA, KingHistorian) download product info

Network Exploits

Coming soon ....

Host-based Exploits

Windows Machines Compromised by Default Configuration Flaw in IPv6

Duqu Resources

Duqu Reference Material

Stuxnet Resources

Stuxnet Reference Material
Stuxnet Mitigation Recommendations
Demonstration Video - Introduction, Installation, and Injection Methods
Demonstration Video - Using Software Restrition Policy as a Mitigation

On the Lighter Side

CNN talks with Kevin Mitnick  (August 31, 2011)
BBC Outriders Podcast with Kevin Mitnick  (August 23, 2011)
Steven Colbert talks to Kevin Mitnick  (August 18, 2011)
Steven Colbert talks to David Albright about Stuxnet