https://labs.mwrinfosecurity.com/blog/offensive-ics-exploitation-a-technical-description/ https://www.icscybersecurityconference.com/intelligence-gathering-on-u-s-critical-infrastructure/ https://scadahacker.com/training.html
- 101/Educational
- A Collection of Resources for Getting Started in ICS/SCADA Cybersecurity - Robert M. Lee
- Control System Basics
- PLC Training Org
- Serial Communication RS232 & RS485
- How Ethernet TCP/IP is Used by Industrial Protocols
- SCADA Systems - Utility 101 Session with Rusty Wiliiams
- Control System Lectures - Brian Douglas - youtube channel
- Welcome to Control Systems Lectures! This collection of videos is intended to supplement a first year controls class, not replace it. My goal is to take specific concepts in controls and expand on them in order to provide an intuitive understanding which will ultimately make you a better controls engineer.
- plcprofessor - youtube channel
- The PLC Professor YouTube Channel is soley dedicated to technical education, specifically industrial control systems and their supporting technologies. The "Complete PLCLearn Series" is comprised of lectures, hands on lab projects and lab project wrap up discussions. The playlists to use for the series are titled "Lectures", "Basics" lab discussions, "Advanced I" lab discussions and "Advanced II" lab discussions. There is also a "Support" playlist for miscellaneous supporting knowledge, "RSLogix5000", "How to Program", as well as many more to come. These lectures and lab projects were developed for actual classroom training and have been improved as hundreds of electricians and engineers completed and commented on the content.
- Robust control system networks: how to achieve reliable control after Stuxnet / Ralph Langner.
- Hacking US Traffic Control Systems - Cesar Cerrudo - Defcon22
- Industrial Control Systems Pattern - opensecurityarchitecture.com
- SCADApedia
- EDIFACT
- EDIFACT - Wikipedia
- SMDG.org
- SMDG develops and promotes UN/EDIFACT EDI-messages for the Maritime Industry and is an official Global User Group, recognised by the UN/EDIFACT Board.
- Making prawn espressos, or hacking ships by deciphering BAPLIE EDIFACT messaging
- BAPLIE
- The BAPLIE message is a widely used EDIFACT message in the shipping industry. It is used by and between various parties to advise the exact stowage positions of the cargo on board of an ocean vessel. It is currently chiefly used for container cargo. Besides the container number and the exact position on board, general information regarding the containers is also specified such as weight and hazardous cargo class.
- Modbus
- General
- A Collection of Resources for Getting Started in ICS/SCADA Cybersecurity - Robert M. Lee
- Different Type of SCADA
- awesome-industrial-control-system-security
- Cassandra coefficient and ICS cyber – is this why the system is broken
- Remote Physical Damage 101 - Bread and Butter Attacks
- Sinking container ships by hacking load plan software
- SCADA Strangelove or: How I Learned to Start Worrying and Love Nuclear Plants
- Modern civilization unconditionally depends on information systems. It is paradoxical but true that ICS/SCADA systems are the most insecure systems in the world. From network to application, SCADA is full of configuration issues and vulnerabilities. During our report, we will demonstrate how to obtain full access to a plant via: a sniffer and a packet generator; FTP and Telnet; Metasploit and oslq; a webserver and a browser; About 20 new vulnerabilities in common SCADA systems including Simatic WinCC will be revealed.
- Rocking the Pocket Book: Hacking Chemical Plant for Competition and Extortion - Marina Krotofil - Jason Larsen
- The appeal of hacking a physical process is dreaming about physical damage attacks lighting up the sky in a shower of goodness. Let’s face it, after such elite hacking action nobody is going to let one present it even at a conference like DEF CON. As a poor substitute, this presentation will get as close as using a simulated plant for Vinyl Acetate production for demonstrating a complete attack, from start to end, directed at persistent economic damage to a production site while avoiding attribution of production loss to a cyber-event. Such an attack scenario could be useful to a manufacturer aiming at putting competitors out of business or as a strong argument in an extortion attack. Exploiting physical process is an exotic and hard to develop skill which have so far kept a high barrier to entry. Therefore real-world control system exploitation has remained in the hands of a few. To help the community mastering new skills we have developed „Damn Vulnerable Chemical Process“ – first open source framework for cyber-physical experimentation based on two realistic models of chemical plants. Come to the session and take your first master class on complex physical hacking.
- Offensive ICS Exploitation: A Description of an ICS CTF - MWR
- Wireless
- General Tools
- python-opcua
- OPC UA binary protocol implementation is quasi complete and has been tested against many different OPC UA stacks. API offers both a low level interface to send and receive all UA defined structures and high level classes allowing to write a server or a client in a few lines. It is easy to mix high level objects and low level UA calls in one application.
- UaExpert—A Full-Featured OPC UA Client
- The UaExpert® is a full-featured OPC UA Client demonstrating the capabilities of our C++ OPC UA Client SDK/Toolkit. The UaExpert is designed as a general purpose test client supporting OPC UA features like DataAccess, Alarms & Conditions, Historical Access and calling of UA Methods. The UaExpert is a cross-platform OPC UA test client programmed in C++. It uses the sophisticated GUI library QT form Nokia (formerly Trolltech) forming the basic framework which is extendable by Plugins.
- dyode
- A low-cost data diode, aimed at Industrial Control Systems
- GRASSMARLIN
- Moki Linux
- Moki is a modification of Kali to encorporate various ICS/SCADA Tools scattered around the internet, to create a customized Kali Linux geared towards ICS/SCADA pentesting professionals.
- nmap-scada
- nse scripts for scada identification
- python-opcua
- Assessment Tools
- Redpoint
- Redpoint is a Digital Bond research project to enumerate ICS applications and devices. The Redpoint tools use legitimate protocol or application commands to discover and enumerate devices and applications. There is no effort to exploit or crash anything. However many ICS devices and applications are fragile and can crash or respond in an unexpected way to any unexpected traffic so use with care.
- Redpoint
- Honeypots
- Passwords
- SCADAPASS
- SCADA StrangeLove Default/Hardcoded Passwords List
- SCADAPASS
- Simulation Software
- MiniCPS
- MiniCPS is a framework for Cyber-Physical Systems real-time simulation. It includes support for physical process and control devices simulation, and network emulation. It is build on top of mininet.
- Simulated Physics And Embedded Virtualization Integration (SPAEVI) - Overview
- VirtualPlant
- VirtuaPlant is a Industrial Control Systems simulator which adds a “similar to real-world control logic” to the basic “read/write tags” feature of most PLC simulators. Paired with a game library and 2d physics engine, VirtuaPlant is able to present a GUI simulating the “world view” behind the control system allowing the user to have a vision of the would-be actions behind the control systems. All the software is written in (guess what?) Python. The idea is for VirtuaPlant to be a collection of different plant types using different protocols in order to be a learning platform and testbed. The first release introduces a as-simple-as-it-can-get one-process “bottle-filling factory” running Modbus as its protocol.
- Blogpost
- MiniCPS
- Testing Tools
- smod - MODBUS Penetration Testing Framework
- smod is a modular framework with every kind of diagnostic and offensive feature you could need in order to pentest modbus protocol. It is a full Modbus protocol implementation using Python and Scapy. This software could be run on Linux/OSX under python 2.7.x.
- SCADA Shutdown Tool
- SCADAShutdownTool is an industrial control system automation and testing tool allows security researchers and experts to test SCADA security systems, enumerate slave controllers, read controller's registers values and rewrite registers data. SCADAShutdownTool allow enumeration of all registers types of a controller include coil outputs, digital inputs, analogue inputs, holding registers and extended registers.
- Redpoint
- Digital Bond's ICS Enumeration Tools
- smod - MODBUS Penetration Testing Framework
- Assessment Testing(/Methodology)
- ICS Security Assessment Methodology, Tools & Tips
- Dale Peterson of Digital Bond describes how to perform an ICS / SCADA cyber security assessment in this S4xJapan video. He goes into a lot of detail on the tools and how to use them in the fragile and insecure by design environment that is an ICS. There are also useful tips on when to bother applying security patches (this will likely surprise you), the importance of identifying the impact of a vulnerability, and an efficient risk reduction approach.
- Running a Better Red Team Through Understanding ICS SCADA Adversary Tactics - SANS Webcast
- A good red team should be informed about adversary tactics to emulate them against networks to not only test the infrastructure but also the defenders. In this talk, SANS ICS515 and FOR578 course author Robert M. Lee will discuss a number of observed adversary tactics in ICS/SCADA environments for the purpose of educating the audience on tactics that red teams may consider for tests in these networks. The talk will cover some of the high profile attacks observed in the community such as the Ukraine power grid cyber-attack as well as lessons learned from incident response cases in the community.
- Introduction to Attacking ICS/SCADA Systems for Penetration Testers -GDS Sec
- Damn Vulnerable Chemical Process
- Hacking Chemical Plants for Competition and Extortion - Marina Krotofil - HITBGSEC 2015
- ICS Security Assessment Methodology, Tools & Tips
- Threat Hunting