This forum is in archive mode. You will not be able to post new content.
Pages: [1]

Author Topic: SCADA Pentest Suggestions  (Read 1719 times)

0 Members and 1 Guest are viewing this topic.

Offline TacksS

  • NULL
  • Posts: 4
  • Cookies: 1
    • View Profile
SCADA Pentest Suggestions
« on: March 05, 2012, 10:01:06 PM »
Hey guys,


Background: I'm pursuing my masters at an undisclosed university and we have an up-to-date SCADA system for pentest practice. I plan on being a SCADA Security Specialist after graduation. I've been working on this system for about four months now. I have about nine months left to work on it. I want to get as much experience with it as possible.


Subject: If anyone has some suggestions on some things they would like me to look in to or attempt, then please post your suggestion and I will do it if/when possible and post the results.
Report to moderator   Logged

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: SCADA Pentest Suggestions
« Reply #1 on: March 06, 2012, 08:07:51 AM »
haha did they start those courses after Stuxnet pwned them? :D
Nice university btw for teaching such things. I'd like to know more about this programme.
But I can't really help, unless Stuxnet source would benefit you :P
Report to moderator   Logged

Offline TacksS

  • NULL
  • Posts: 4
  • Cookies: 1
    • View Profile
Re: SCADA Pentest Suggestions
« Reply #2 on: March 06, 2012, 05:18:18 PM »
It actually very much would, assuming it's the original. I would love to dissect and analyze it when I have the time. I've looked online for the "free source code", but have yet to avail. Most of the time it's been crap, watered down, or horrible copycats.
Report to moderator   Logged

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: SCADA Pentest Suggestions
« Reply #3 on: March 06, 2012, 06:30:20 PM »
well it's not THE source code, but it's A source code, written in C. Poster said he disassembled the actual stuxnet and generated code that way so it's the best code out there... I don't understand C, or reversing or anything like that so I don't know whether it's true or not.

Here is the code that I got: DOWNLOAD
Report to moderator   Logged

Offline TacksS

  • NULL
  • Posts: 4
  • Cookies: 1
    • View Profile
Re: SCADA Pentest Suggestions
« Reply #4 on: March 06, 2012, 07:37:32 PM »
Awesome. Thanks man. I'll look into it sometime later. We're working on replay attacks against PLC's right now.
Report to moderator   Logged

Offline ande

  • Owner
  • Titan
  • *
  • Posts: 2664
  • Cookies: 256
    • View Profile
Re: SCADA Pentest Suggestions
« Reply #5 on: March 06, 2012, 08:53:40 PM »
Quote from: Kulverstukas on March 06, 2012, 06:30:20 PM
well it's not THE source code, but it's A source code, written in C. Poster said he disassembled the actual stuxnet and generated code that way so it's the best code out there... I don't understand C, or reversing or anything like that so I don't know whether it's true or not.

Here is the code that I got: DOWNLOAD

Its the same source I got a while back, bloody mess. I can tell you it is gonna be hard to make any sense out of that shit :P But if you do, I would be interested in a sorted source or any analysis paper.
« Last Edit: March 06, 2012, 08:54:15 PM by ande »
Report to moderator   Logged
if($statement) { unless(!$statement) { // Very sure } }
https://evilzone.org/?hack=true

Offline TacksS

  • NULL
  • Posts: 4
  • Cookies: 1
    • View Profile
Re: SCADA Pentest Suggestions
« Reply #6 on: March 07, 2012, 02:13:22 AM »
Then this shall be the first place I post it if I am able to properly analyze and make intelligent sense of it.
Report to moderator   Logged
Pages: [1]
 



Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.