Wrapping up our assessment overview we come to the database interface itself.  As we mentioned before this service is running on port 5481/tcp.  I’m honestly not very sure what this service does, I assume its there to serve external requests for data, but for the assessment knowing about the purpose of the service wasn’t really [...]

Having finished our quick overview of the functionality of the webpage, we start to get a better idea about how the system as a whole functions, an from looking at a few of the URLs, its probably a good guess that it uses a lot of SQL queries to do its job. For example:
http://target:81/Users?SELECT%20%22FullName%22%20AS%20%22~FullName%22%2c%20%22Id%22%2c%20FROM%20User
But [...]

First things first, we’ve been given the application we’re going to access, we’ve built up our testing environment, usually a virtual machine or some sort, and we’re ready to get going.  The application in question serves as a SCADA server, historian, and can serve HMI displays through a native client or a web interface.  Using [...]

Following up my last post on fuzzing an unknown proprietary protocol, we’ve now got a collection of packet captures to start ripping through to get some semblance of a fuzzer going to send packets to our target.  Theres a few routes we can go, something as simple as flipping bits and putting garbage data into [...]

Thanks to the near constant stream of “the sky is falling, these protocols aren’t secure” presentations at security conferences around the globe, everyone is familiar with mainstream ICS protocols, Ethernet IP, DNP3, and of course Modbus, amongst others. And of course it is important to make sure that these protocols are implemented correctly to assure [...]

Code signing is a security feature that has been around for quite some time, and has been proven in many other areas, but is uncommon to find it in any control system component and very rare to find in control devices where firmware uploading is an important feature.  Without a doubt the technology is useful, [...]

Web interfaces seem to be everywhere in control systems these days, from plcs to servers generating reports for the business side of the house, they’re everywhere.  They’re also all too often the weakest link in a system because they’re almost always a feature that’s given very little attention from the developers, [...]

Over the last few years I’ve heard more than a few of our clients joke about their “SCADA everywhere” project, with wireless capabilities, remote access from anywhere in the world, and being able control and monitor everything on their control network from home or the local coffee shop. But we’re seeing that becoming less [...]

Last week the folks on the Apache Infrastructure Team were hit with a direct targeted attack.  The bad news is that the attackers likely got the access they were looking for, the good news is that the Apache team was able to move from incident to detection to remediation in near record time, and they’ve [...]

The offensive security team here at Digital Bond spends a lot of our time attacking various control system components, from field device to SCADA server to HMI and everything in between.  A big part of these attacks is network analysis.  We examine the protocols being used to control the targeted systems, and in the case [...]