A Peek Into A Control System App Assessment, Part 3
Wrapping up our assessment overview we come to the database interface itself. As we mentioned before this service is running on port 5481/tcp. I’m honestly not very sure what this service does, I assume its there to serve external requests for data, but for the assessment knowing about the purpose of the service wasn’t really [...]
Author: Daniel Peck
Posted: June 9th, 2010 under Uncategorized.
Comments: none
A Peek Into A Control System App Assessment, Part 2
Having finished our quick overview of the functionality of the webpage, we start to get a better idea about how the system as a whole functions, an from looking at a few of the URLs, its probably a good guess that it uses a lot of SQL queries to do its job. For example:
http://target:81/Users?SELECT%20%22FullName%22%20AS%20%22~FullName%22%2c%20%22Id%22%2c%20FROM%20User
But [...]
Author: Daniel Peck
Posted: June 7th, 2010 under Uncategorized.
Comments: 1
A Peek Into A Control System App Assessment, Part 1
First things first, we’ve been given the application we’re going to access, we’ve built up our testing environment, usually a virtual machine or some sort, and we’re ready to get going. The application in question serves as a SCADA server, historian, and can serve HMI displays through a native client or a web interface. Using [...]
Author: Daniel Peck
Posted: June 2nd, 2010 under The Rack, Vulnerability Disclosure.
Comments: none
Automatic Fuzzer Generation
Following up my last post on fuzzing an unknown proprietary protocol, we’ve now got a collection of packet captures to start ripping through to get some semblance of a fuzzer going to send packets to our target. Theres a few routes we can go, something as simple as flipping bits and putting garbage data into [...]
Author: Daniel Peck
Posted: May 27th, 2010 under SCADA Protocols.
Comments: none
Auditing Proprietary Protocols in Control Systems
Thanks to the near constant stream of “the sky is falling, these protocols aren’t secure” presentations at security conferences around the globe, everyone is familiar with mainstream ICS protocols, Ethernet IP, DNP3, and of course Modbus, amongst others. And of course it is important to make sure that these protocols are implemented correctly to assure [...]
Author: Daniel Peck
Posted: May 26th, 2010 under SCADA Protocols.
Comments: 3
Code signing, misconceptions and realities
Code signing is a security feature that has been around for quite some time, and has been proven in many other areas, but is uncommon to find it in any control system component and very rare to find in control devices where firmware uploading is an important feature. Without a doubt the technology is useful, [...]
Author: Daniel Peck
Posted: May 20th, 2010 under Authentication, Patching, Remote Access, SCADA Architecture.
Comments: none
Getting Started Testing Your Web Interfaces
Web interfaces seem to be everywhere in control systems these days, from plcs to servers generating reports for the business side of the house, they’re everywhere. They’re also all too often the weakest link in a system because they’re almost always a feature that’s given very little attention from the developers, [...]
Author: Daniel Peck
Posted: May 10th, 2010 under Uncategorized.
Comments: none
SCADA Everywhere
Over the last few years I’ve heard more than a few of our clients joke about their “SCADA everywhere” project, with wireless capabilities, remote access from anywhere in the world, and being able control and monitor everything on their control network from home or the local coffee shop. But we’re seeing that becoming less [...]
Author: Daniel Peck
Posted: May 3rd, 2010 under Big Picture, Control System Vendor.
Comments: 5
What can we learn from the Apache incident report?
Last week the folks on the Apache Infrastructure Team were hit with a direct targeted attack. The bad news is that the attackers likely got the access they were looking for, the good news is that the Apache team was able to move from incident to detection to remediation in near record time, and they’ve [...]
Author: Daniel Peck
Posted: April 13th, 2010 under Uncategorized.
Comments: 1
Network Analysis, Logitech Mouse Server
The offensive security team here at Digital Bond spends a lot of our time attacking various control system components, from field device to SCADA server to HMI and everything in between. A big part of these attacks is network analysis. We examine the protocols being used to control the targeted systems, and in the case [...]
Author: Daniel Peck
Posted: March 15th, 2010 under Uncategorized.
Comments: 5