Similar to my 2nd blog on Nessus ICCP Checks, here are some screen shots from the OPC checks we’ve been developing with Tenable for Nessus 3.
The first shows the output of the base OPC Detection plugin that identifies OPC applications and CLSIDs installed on the host. The security note would show up along side any [...]

A while back I blogged a bit about one of the plugins we wrote for for Nessus. Here I’ll add some screenshots that better show how it might be used.
By clicking port 102 we can quickly see all the ICCP server on our network and which have security holes and notes. We can then drill [...]

Although we showed screenshots several weeks back, we haven’t showed any scan output yet for the SCADA Nessus Plugins we’ve been developing with Tenable.
For this one I’m just running this from the command line, but this is what would show up the Nessus Scan report if the ICCP Server detection plugin successfully found an ICCP [...]

Most protocols (particularly SCADA protocols) and many field devices have a “magic packet” that allows them to say HERE I AM! that are great candidates for discovery algorithms in vulnerability scanners such as Nessus.
I discussed this phenomena in an ISA Talk back in 2003. See the slide on “discovery protocols.” The best way to find [...]

For much of the last month or so we’ve been working on coding (and testing) the SCADA Plugins for Nessus that were announced back in August. So from the screenshot above, you can see:
1) There are device specific plugins (right now only for Modicon PLCs, but the same could be written for others) that provide [...]

Last week, on many security mailing lists, folks were talking about using Google Code Search to look for various sorts of vulnerabilities in publicly-accessible source code repositories. Given the tool’s robust support for regular expressions, it is not inconceivable for static analysis tools (aka source code scanners) to be quickly google-ified to search repositories instead [...]

Unlike my last blog entry, I’ll keep this short. I read Time.com reprint of a Marine Intel Officer’s Letter this morning that is food for thought.
It was the sentence in the intro (describing the letter) that caught my eye:
His honest but wry narration and unusually frank dissection of the mission contrasts sharply with the story [...]

I’ve been meaning to chime on some of the issues that surfaced over the weekend at SANS, but real work has been getting in the way of my blogging.
Shame on me.
In particular, I wanted to respond to some of the issues that were raised when Digital Bond’s work with DHS/US-CERT & CERT/CC last spring appeared [...]

This week I’m doing something familiar. I’m learning an unfamiliar protocol.
Well, sort of. DNP3 isn’t entirely foreign, since I’ve looked at traces before, played around with the Triangle Microworks Test Harness and even browsed the source of Luciol a bit to figure out how the CRC16 Checksum used by DNP3 is calculated.
But I haven’t been [...]

Today, DHS Released the public exercise report on CyberStorm, which was something I participated in, well, starting almost a year ago.
Although SCADA played a prominent role in exercise, the only real mention is the final report is excerpted below:
Finding 8: Improvement of Processes, Tools, and Technology
There was a great deal of research and discovery in [...]