Nytro Posted January 28, 2013 Report Posted January 28, 2013 [h=3]ICS Security Analysis — New Pentest Tools[/h]Industrial system (ICS/SCADA) security is a modern trend in information security. However, there is always a shortage of specialized tools for pentest or audit of ICS security. This article covers the latest publications, utilities, and presentations of Positive Technologies experts — all this will help you to ensure industrial system security..Theory To Start WithUnderstanding of real threats is the core for any information security project. To ease this task, Positive Technologies experts assisted by the community ????? ????? - ????????????? ???? ???????????? ? ??????? ???????????? ????????????? • ??????? ???????? undertook a large-scale study of the ICS systems (ICS/SCADA), the results of which are available here: http://ptsecurity.com/download/SCADA_analytics_english.pdfTwo Stories Of The Same PentestOne of the problems of modern ICS is large-scale integrated projects related to MES construction and integration with business systems such as ERP. The report "From ERP to SCADA. Back and Forth. Two Stories of the Same Pentest" [ru] exemplifies what such projects can result in if they do not comply with security requirements.ICS/SCADA/PLC Google/Shodanhq Cheat SheetStatements that industrial control systems are available via the Internet are usually taken with skepticism. A tool, which allows estimating a threat by yourself, has been published recently. Take notice that devices and systems provided in this list are all enterprise-level systems and will hardly be used to control fridges and microwaves.The following video demonstrates what ICS availability via the Internet can result in: Attention! Do not try to repeat it at home. A vulnerable system can control a very important object, and if it is handled carelessly it may cause damages. If all of a sudden you have detected an ICS available via the Internet, contact its owner or Computer Emergency Response Team, who can eliminate this flaw.Contact GOV-CERT.RU if dealing with the systems of Russia, with regional CERT such as ICS-CERT if dealing with international systems.Anonymous, judging by their Twitter, have already considered this tool, and it scares a little bit. PLCScanThis open-code utility allows detecting devices interacting via the S7comm or Modbus protocols in a system. When a device is detected, PLCScan tries to obtain information about its vendor, type, installed modules, and etc. Demonstrating video: The utility is available here: https://code.google.com/p/plcscan/.WinCC HarvesterMetasploit WinCC Harvester can be used when access to SCADA WinCC has been obtained to collect additional information about a project, users, and controllers connected to a system.Demonstrating video: The utility is available here: https://github.com/nxnrt/wincc_harvester.Siemens SIMATIC WinCC 7.X Security Hardening GuideA checklist can be used for WinCC configuration in accordance with security requirements and for system security assessment in the course of audits.If a lot of systems are assessed, the procedure can be automated as in case of MaxPatrol. Siemens WinCC / S7 Under The X-raySCADA Security Scientific Symposium held in Miami on January 16-17 saw the report of Positive Technologies experts related to the results of Siemens WinCC/S7 security research. The report also covered SIMATIC WinCC/WinCC Flexible/TIA Portal and S7 PLC; from a network stack to an application, from a system architecture review to firmware reverse engineering. Sergey Gordeychik, Gleb Gritsay, and Denis Baranov considered almost 50 zero-day vulnerabilities and released a checklist for the configuration of WinCC Flexible 2008.S7 password offline bruteforce toolDuring the report the experts of Positive Technologies provided also a utility, which can be used to test S7 password strength in the course of audits and pentests.The utility is available here: [Python] s7-brute-offline.py - Pastebin.com. ?????: Positive Research ?? 12:56 AM Sursa: Positive Research Center: ICS Security Analysis — New Pentest Tools Quote
