Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-industrial-protocols
Security-oriented list of resources about industrial network protocols.
https://github.com/Orange-Cyberdefense/awesome-industrial-protocols
Last synced: 5 days ago
JSON representation
-
BACnet/IP
-
Tools
- bacnet-info.nse
- BACnet Stack - BACnet open source protocol stack
- bacnet-docker - BACnet Tools in Docker
- BACnet/IP Specification
- packet-bacnet.c
- ICS-pcap BACnet
-
Articles
- 10 things you should know about BACnet - Blog post on RTAutomation
- BACnet CVE-2019-12480 - On M's blog (2019)
- BACnet data representation - Blog post on RTAutomation
-
Conferences
- HVACking Understand the Delta Between Security and Reality - Douglas McKee & Mark Bereza @ DEF CON 27 (2019)
- Mixing industrial protocols with web application security - Bertin Bervis @ DEF CON 27 IoT Village (2019)
- Owning a Building: Exploiting Access Control and Facility Management Systems - Billy Rios @ Black Hat Asia (2014)
- DEF CON Safe Mode Red Team Village - Chris Kubecka - Pwn the World - @ DEF CON (2020)
-
-
DICOM
-
Tools
- DCMTK - DICOM ToolKit
- DICOM Standard
- dicom-ping.nse
- packet-dcm.c
- dicom-server - Microsoft's OSS Implementation of DICOMweb standard
- pydicom - Python package to read, modify and write DICOM files
-
Conferences
- Attack surfaces of smart medical infrastructure - Denis Makrushin (@difezza) @ Insomni'Hack (2019)
- Hacking a Hospital for Fun and Profit - Asaf Cohen & Ofir Kamil @ Hack In The Box (2018)
- How to Hack Medical Imaging Applications via DICOM - Maria Nedyak @ Hack In The Box (2020)
- Understanding, Attacking & Securing Medical Devices - Ajay Pratap Singh @ Hack In The Box (2019)
- Millions of Patient Records at Risk: The Perils of Legacy Protocols - @ Black Hat (2024)
-
-
POWERLINK
-
Articles
- packet-epl.c
- Quick Start - POWERLINK on Raspberry Pi2 - Kalycito, 2018 (Web Archive, domain expired)
- ICS-pcap POWERLINK
-
Tools
- openCONFIGURATOR - Open-source POWERLINK network configuration toolkit
- openPOWERLINK - Open-source POWERLINK protocol stack
- openPOWERLINK_V2 - GitHub page to openPOWERLINK protocol stack release 2
-
-
CAN
-
Documentations
- Linux SocketCAN documentation - kernel.org
- DBC Specification - A description of CAN database layout
-
Articles
- CAN Injection: keyless car theft - CANIS Automative Labs CTO blog (2023)
- CAN-FD - The basic idea - CAN in Automation
- Click here to download more cars - djnn
- CAN-FD - The basic idea - CAN in Automation
- CAN-FD - The basic idea - CAN in Automation
- Click here to download more cars - djnn
-
Conferences
- (Pen)Testing Vehicles with CANToolz - Alexey Sintsov @ Black Hat Europe (2016)
- All Aboard the CAN Bus or Motorcycle - Derrick @ DEF CON Safe Mode Car Hacking Village (2020)
- CAN Bus in Aviation Investigating CAN Bus in Avionics - Patrick Kiley @ DEF CON 27 Aviation Village (2019)
- CANSPY: Auditing CAN Devices - Jonathan Christofer Demay, Arnaud Lebrun @ DEF CON 24 (2016)
- Cantact: An Open Tool for Automative Exploitation - Eric Evenchick @ Black Hat Asia (2016)
- canTot A CAN Bus Hacking Framework - Jay Turla @ DEF CON 30 Car Hacking Village (2022)
- Deep Learning on CAN BUS - Jun Li @ DEF CON 24 Car Hacking Village (2016)
- Free-Fall: Hacking Tesla from Wireless to CAN Bus - Ling Liu, Sen Nie & Yuefeng Du @ Black Hat USA (2017)
- Fuzzing CAN / CAN FD ECU's and Network - Samir Bhagwat @ DEF CON 29 Car Hacking Village (2021)
- Hopping on the CAN Bus - Eric Evenchick @ Black Hat USA (2015)
- Self-Driving and Connected Cars: Fooling Sensors and Tracking Drivers - Jonathan Petit @ Black Hat Europe (2015)
- ISO-11898
- packet-canopen.c
- can.py
- Abusing CAN Bus Spec for DoS in Embedded Systems - Martin Petran @ DEF CON 31 Car Hacking Village (2023)
- Advanced CAN Injection Techniques for Vehicle Networks - Charlie Miller & Chris Valasek @ Black Hat USA (2016)
- Adventures in Building a CAN Bus Sniffer - Andrey Voloshin @ Hack In The Box (2020)
- Backdooring & Remotely Controlling Cars - Sheila A. Berta & Claudio Carraciolo @ Hack In The Box (2018)
- CANsee: An Automobile Intrusion Detection System - Jun Li @ Hack In The Box (2016)
- Canspy: A Platform for Auditing Can Devices - Jonathan-Christofer Demay & Arnaud Lebrun @ Black Hat USA (2016)
- #HITBCyberWeek D1T2 - Car Hacking: Practical Guide To Automotive Security - Yogesh Ojha - @ Hack In The Box (2020)
- #HITBCyberWeek D2T2 - RAMN: Resistant Automotive Miniature Network - @ Hack In The Box (2020)
- Backdooring of Real Time Automotive OS Devices - @ Black Hat (2022)
-
Papers
- A Fuzz Testing Methodology for Cyber-security Assurance of the Automotive CAN Bus - Daniel S. Fowler, Coventry University (2019)
-
Tools
- cantools - Python library to play with CAN databases & messages
- opendbc - A list of CAN databases retrieved from reverse-engineered cars
- python-can - Python library to plug to various CAN connectors
-
-
CC-Link IE
-
Tools
-
Documentations
- CC-Link IE Field Network playlist - Mitsubishi Training
- CC-Link IE Field Network playlist - Mitsubishi Training
-
-
CIP
-
Documentations
- packet-cip.c
- ControlNet - Overview on ODVA.org
- Common Industrial Protocol (CIP) - Overview on ODVA.org
- CompoNet - Overview on ODVA.org
- S4x15 ICS Village PCAP Files
-
-
CSPv4
-
Articles
-
-
DeviceNet
-
Articles
- packet-devicenet.c
- DeviceNet and Ethernet/IP - Blog post on RTAutomation
-
Documentations
- DeviceNet - Overview on ODVA.org
-
-
DF1
-
Articles
- DF1 specification
- AB/DF1 Protocol Tips - Lynn's Industrial Automation Protocol Tips blog
- AB/DF1 Protocol Tips - Lynn's Industrial Automation Protocol Tips blog
-
Tools
-
-
DNP3
-
Tools
- IEEE 1815-2012
- dnp3-info.nse
- packet-dnp.c
- ICS-pcap DNP3
- dnp-info - Nmap discovery script for DNP3
- dnp3-simulator - .NET DNP3 simulator with GUI
- FreyrSCADA DNP3 - DNP3 Protocol - Outstation Server and Client Master Simulator
- gec/dnp3 - Open source Distributed Network Protocol
- gec/dnp3slavesim - Parallel dnp3 slave simulator
- opendnp3 - DNP3 (IEEE-1815) protocol stack. Modern C++ with bindings for .NET and Java
- Step Function I/O DNP3 - Rust implementation of DNP3 (IEEE 1815) with idiomatic bindings for C, .NET, C++, and Java
-
Conferences
- NSM 101 for ICS - Chris Sistrunk @ DEF CON 23 101 Track (2015)
- SCADA Protocol Implementation Considerations | SANS ICS Concepts - @ SANS ICS Security (2022)
- Sniffing SCADA - Karl Koscher @ DEF CON 23 Packet Capture Village (2015)
-
-
Ether-S-I/O
-
EtherCAT
-
Tools
-
Articles
- Industrial Network Options: EtherCAT Advantages, Challenges, and Specs - Carlos Aguilar, Control Automation (2023)
- Industrial Network Options: EtherCAT Advantages, Challenges, and Specs - Carlos Aguilar, Control Automation (2023)
-
-
Ethernet/IP
-
Articles
- Ethernet/IP Specifications
- enip-info.nse - enumerate.nse](https://github.com/digitalbond/Redpoint/blob/master/enip-enumerate.nse) |
- packet-enip.c
- enipTCP.py
- ICS-pcap Ethernet/IP - pcap EIP](https://github.com/automayt/ICS-pcap/tree/master/EIP) |
- Fuzzing and PR’ing: How We Found Bugs in a Popular Third-Party EtherNet/IP Protocol Stack - Sharon Brizinov, Tal Keren (Claroty, 2021)
-
Tools
- CIPster - Ethernet/IP (Common Industrial Protocol) stack in C++
- cpppo - Communications Protocol Python Parser and Originator -- EtherNet/IP CIP
- enip-stack-detector - EtherNet/IP & CIP Stack Detector
- OpENer - EtherNet/IP stack for I/O adapter devices
- pycomm3 - A Python Ethernet/IP library for communicating with Allen-Bradley PLCs
- scapy-cip-enip - Ethernet/IP dissectors for Scapy
-
Documentations
- Common Industrial Protocol (CIP) and the family of CIP networks - ODVA publication (2016)
- Ethernet/IP - Overview on ODVA.org
-
Conferences
- Hunting EtherNet/IP Protocol Stacks - Sharon Brizinov @ SANS ICS Security Summit 2022
-
-
FF-HSE
-
Tools
-
-
FINS
-
Tools
- omrontcp-info.nse - info.nse](https://github.com/digitalbond/Redpoint/blob/master/omronudp-info.nse) |
- packet-omron-fins.c
-
-
FL-net
-
Conferences
-
-
HART-IP
-
Tools
-
Conferences
- Dissecting Industrial Wireless Implementations - Blake Johnson @ DEF CON 25 ICS Village (2017)
- DTM Components: Shadow Keys to the ICS Kingdom - Alexander Bolshev and Gleb Cherbov @ Black Hat Europe (2014)
- ICSCorsair: How I Will PWN Your ERP Through 4-20 mA Current Loop - Alexander Bolshev and Gleb Cherbov @ Black Hat USA (2014)
-
Articles
- WirelessHART Radio Communication Standard - Lessons in Industrial Automation textbook, Control Automation
- WirelessHART Radio Communication Standard - Lessons in Industrial Automation textbook, Control Automation
-
-
HICP
-
Conferences
- packet-hicp.c - shicp.c](https://github.com/wireshark/wireshark/blob/master/epan/dissectors/packet-shicp.c) |
- hicp.py
-
-
HL7
-
Conferences
- packet-hl7.c
- HL7Magic Medical Data Hacking Made Easy - Katie Inns @ DEF CON 31 (2023)
- Pestilential Protocol: How Unsecure HL7 Messages Threaten Patient Lives - Christian Dameff, Jeffrey Tully & Maxwell Bland @ Black Hat USA (2018)
- Playing with FHIR - Alissa Knight, Mitch Parker @ DEF CON 29 Biohacking Village (2021)
- Understanding HL7 2.X Standards, Pen Testing, and Defending HL7 2.X Messages - Anirudh Duggal @ Black Hat USA (2016)
- I Am Not a Doctor but I Play One on Your Network - Tim Elrod & Stefan Morris @ DEF CON 19 (2011)
- #HITB2017AMS D2T2 - Hacking Medical Devices And Healthcare Infrastructure - Anirudh Duggal - @ Hack In The Box (2017)
- Healthscare – An Insider's Biopsy of Healthcare Application Security - @ Black Hat (2021)
-
-
ICCP
-
Conferences
-
-
IEC-60870-5-104
-
Conferences
- IEC-60870-5-104 Specification
- iec-identify.nse
- packet-iec104.c
- iec104.py
- ICS-pcap IEC-60870-5-104 - research/tree/master/industroyer2) |
- Industroyer/Crashoverride: Zero Things Cool About a Threat Group Targeting the Power Grid - Anton Cherepanov, Ben Miller, Joe Slowik, Robert Lee, and Robert Lipovsky @ Black Hat USA (2017)
- Industroyer2: Sandworm's Cyberwarfare Targets Ukraine's Power Grid Again - Robert Lipovsky & Anton Cherepanov @ Black Hat USA (2022)
-
Papers
- Description and analysis of IEC 104 Protocol - Technical report by Petr Matousek @ Faculty of Information Techology, Czech Republic (2017)
-
Tools
- FreyrSCADA IEC-60870-5-104 - IEC 60870-5-104 Protocol - RTU Server and Master Client Simulator
- lib60870 - Implementation of the IEC 60870-5-101/104 protocol
-
-
IEC-61850
-
Tools
- IEC 61850 Specification
- packet-goose.c - sv.c](https://github.com/wireshark/wireshark/blob/master/epan/dissectors/packet-sv.c) |
- libiec61850 - Open-source library for the IEC 61850 protocols
-
Conferences
- Fuzz Testing IEC 61850 - Markus Mahrla @ CS3STHLM 2019
-
-
IEEE-C37.118
-
Tools
- packet-synphasor.c
- OpenPDC - Open Source Phasor Data Concentrator
- PyMU - Library based on the C37.118.2-2011 standard used for accessing PMU data in real-time
-
-
KNXnet/IP
-
Conferences
- KNXnet/IP Specifications
- knx-gateway-discover.nse - gateway-info.nse](https://nmap.org/nsedoc/scripts/knx-gateway-info.html) |
- packet-knxip.c
- knx.py
- Learn how to control every room at a luxury hotel remotely - Jesus Molina @ DEF CON 22 (2015)
- Learn How to Control Every Room at a Luxury Hotel Remotely - Jesus Nomeames @ Black Hat USA (2014)
- Sneak into buildings with KNXnet/IP - Claire Vacherot @ DEF CON 29 (2021)
- (in)Security in Building Automation: How to Create Dark Buildings with Light Speed - Thomas Brandstetter @ Black Hat USA (2017)
- InSecurity in Building Automation - Thomas Brandsetter @ DEF CON 25 ICS Village (2017)
- Pwning KNX & ZigBee Networks - HuiYu Wu, YuXiang Li & Yong Yang @ Hack In The Box (2018)
-
Documentations
- knx.org - KNX official website
-
Tools
- calimero - Lightweight KNX/IP framework in Java
- ETS - Engineering Tool Software for KNXnet/IP (ETS Demo is free)
- KNX Virtual - Windows-based application simulating a KNX installation
- Unpwning A Building - Peter Panholzer @ S4x22 (2022)
- BOF - Testing framework for industrial protocols
- knxd - KNXd service
- KNXmap - KNXnet/IP scanning and auditing tool
- XKNX - A KNX library written in Python
- ETS - Engineering Tool Software for KNXnet/IP (ETS Demo is free)
-
Papers
- An Overview of Wireless IoT Protocol Security in the Smart Home Domain - Stefan Marksteiner, Víctor Juan Expósito Jiménez, Heribert Vallant, Herwig Zeiner (2018)
-
-
LIS
-
LoRaWAN
-
Tools
- LoRaWAN specification
- packet-lorawan.c
- ChirpOTLE - LoRaWAN Security Evaluation Framework
- ChirpStack Network Server - Open-source LoRaWAN network-server
- lorawan-server - Compact server for private LoRaWAN networks
- lorawan-stack - Open Source LoRaWAN Network Server
-
Conferences
- Can you hear me now DEF CON - wasabi @ DEF CON 26 Wireless Village (2018)
- Lora Smart Water Meter Security Analysis - Zeng and Panel @ DEF CON 26 (2018)
- Outsmarting the Smart City - Daniel Crowley, Jennifer Savage and Mauro Paredes @ Black Hat USA (2018)
- Reversting LoRa Deconstructing a Next Gen Proprietary LP - Matt Knight @ DEF CON 24 Wireless Village (2016)
- #HITB2021AMS D2T2 - Security Analysis And Practical Attacks Of LPWAN - YuXiang Li & Wu HuiYu - @ Hack In The Box (2021)
- #HITBCyberWeek D3T1 - LoRaWAN Auditing - E. Martínez Fayó, M. Sequeira and C. Cerrudo - @ Hack In The Box (2020)
-
-
M-Bus
-
Tools
-
Conferences
- FuxNet: The New ICS Malware that Targets Critical Infrastructure Sensors - Noam Moshe @ SANS ICS Security (2024)
-
-
MELSEC
-
Conferences
- Taking Apart and Taking Over ICS & SCADA Ecosystems - Mars Cheng & Selmon Yang @ DEF CON 29 (2021)
- melsecq-discover.nse - discover-udp.nse](https://github.com/Z-0ne/ICS-Discovery-Tools/blob/master/melsecq-discover-udp.nse) |
-
-
Modbus
-
Conferences
- Modbus TCP Specification
- modbus-discover.nse - info.nse](https://github.com/digitalbond/Redpoint/blob/master/modicon-info.nse) |
- packet-mbtcp.c
- modbus.py
- ICS-pcap Modbus
- Industrial Control Systems : Pentesting PLCs 101 (Part 1/2) - Arnaud Soullie @ Black Hat Europe (2014)
- Industrial Control Systems : Pentesting PLCs 101 (Part 2/2) - Arnaud Soullie @ Black Hat Europe (2014)
- Industrial Protocol Gateways Under Analysis - Marco Balduzzi @ Black Hat USA (2020)
- Modbus Enumeration | SANS ICS Concepts - @ SANS ICS Security (2021)
- Modbus Man-In-The-Middle | SANS ICS Concepts - @ SANS ICS Security (2021)
- ModScan: A SCADA MODBUS Network Scanner - Mark Bristow @ DEF CON 16 (2013)
- Out of Control: Demonstrating SCADA device exploitation - Eric Forner & Brian Meixell @ Black Hat USA (2013)
- The SCADA That Didn't Cry Wolf- Who's Really Attacking Your ICS Devices - Kyle Wilhoit @ Black Hat USA (2013)
- Understanding SCADA's Modbus Protocol - Justin Searle @ Black Hat Asia (2015)
- Fun with Modbus 0x5a Nothing New Still Relevant? - Arnaud Soullié @ DEF CON 25 ICS Village (2017)
- Analyzing PIPEDREAM - Challenges in Testing an ICS Attack Toolkit - Jimmy Wylie @ DEF CON 30 (2022)
- Common Flaws in ICS Network Protocols - Mars Cheng & Selmon Yang @ Hack In The Box (2020)
- Modbus Traffic Analysis | SANS ICS Concepts - @ SANS ICS Security (2021)
- Industrial Protocol Gateways: A Deep-Dive of Moxa MGate 5105-MB-EIP - Philippe Lin @ Hack In The Box (2020)
- Stealing PLC Intellectual Property: A Red Teaming Story - Matteo Beccaro @ Hack In The Box (2017)
- Unraveling SCADA Protocols Using Sulley Fuzzer - Ganesh Devarajan @ DEF CON 15 (2014)
-
Articles
- Articles about Modbus - Ozeki
- Introduction to Modbus and Modbus Function Codes - Shawn Dietrich, Control Automation (2023)
- Introduction to Modbus and Modbus Function Codes - Shawn Dietrich, Control Automation (2023)
-
Tools
-
Documentations
- Modbus Mesulog Standard Functions Help - Description for Modbus standard functions
-
-
MQTT
-
Tools
-
Articles
- Not Just Another IIoT Article: MQTT for Pneumatic Cylinder Maintenance - Shawn Dietrich, Control Automation (2023)
- Not Just Another IIoT Article: MQTT for Pneumatic Cylinder Maintenance - Shawn Dietrich, Control Automation (2023)
-
Conferences
- Choo Choo, Network Train - The One to Rule Your Perimeter - Martin Hron @ Black Hat Europe (2022)
- Light Weight Protocol: Critical Implications - Lucas Lundgren, Neal Hindocha @ DEF CON 24 (2016)
- When Machines Can't Talk - Federico Maggi & Davide Quarta @ Black Hat Europe (2018)
-
-
Niagara Fox
-
Conferences
-
Tools
- foxdissector - Wireshark dissector for the Niagara Fox protocol in Lua
-
-
OPC-DA
-
Tools
- opc_da.py
- OPC Data Access IDAPython script - IDA Pro script to reverse engineer binaries containing OPC DA (ESET)
-
Conferences
-
-
OPC-UA
-
Tools
- OPC-UA Plugin
- freeopcua - Open Source C++ OPC-UA Server and Client Library
- opcua-asyncio - Asyncio-based asynchronous OPC UA client and server based on python-opcua
- opcua-client-gui - Simple OPC-UA GUI client
- python-opcua - OPC UA Client and Server in Python
- UA-.NETStandard - Official OPC UA .NET Standard Stack from the OPC Foundation
-
Articles
- OPC UA Deep Dive (Part 1): History of the OPC UA Protocol - Claroty Team82 (2023)
- OPC UA Deep Dive (Part 2): What is OPC UA? - Claroty Team82 (2023)
- OPC UA Deep Dive (Part 3): Exploring the OPC UA Protocol - Claroty Team82 (2023)
- OPC UA Deep Dive Series (Part 4): Targeting Core OPC UA Components - Claroty Team82 (2023)
- OPC UA Deep Dive Series (Part 5): Inside Team82’s Research Methodology - Claroty Team82 (2023)
- Practical example of fuzzing OPC UA applications - Kaspersky ICS-CERT (2020)
- Understanding the OPC Unified Architecture (OPC UA) Protocol - Anthony King Ho, Control Automation (2023)
- Understanding the OPC Unified Architecture (OPC UA) Protocol - Anthony King Ho, Control Automation (2023)
-
Conferences
- A Broken Chain: Discovering OPC UA Attack Surface and Exploiting the Supply Chain - Eran Jacob @ Black Hat USA (2021)
- Exploiting OPC UA - Practical Attacks Against OPC UA Architectures - Sharon Brizinov, Noam Moshe @ DEF CON 31 (2023)
- Resting on Feet of Clay: Securely Bootstrapping OPC UA Deployments - Alessandro Erba & Nils Ole Tippenhauer @ Black Hat Europe (2021)
- Open Platform Communications (OPC) | SANS ICS Concepts - @ SANS ICS Security (2021)
- Exploiting OPC-UA in Every Possible Way: Practical Attacks Against Modern OPC-UA Architectures - Sharon Brizinov & Noam Moshe @ Black Hat USA (2023)
-
Papers
- OPC UA Security Analysis - German Federal office for Information Security (2022)
- Security Analysis of Vendor Implementations of the OPC UA Protocol for Industrial Control Systems - Alessandro Erba, Anne Müller, Nils Ole Tippenhauer (2021)
- Exploring the OPC attack surface - Claroty Team82 (2021)
-
-
PC-WORX
-
Tools
-
-
PCCC
-
Articles
- AB/PCCC Protocol Tips - Lynn's Industrial Automation Protocol Tips blog
- Ethernet/IP PCCC Service Codes - Lynn's Industrial protocols over IP blog
-
-
ProConOs
-
Tools
-
-
Profinet-DCP
-
Tools
-
-
Profinet-IO
-
Tools
-
Articles
- What Is the Difference Between Profibus and Profinet? - Antonio Armenta, Control Automation (2021)
- What Is the Difference Between Profibus and Profinet? - Antonio Armenta, Control Automation (2021)
-
-
S7comm
-
Articles
- The Siemens S7 Communication - Part 1 General Structure - On GyM's Personal Blog (2016)
- The Siemens S7 Communication - Part 2 Job Requests and Ack Data - On GyM's Personal Blog (2017)
-
Conferences
- Fuzzing and Breaking Security Functions of SIMATIC PLCs - Gao Jian @ Black Hat Europe (2022)
- PLC-Blaster: A worm Living Solely In The PLC - Ralf Spenneberg, Maik Brueggemann & Hendrik Schwartke @ Black Hat Asia (2016)
- Rogue7: Rogue Engineering-Station Attacks on S7 Simatic PLCs - Uriel Malin, Sara Bitan, Avishai Wool and Eli Biham @ Black Hat USA (2019)
- The spear to break the security wall of S7CommPlus - Cheng Lei @ DEF CON 25 (2017)
- s7-info.nse - enumerate.nse](https://github.com/digitalbond/Redpoint/blob/master/s7-enumerate.nse) |
- packet-s7comm.c
- ICS-pcap S7
-
Tools
- Snap7 - Step7 Open Source Ethernet Communication Suite
- python-snap7 - A Python wrapper for the snap7 PLC communication library
- s7-pcaps - Traffic captures between STEP7/WinCC and S7-300/S7-400 PLCs
- s7scan - Scan networks to gather basic information about Siemens PLCs
-
-
SERCOS-III
-
Tools
-
-
SLMP
-
Tools
- SLMP specification
- PySLMPClient - Python client for SLMP
-
-
SOME/IP
-
Tools
-
Documentations
- SOME-IP.com - Main website with resources about SOME/IP
-
Conferences
- Automotive Ethernet Fuzzing - Jonghyuk Song, Soohwan Oh, Woongjo Choi @ DEF CON 30 (2022)
-
-
TriStation
-
Conferences
- TriStation.lua
- How TRITON Disrupted Safety Systems & Changed the Threat Landscape of Industrial Control Systems - Andrea Carcano, Marina Krotofil & Younes Dragoni @ Black Hat USA (2018)
- Thru the Eyes of the Attacker Designing Embedded Systems for ICS - Krotofil, Wetzels @ DEF CON 26 (2018)
-
Articles
- Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure - Blake Johnson, Dan Caban, Marina Krotofil, Dan Scali, Nathan Brubaker, Christopher Glyer @ Mandiant (2017, updated 2022)
- Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure - Blake Johnson, Dan Caban, Marina Krotofil, Dan Scali, Nathan Brubaker, Christopher Glyer @ Mandiant (2017, updated 2022)
-
Tools
- tricotools - Triconex TriStation utilities and tools
-
-
TSAA
-
Documentations
- Triconex System Access Application (TSAA) playlist - What Did You Learn Today (2021)
- Triconex System Access Application (TSAA) playlist - What Did You Learn Today (2021)
-
-
UMAS
-
Documentations
-
Articles
- Reverse of a schneider network protocol - biero llagas (2022)
- The secrets of Schneider Electric’s UMAS protocol - Kaspersky ICS CERT (2022)
- The Unity (UMAS) protocol (Part I) - Liras en la red (2017)
- The Unity (UMAS) protocol (Part II) - Liras en la red (2017)
- The Unity (UMAS) protocol (Part III) - Liras en la red (2017)
- The Unity (UMAS) protocol (Part IV) - Liras en la red (2017)
- The Unity (UMAS) protocol (Part V) - Liras en la red (2017)
-
Tools
- Malmod - Scripts to attack Modicon M340 via UMAS
- Apache PLC4PY UMAS Driver - UMAS protocol implementation in Python including ability to read the data dictionary (2024)
-
Conferences
- Going Deeper Into Schneider Modicon PAC Security - Gao Jian @ Hack In The Box (2021)
- Nakatomi Space: Lateral Movement As L1 Post-Exploitation In OT - Jos Wetzels @ Hack In The Box (2023)
-
-
ZigBee
-
Tools
-
Conferences
- A Lightbulb Worm? - Colin O'Flynn @ Black Hat USA (2016)
- Dont Be Silly It's Only a Lightbulb - Eyal Itkin @ DEF CON Safe Mode (2020)
- Exploring the 802 15 4 Attack Surface - FAZ @ DEF CON 26 WIRELESS VILLAGE (2018)
- Im A Newbie Yet I Can Hack ZigBee - Qing Yang @ DEF CON 23 (2015)
- ZigBee Exploited The Good, The Bad, And The Ugly - Tobias Zillner & Sebastian Strobl @ Black Hat USA (2015)
-
-
ATG
-
Tools
- GasPot - Honeypot simulating a Veeder Root Guardian AST
-
Articles
- Gas Station Nightmare: Are Exposed ATGs Our Next Security Crisis? - Jacob Marabelli (2023)
-
Conferences
- The Little Pump Gauge That Could: Attacks Against Gas Pump Monitoring Systems - Kyle Wilhoit and Stephen Hilt @ Black Hat USA (2015)
- Veeder Root serial interface manual for TLS-450 - 350](https://cdn.chipkin.com/files/liz/576013-635.pdf) |
- atg-info.nse
-
Documentations
- Network Router for ATG Applications Installation manual (577014-129) - Technical network documentation from Veeder Root
-
Papers
- The GasPot Experiment: Unexamined Perils in Using Gas-Tank-Monitoring Systems - Kyle Wilhoit and Stephen Hilt (Trend Micro, 2015)
-
-
XCP
-
Tools
- a2lparser - Python A2L parser and XML exporter
- xcpdump - ASAM XCP sniffer for SocketCAN
- XCP Book v1.5 - 1 XCP specifications](https://www.asam.net/standards/detail/mcd-1-xcp/) |
- automotive/xcp
- AutoFuze - Automotive Fuzzing tool providing XCP implementation over USB and CAN
-
Documentations
- ASAM wiki on XCP standard - Wiki describing protocol history, frame layout, etc.
- AutoSAR requirements on XCP - AutoSAR requirements to implement XCP stack in an ECU
- The XCP Reference Book - Free technical book on XCP protocol and how to use it (Vector)
-
-
GVSP
-
Tools
- GigeVision - Simple GigeVision implementation with GVSP and GVSP
- GigE Vision Standard
- packet-gvsp.c
-
-
BSAP
-
CODESYS
-
Conferences
- CoDe16; 16 Zero-Day Vulnerabilities Affecting CODESYS Framework Leading to Remote Code Execution - Vladimir Eliezer Tokarev @ Black Hat USA (2023)
- codesys-v2-discover.nse
-
-
FOCAS
-
Articles
- Exploring Fanuc FOCAS Connectivity - Machine Metrics
-
-
MTConnect
-
Conferences
- Abusing CNC Technologies - Marco Balduzzi @ Black Hat Europe (2022)
- An Analysis Of Computer Numerical Control Machines In Industry 4.0 - Marco Balduzzi @ Hack In The Box (2023)
-
Documentations
- MTConnect.org - MTConnect official website
-
Articles
- How to Collect Data Using MTConnect - Machine Metrics
-
-
RTPS
-
Articles
-
Conferences
- The Data Distribution Service (DDS) Protocol is Critical: Let's Use it Securely! - Federico Maggi, Erik Boasson @ Black Hat EU 2021
-
-
S-Bus
-
Conferences
-
-
ISA100.11a
-
Conferences
- It WISNt Me Attacking Industrial Wireless Mesh Networks - Paternotte and van Ommeren @ DEF CON 25 (2018)
-
-
MDLC
-
Conferences
- ICEFALL - Revisiting A Decade Of OT Insecure-By-Design Practices - Jos Wetzels @ Hack In The Box (2022)
-
-
ANSI-C12.22
-
- RFC 6142 - national-standard-for-protocol-specification-for-interfacing-to-data-communication-networks), [ANSI C12.19 Specification](https://www.nema.org/standards/view/american-national-standard-for-utility-industry-end-device-data-tables) |
- packet-c1222.c
-
Documentations
- ANSI C12.22 (c1222) - Description of protocol ANSI C12.22 on Wireshark Wiki
-
Articles
- An overview on ANSI C12.22 - Edward Beroset @ Electric Energy Online
-
Conferences
- Looking Into The Eye Of The Meter - Cutaway @ DEF CON 20 (2013)
-
-
LSV/2
-
Tools
- pyLSV2 - A pure Python3 implementation of the LSV2 protocol
-
Documentations
- Collecting Data with the LSV/2 Protocol - General information about the protocol LSV/2
-
-
Crimson
-
Conferences
-
Articles
- Analysing the Attack Surface of an Industrial Data Acquisition Device - Overview of a Red Lion device using Crimson 3 (Andrew Ramsdale, 2019)
-
-
GVCP
-
Articles
-
Documentations
- GVCP packets - Details about GVCP packets from Aravis' documentation
-
Categories
CAN
35
Modbus
28
OPC-UA
22
KNXnet/IP
21
Ethernet/IP
15
DNP3
14
S7comm
13
BACnet/IP
13
UMAS
13
LoRaWAN
12
DICOM
11
ZigBee
11
IEC-60870-5-104
10
XCP
8
HL7
8
MQTT
8
ATG
7
HART-IP
7
POWERLINK
6
TriStation
6
DF1
5
CIP
5
ANSI-C12.22
5
MTConnect
4
IEC-61850
4
EtherCAT
4
Profinet-IO
3
CC-Link IE
3
IEEE-C37.118
3
OPC-DA
3
DeviceNet
3
SOME/IP
3
RTPS
3
Crimson
3
GVSP
3
PCCC
2
M-Bus
2
LSV/2
2
MELSEC
2
FINS
2
Niagara Fox
2
S-Bus
2
Ether-S-I/O
2
SLMP
2
GVCP
2
TSAA
2
HICP
2
CODESYS
2
SERCOS-III
1
ProConOs
1
ICCP
1
FOCAS
1
Profinet-DCP
1
ISA100.11a
1
FF-HSE
1
CSPv4
1
BSAP
1
PC-WORX
1
MDLC
1
LIS
1
FL-net
1
Sub Categories
Keywords
python
9
protocol
5
lorawan
4
lora
4
dnp3
3
plc
3
python3
3
knx
3
automotive
3
asyncio
2
industrial-automation
2
modbus
2
iot
2
ethernet
2
cip
2
c
2
scada
2
opc-ua
2
dbc
2
can-bus
2
can
2
dicom
2
iec-104-protocol-stack
1
iec-104-protocol-source-code
1
iec-104-protocol
1
specification
1
iec-104-linux
1
iec-104-gateway
1
iec-104-code
1
iec-104-client-simulator
1
iec-104-arm
1
rslinx
1
rockwell
1
vector
1
programmable-logic-controller
1
arxml
1
cdd
1
industrial-controllers
1
hadoop
1
complex-event-processing
1
bpa-pdc-stream
1
mms
1
iec-61850
1
goose
1
iec104scl
1
iec104-windows
1
iec104-sourcecodelibrary
1
iec104-source-code-library
1
iec104-server-simulator
1
iec104-linux
1