This page is a compilation of a variety of resources that can be used to help Assess, Test and Secure industrial control systems.  Information contained on these pages is a combination of that developed by SCADAhacker, as well as other forms of open-source information collected through various forums, websites, conferences, etc.  Whenever possible, a link to the original source will be provided; however, since some of these sites may no longer be active, some material will be downloaded directly from this site. 

Dragonfly/Havex Reference Material

Last update:  June 25, 2015 (10:40UTC) - Open-Source Vulnerability Database (OSVDB)

(Click here to search ICS vulnerability disclosures on OSVDB for 2015 | All)

Note: OSVDB appears to have stopped collected ICS-specific vulnerables in late-May 2015.  It is unclear if they will correct this problem in the near future. Data for 2015 should not be used for annual comparative analysis.

U.S. ICS-CERT Advisories
U.S. ICS-CERT Alerts

ABB - Cyber Security Alerts and Notifications
GE-IP - Security Advisories
Invensys - Cyber Security Updates
Rockwell Automation (Allen-Bradley) - Security Advisory Index [login required]
Schneider Electric - Product Vulnerability and Security Advisories
Siemens - ProductCERT Security Advisories

Worldwide Computer Emergency Readiness Team (CERT) Organizations
Forum of Incident Response and Security Teams (FIRST) - Alphabetical List of Members

Demonstration Videos
Webcasts
Cheat Sheets
Training Material via External Websites
Linux/UNIX Reference Material and Websites
Useful Video Feeds

Webcasts
ICS Security Posters and Brochures
Surveys
ICS Summit Archives
Newsbites
White Papers
Helpful Websites
Press

2014 Event Archives
Kuwait Industrial Automation & Control System (KIACS) Cyber Security 2014
DigitalBond S4x14

ICS-CERT Industrial Control Systems Joint Working Group (ICSJWG)
ICSJWG - May 2013 - Whitepapers and Presentations [*] (Conference not held due to sequestration)
ICSJWG - Fall - 2012 Conference [*] 
ICSJWG - Spring - 2012 Conference [*]
ICSJWG - Fall - 2011 Conference [*] 
ICSJWG - Spring - 2011 Conference [*] 
ICSJWG - Fall - 2010 Conference [*] 
ICSJWG - Spring - 2010 Conference [*]
[*] Homeland Security Information Network (HSIN) access privileges required to view content.

SCADA at BlackHat 2013
Out of Control: SCADA Device Exploitation - Cimation ( Slides | Paper )
The SCADA That Didn't Cry Wolf - Trend Micro

2013 Event Archives
EnergySec 9th Annual Security Summit Presentation Archive (September 17-19, 2013)
DigitalBond S4x13

SANS ICS Summit Archives
ICS Security Europe - Amsterdam 2014 (65.8MB)
ICS Security Summit - Orlando 2014 (25.5MB)
ICS Security Summit - Orlando 2013 (32.1MB)
ICS Security Summit - Singapore 2013 (34.6MB)
ICS Security Summit - Orlando 2012 (47.2MB)
ICS Security Summit - Barcelona 2012 (30.3MB)
ICS Security Summit - Orlando 2011 (35.1MB)
ICS Security Summit - Rome 2011 (25.8MB)
ICS Security Summit - Orlando 2010 (60.3MB)
ICS Security Summit - London 2010 (52.3MB)
ICS Security Summit - Orlando 2009 (19.4MB)
ICS Security Summit - Stockholm 2009 (8.73MB)
ICS Security Summit - Orlando 2008 (9.54MB)
ICS Security Summit - Amsterdam 2008 (12/6MB)

EnergySec 9th Annual Security Summit Presentation Archive (September 17-19, 2013)
Black Hat Webinar - The State of Security Vulnerabilities in 2011 (presented Dec. 8, 2011)
Hacking Embedded Systems for Fun & Profit
SCADA and PLC Vulnerabilities in Correctional Facilities (view Video Interview on Blip.tv)

Stronger than Firewalls - And Cheaper Too! published September 20, 2012
Cyber Security for Industrial Control Systems presented at The Automation Conference - May 22, 2012
Future of Security Industrial Endpoints published February 16, 2012
Guidance for Unidirection, Routable Communications (NERC CAN-0024) published January 24, 2012

Industrial Control System - Information Sharing & Analysis Center (ICS-ISAC)
National Electric Sector Cybersecurity Organization (NESCO)
EnergySec
InfraGard

Bugtraq (seclists.org)
Computer Security Vulns
Exploit-DB
National Vulnerability Database (NIST)
Rapid 7 (Metasploit) Vulnerabilities & Exploit Modules
Secunia
Security Focus (by Symantec)

Automation.com
Automation World
Control Engineering
Control Global
Industrial Safety & Security Source (ISSSource)

Shodanhq Web Site
ICS/SCADA/PLC Google/Shodan Cheat Sheet (SCADAStrangeLove)
Shodan for Pen Testers (Def Con 18)
What You Should Know About SHODAN and SCADA (DigitalBond)
Project SHINE: 1,000,000 Internet-Connected SCADA and ICS Systems and Counting (Tofino Security)

Security Testing Frameworks
Industrial Protocol Fuzzers
Individual Installable Tools for Windows, Linux and MAC OS
Android and Tablet Security Applications
Documentation
Websites
Supplimental Tools

Due to issues with GoDaddy, this content is unavailable at this time. I hope to have this resolved shortly. Thank you for your patience.

Coming soon ....

Windows Machines Compromised by Default Configuration Flaw in IPv6

Duqu Reference Material

Stuxnet Reference Material
Stuxnet Mitigation Recommendations
Demonstration Video - Introduction, Installation, and Injection Methods
Demonstration Video - Using Software Restrition Policy as a Mitigation

CNN talks with Kevin Mitnick  (August 31, 2011)
BBC Outriders Podcast with Kevin Mitnick  (August 23, 2011)
Steven Colbert talks to Kevin Mitnick  (August 18, 2011)
Steven Colbert talks to David Albright about Stuxnet