Home -> Revision History -> 2011

Site Revision History - 2011

December 31, 2011

Updated Vulnerability Reference list with updated (Siemens, Sielco Sistemi, and ScadaTEC) vulnerability information.

December 23, 2011

Updated Vulnerability Reference list with new (Siemens) and updated (7-Technologies and WellinTech) vulnerability information.

December 22, 2011

Updated Vulnerability Reference list with new (WellinTech and 7-Technologies) vulnerability information.

December 21, 2011

Added National Terrorism Advisory System widget to Home page. Updated Vulnerability Reference list with new (Invensys Wonderware and 7-Technologies) vulnerability information.

December 20, 2011

Added "Popular Links" to Home page. Revised wording on Training page to improve search results. Added additional video feeds to How To section of Resources page. Added section on Vulnerability Reference that contains direct links to vendor security sections of their websites. Added new MSF module references for existing pages (Beckhoff), plus some previously undocumented vulns (BACnet, Unitronics). Updated Vulnerability Reference page with revised (Siemens)ALM vulnerability information.

December 15, 2011

Redesigned Home page with simplified format and navigation. Added links to social media (Twitter, Facebook, and YouTube) on Home, About, and Contact pages. Added small Twitter feed to sidebar of Home page.

December 14, 2011

Updated all current vulnerability reference pages with related articles from ISSSource.

December 13, 2011

Added new Training page under Services, and updated toolbar on all pages to include quick link to Training. Moved social networks and media from Home page to About page to support upcoming restructuring of the website landing page.

Updated Vulnerability Reference page with new (Schneider Quantum and 7T / SafeNet) vulnerability information.

December 12, 2011

Added new "Coordinated Disclosures of Interest" to the ICS Vulnerability Reference page. Reorganized ICS Vulnerability Reference page to a summary format.

December 9, 2011

Added presentation given by IBM X-Force during a Black Hat Webinary on Dec. 8, 2011 entitled "The State of Security Vulnerabilities in 2011" to the Resources page.

December 8, 2011

Added Shodan Search module to MSF reference page under the "Resources" section. Added new "Useful Video Feeds" section to the How-To page under Resources. Added link to Dillon Beresford's work on SIMATIC PLCs including a video of an interview with SC Magazine at Black Hat 2011 to the Resources page.

December 7, 2011

Added a new page to the Resources section which provides information on Metasploit modules that have been developed for disclosed SCADA and ICS system vulnerabilities. Updated Vulnerability Reference list with revised (CoDeSys) vulnerability information.

December 6, 2011

Updated Vulnerability Reference list with new (InduSoft, Microsys, and Sielco Sistemi) and revised (ARC Informatique) vulnerability information. Updated Vulnerability Reference list with additional links for GE-IP Proficy. Cleaned up header link on all VulnDB pages from "Home" to "Resources".

December 5, 2011

Updated Vulnerability Reference list with new (CoDeSys) and revised (Siemens) vulnerability information. Updated About page with latest presentations from SMI Oil & Gas Cyber Security (London) and OSIsoft vCampus Live (San Francisco).  Also cleaned up outdated information from Home page.

November 29, 2011

Updated Vulnerability Reference list with new (Siemens Automation License Manager and WinCC, Optima APIFTP, and Schneider Vijeo Historian) and revised (GE Proficy Historian) vulnerability information.

November 24, 2011

Added new technical paper from Exploit-DB on "Hacking Embedded Systems", and video interview of authors of "SCADA and PLC Vulnerabilities in Correctional Facitlities".

November 21, 2011

Updated Home page with information regarding recent hacks on two water utility districts, including links to related articles including those from one of the hackers.

November 20, 2011

Added RSS Feed for site to Home page. (Will be added to the bottom of each page in coming months.

November 11, 2011

Added 3 new demo videos on password sniffing to the How-To page.

November 10, 2011

Added new Documentation section to Tools page, and included some Metasploit/Meterpreter docs.

November 9, 2011

Added John Cusimano's presentation from ISA Automation Week 2011 on Threat Modeling for ICS. Cleaned up dated material on Home page. Also added CitectSCADA download and new Technical Papers/Presentations section to Resources page. Updated Vulnerability Reference list with new (Schneider CitectSCADA / Mitsubishi MX4 SCADA) and revised (Schneider UnitelWay) vulnerability information.

November 6, 2011

Added Rockwell downloads to Resources page. 

November 5, 2011

Updated Vulnerability Reference list with new (Advantech ADAM OPC Server) vulnerability information.

November 3, 2011

Added link to Anti Android Network Toolkit to the Tools page.

November 2, 2011

Updated Vulnerability Reference list with new (GE Proficy, Advantech BroadWin) and updated (Advantech BroadWin) vulnerability information.

October 28, 2011

Updated Vulnerability Reference list with new (Schneider) and updated (Progea) vulnerability information.

October 27, 2011

Updated Vulnerability Reference list with new (Microsys) and revised (Unitronics) vulnerability information.

October 26, 2011

Created new Duqu Resource Page contained useful reports, blogs, and other valuable information. Added latest presentation on NBA-IDS presented at ICSJWG Fall Conference to About page.

October 23, 2011

Updated Vulnerability Reference list with new updates for Irai, Atvise, Honeywell and Open Automation Software.

October 22, 2011

Updated Vulnerability Reference list with new (Iconics, InduSoft, Unitronics) and revised (Arc Informatique, Cogent, Rockwell, Beckhoff) vulnerability information. Added reference conference presentations from the PI General Assembly (Arizona), Digiware Trends Meeting (Columbia) and Auditors Conference (Columbia) to the About page.

October 19, 2011

Reorganized files/folders to improve Google sitelist results.

October 4, 2011

Updated Upcoming Events to include Digiware's InfoSec Trends Meeting in Bogota, Columbia.

September 29, 2011

Updates to SCADA/ICS Vulnerability References list with new vulnerabiliites for ARC Informatique PcVue HMI/SCADA.

September 27, 2011

Updates to SCADA/ICS Vulnerability References list with new vulnerabiliites for Sunway ForceControl and pNetPower.

September 22, 2011

Updates to SCADA/ICS Vulnerability References list with new information for Cogent DataHub (new exploit) and Azeotech DAQFactory (new reference info).

September 21, 2011

Updates to SCADA/ICS Vulnerability References list with new information for Measuresoft Scadapro (CVE references) and Azeotech DAQFactory (5.86 upgrade download).

September 20, 2011

Updates to SCADA/ICS Vulnerability References list with new Metasploit module for AzeoTech DAQFactory, and provided new Rockwell RSLogix info. Corrected link error for EDB-ID on Measuresoft Scadapro page. Removed meaninglist "Metasploit ID" information from affected pages.

September 15, 2011

Updates to SCADA/ICS Vulnerability Reference list with new Metasploit modules (Scadatec Procyon and ScataTEC Scadaphone/ModbusTagServer).

September 14, 2011

Updates to SCADA/ICS Vulnerability Reference list (6 disclosures from Luigi Auriemma).

September 13, 2011

Updates to SCADA/ICS Vulnerability Reference list (ScadaTEC ScadaPhone / ModbusTagServer).

September 7, 2011

Updates to SCADA/ICS Vulnerability Reference list (multiple updates).

September 6, 2011

Launched new "SCADA/ICS Vulnerability Reference List" on Resources Page.
Added winAUTOPWN auto shell gaining tool and PenTestMonkey cheat sheets to Tools Page.
Added lots of Linux/UNIX reference material to How-To Page.
Added Mitnick talk with CNN to Resources Page under "On a Lighter Note".
Added OpenVAS to Tools Page.

September 1, 2011

Updated How-To Page under Resources with new netcat reference sheet.

August 30, 2011

Added new 3-part video from Andrew Whitacker on exploit development "From Fuzzer to Metasploit".

August 29, 2011

Added Breaking News to home page.

August 26, 2011

Added new links to websites, and included NST under the Testing Frameworks on the Tools Page.

August 25, 2011

Added Dillon Beresford's paper and presentation from Black Hat 2011 to the Resources Page.
Added new "How To" video on "client side" and "pivot" attacks on a fully patched system.
Added some new password and hashing apps to the Tools page.

August 22, 2011

Added new page containing Stephen Colbert's interview with Kevin Mitnick on "The Colbert Report".
Updated Tools Page under Resources which includes new Backtrack 5 R1 and direct site links (no torrent required).

August 9, 2011

Updated How-To Page under Resources with new CEH and NMap reference guides submitted by a visitor.
Updated Contact page with new mailing address.

July 27, 2011

Added Site Revision History page.
Updated events calendar.
Updated About page with recent presentations from SCADA [in]Security Malaysia to About page.

July 20, 2011

Updated Resources page with a collection of security-related reference or "cheat" sheets to the How-To section.

July 7, 2011

Updated About page with recent presentations from Siemens User Summit including audio webcasts of both presentations.

May 24, 2011

Updated About page with recent presentations from ICSJWG, Central States Refining Conference, and SMI Cyber Defense Turkey.

May 4, 2011

Added ICSJWG Demo Video that looks at one of Luigi Auriemma's SCADA vulnerabilities and how this can be converted into a successful attack against a control system.

April 27, 2011

Added New Demo Video that looks at the Siemens FactoryLink SCADA system and implements industrial firewalls and IDS for defense-in-depth against SCADA zero-days.

March 21, 2011

Updated Resources page with proof-of-concept code for March 21 disclosure of vulnerabilities in current Siemens, Iconics, RealWin and IGSS SCADA software.

Updated Stuxnet Resource page with new blog by Eric Byres and associated presentation.

March 19, 2011

Updated Resources page with Tools, How-To Videos & White Papers, SCADA/ICS Exploits, SCADA Demo Software, Fun Multimedia Clips (Colbert, Simpsons) and Stuxnet Resources.

Step-by-step instructions to exploit a SCADA/ICS System!