SlideShare une entreprise Scribd logo
1  sur  9
Télécharger pour lire hors ligne
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet




  Gleb Gritsai, Alexander Timorin, Yuri Goltsev, Roman Ilin



               http://scadastrangelove.org/
vendor                product                      google dork                 network info

Siemens     S7-200
                                                                    all models: tcp/udp/102 (by vuln info)




            S7-300                                                  snmp: Siemens, SIMATIC, S7




            S7-3** , PCS7          inurl:/Portal0000.htm            http: /S7Web.css



            Simatic S7                                              snmp: Siemens, SIMATIC S7, CPU-1200
                                                                    Siemens, SIMATIC S7, CPU317-2 PN/DP
                                                                    Siemens, SIMATIC S7, CPU315-2 PN/DP
Siemens, SIMATIC S7 ***

                                      inurl:"Portal/Portal.mwsl"   http: /S7Web.css




Automation License Manager                                         tcp/4410 (by vuln info)




Scalance S,X Security Module firewall                              telnet: Simatic, Scalance
                                                                   snmp: Scalance S*, Scalance W*,
                                                                   Scalance X*
                                                                   DCP protocol (by vuln info)
                                                                   tcp/80




                                                                   netbios: WINCC_SRV21 <0x0>
                                                                   SIEMENS <0x0>
Wincc flexible                                                     WINCC_SRV21 <0x20>
Wincc flexible runtime / TIA Portal                                tcp/2308 (by vuln info)
                                                                   tcp/50523 (by vuln info)
Synco OZW (Web server)                                                       http




SIMATIC HMI Miniweb      intitle:"Miniweb Start Page" | "/CSS/Miniweb.css"   http: /CSS/Miniweb.css




Simatic HMI                                                                  snmp: Siemens, SIMATIC HMI, ***




                                                                             telnet:Welcome to the Windows CE
                                                                             Telnet Service on HMI_Panel
vendor                  product                                google dork                                   network info




               DeltaV and DeltaV
               Workstations/DeltaV
Emerson        ProEssentials Scientific Graph                                                      tcp/udp/111 (by vuln info)



               DeltaV Service Information
               System Ver3.3



   vendor                  product                                google dork                                   network info

Allen-Bradley
Rockwell Automation



               ControlLogix                                                                        tcp/udp/44818 , http
               CompactLogix                     intitle:"Rockwell Automation" "Device Name" "Uptime"
PLC5                                                                http, snmp




                                            inurl:dtm.html intitle:1747-L552
                 SLC-5                      inurl:dtm.html intitle:1747-L551         http, snmp

                 Micrologix                 inurl:home.htm intitle:1766              http, snmp




   vendor                     product                         shodanhq dork                       network info
Schneider Electric



                 PM820SD                    Schneider Electric - PM820SD port:161




                 PM870SD                    Schneider Electric - PM870SD port:161
                 ECC21                      Schneider Electric - ECC21 port:161
                 EGX100MG                   Schneider Electric - EGX100MG port:161



                 PowerLogic PM800           PowerLogic PM800 port:80

                 PowerLogic ION8650 A/B/C   ION8650
PowerLogic ION8650 A/B/C)   8650 ION




PowerLogic ION8600          8600 ION



PowerLogic ION7650/7550     ION 7550


PowerLogic ION7650/7550     ION 7650

PowerLogic ION7300          ION 7300

PowerLogic ION6200          ION6200

PowerLogic PM1200           PM1200

PowerLogic DM6200           DM6200

Powerlogic Enercept

Powerlogic Energy Meter

PowerLogic Branch Current
Monitor                     BCM42

PowerLogic EM4800
PowerLogic E5600

                 PowerLogic Ethernet Gateway
                 (EGX)                         EGX100

                 PowerLogic EGX300             EGX300

                 PowerLogic ION7550RTU         ION 7550RTU
                                               schneider electric




   vendor                     product                               google dork          network info
Schneider Electric
                 Modicon                       intitle:"Quantum CPU Web Server"
                 Quantum/Premiun/Micro         intitle:"Premium CPU Web Server"

                                               intitle:"Citect Web" inurl:scada
                 CitectSCADA                   filetype:htm
                 CitectFacilities




                                               shodanhq: ClearSCADA
                                               "ViewXCtrl is not supported in this web
                                               browser."
                 ClearSCADA                    intitle:"ClearSCADA Home"


                 UnitelWay Device Driver
Vijeo Historian Web Server   several products




             Modicon M340                                                                snmp: "Modicon M340"




    vendor                product                             google dork                           network info
General
Electric

             Cimplicity                   intitle:"CIMPLICITY WebView" inurl:main.html   http




             Proficy                      inurl:ProficyPortal/default.asp                http

Contenu connexe

Tendances

Malware analysis _ Threat Intelligence Morocco
Malware analysis _ Threat Intelligence MoroccoMalware analysis _ Threat Intelligence Morocco
Malware analysis _ Threat Intelligence MoroccoTouhami Kasbaoui
 
Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASBAmmar Hasayen
 
Web Security Deployment
Web Security DeploymentWeb Security Deployment
Web Security DeploymentCisco Canada
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationPriyanka Aash
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 
QRadar Architecture.pdf
QRadar Architecture.pdfQRadar Architecture.pdf
QRadar Architecture.pdfPencilData
 
Presentation cisco iron port email & web security
Presentation   cisco iron port email & web securityPresentation   cisco iron port email & web security
Presentation cisco iron port email & web securityxKinAnx
 
Mongoose H4D 2021 Lessons Learned
Mongoose H4D 2021 Lessons LearnedMongoose H4D 2021 Lessons Learned
Mongoose H4D 2021 Lessons LearnedStanford University
 
A Risk Based Approach to Security Detection and Investigation by Kelby Shelton
A Risk Based Approach to Security Detection and Investigation by Kelby SheltonA Risk Based Approach to Security Detection and Investigation by Kelby Shelton
A Risk Based Approach to Security Detection and Investigation by Kelby SheltonJohn Billings CISSP
 
IBM Security Software Solutions - Powerpoint
 IBM Security Software Solutions - Powerpoint IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - PowerpointThierry Matusiak
 
Azure Just in Time Privileged Identity Management
Azure Just in Time Privileged Identity ManagementAzure Just in Time Privileged Identity Management
Azure Just in Time Privileged Identity ManagementMario Worwell
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...Iftikhar Ali Iqbal
 
Connecting Your SIEM Tool with Akamai Security Events
Connecting Your SIEM Tool with Akamai Security EventsConnecting Your SIEM Tool with Akamai Security Events
Connecting Your SIEM Tool with Akamai Security EventsAkamai Developers & Admins
 
Bypassing nac solutions and mitigations
Bypassing nac solutions and mitigationsBypassing nac solutions and mitigations
Bypassing nac solutions and mitigationsSuraj Khetani
 
Introduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for BusinesssIntroduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for BusinesssAndrew Wong
 
siem-180906233759.pptx
siem-180906233759.pptxsiem-180906233759.pptx
siem-180906233759.pptxStyvePola1
 

Tendances (20)

Malware analysis _ Threat Intelligence Morocco
Malware analysis _ Threat Intelligence MoroccoMalware analysis _ Threat Intelligence Morocco
Malware analysis _ Threat Intelligence Morocco
 
Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASB
 
Web Security Deployment
Web Security DeploymentWeb Security Deployment
Web Security Deployment
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
 
QRadar Architecture.pdf
QRadar Architecture.pdfQRadar Architecture.pdf
QRadar Architecture.pdf
 
Presentation cisco iron port email & web security
Presentation   cisco iron port email & web securityPresentation   cisco iron port email & web security
Presentation cisco iron port email & web security
 
Mongoose H4D 2021 Lessons Learned
Mongoose H4D 2021 Lessons LearnedMongoose H4D 2021 Lessons Learned
Mongoose H4D 2021 Lessons Learned
 
Network Access Control (NAC)
Network Access Control (NAC)Network Access Control (NAC)
Network Access Control (NAC)
 
NIST CSF Overview
NIST CSF OverviewNIST CSF Overview
NIST CSF Overview
 
A Risk Based Approach to Security Detection and Investigation by Kelby Shelton
A Risk Based Approach to Security Detection and Investigation by Kelby SheltonA Risk Based Approach to Security Detection and Investigation by Kelby Shelton
A Risk Based Approach to Security Detection and Investigation by Kelby Shelton
 
IBM Qradar
IBM QradarIBM Qradar
IBM Qradar
 
IBM Security Software Solutions - Powerpoint
 IBM Security Software Solutions - Powerpoint IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - Powerpoint
 
Azure Just in Time Privileged Identity Management
Azure Just in Time Privileged Identity ManagementAzure Just in Time Privileged Identity Management
Azure Just in Time Privileged Identity Management
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
 
Connecting Your SIEM Tool with Akamai Security Events
Connecting Your SIEM Tool with Akamai Security EventsConnecting Your SIEM Tool with Akamai Security Events
Connecting Your SIEM Tool with Akamai Security Events
 
Bypassing nac solutions and mitigations
Bypassing nac solutions and mitigationsBypassing nac solutions and mitigations
Bypassing nac solutions and mitigations
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
 
Introduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for BusinesssIntroduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for Businesss
 
siem-180906233759.pptx
siem-180906233759.pptxsiem-180906233759.pptx
siem-180906233759.pptx
 

Similaire à ICS/SCADA/PLC Google/Shodanhq Cheat Sheet

ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2qqlan
 
Technical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series SwitchesTechnical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series SwitchesRobb Boyd
 
ScilabTEC 2015 - Xilinx
ScilabTEC 2015 - XilinxScilabTEC 2015 - Xilinx
ScilabTEC 2015 - XilinxScilab
 
Scada deep inside: protocols and security mechanisms
Scada deep inside: protocols and security mechanismsScada deep inside: protocols and security mechanisms
Scada deep inside: protocols and security mechanismsAleksandr Timorin
 
SCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имяSCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имяEkaterina Melnik
 
SCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the NameSCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the NamePositive Hack Days
 
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)Michael Smith
 
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...arnaudsoullie
 
CHM_Technologies_PLC.ppt
CHM_Technologies_PLC.pptCHM_Technologies_PLC.ppt
CHM_Technologies_PLC.pptVinothInst
 
FE_Technologies_PLC.ppt
FE_Technologies_PLC.pptFE_Technologies_PLC.ppt
FE_Technologies_PLC.pptDilupa Herath
 
SELTA Energy Automation Portfolio 2018
SELTA Energy Automation Portfolio 2018SELTA Energy Automation Portfolio 2018
SELTA Energy Automation Portfolio 2018SELTA
 
practical-guide-to-opcua.pdf
practical-guide-to-opcua.pdfpractical-guide-to-opcua.pdf
practical-guide-to-opcua.pdfssuser357595
 
Edge-Core - экономия без потери качества | Семинар для интеграторов 15.06.17
Edge-Core - экономия без потери качества | Семинар для интеграторов 15.06.17Edge-Core - экономия без потери качества | Семинар для интеграторов 15.06.17
Edge-Core - экономия без потери качества | Семинар для интеграторов 15.06.17ROMSAT
 
26.1.7 lab snort and firewall rules
26.1.7 lab   snort and firewall rules26.1.7 lab   snort and firewall rules
26.1.7 lab snort and firewall rulesFreddy Buenaño
 
PARAMETER SENSING REMOTE OPERATED VIDEO ENHANCED RECEIVER
PARAMETER SENSING REMOTE OPERATED VIDEO ENHANCED RECEIVERPARAMETER SENSING REMOTE OPERATED VIDEO ENHANCED RECEIVER
PARAMETER SENSING REMOTE OPERATED VIDEO ENHANCED RECEIVERShaheem TM
 
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdf
BRKRST-3068  Troubleshooting Catalyst 2K and 3K.pdfBRKRST-3068  Troubleshooting Catalyst 2K and 3K.pdf
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdfssusercbaa33
 

Similaire à ICS/SCADA/PLC Google/Shodanhq Cheat Sheet (20)

ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
 
Technical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series SwitchesTechnical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series Switches
 
ScilabTEC 2015 - Xilinx
ScilabTEC 2015 - XilinxScilabTEC 2015 - Xilinx
ScilabTEC 2015 - Xilinx
 
Scada deep inside: protocols and security mechanisms
Scada deep inside: protocols and security mechanismsScada deep inside: protocols and security mechanisms
Scada deep inside: protocols and security mechanisms
 
SCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имяSCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имя
 
SCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the NameSCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the Name
 
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
 
Mohamed Zakaria 01-2017
Mohamed Zakaria 01-2017Mohamed Zakaria 01-2017
Mohamed Zakaria 01-2017
 
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
 
FE_Technologies_PLC.ppt
FE_Technologies_PLC.pptFE_Technologies_PLC.ppt
FE_Technologies_PLC.ppt
 
CHM_Technologies_PLC.ppt
CHM_Technologies_PLC.pptCHM_Technologies_PLC.ppt
CHM_Technologies_PLC.ppt
 
FE_Technologies_PLC.ppt
FE_Technologies_PLC.pptFE_Technologies_PLC.ppt
FE_Technologies_PLC.ppt
 
SELTA Energy Automation Portfolio 2018
SELTA Energy Automation Portfolio 2018SELTA Energy Automation Portfolio 2018
SELTA Energy Automation Portfolio 2018
 
practical-guide-to-opcua.pdf
practical-guide-to-opcua.pdfpractical-guide-to-opcua.pdf
practical-guide-to-opcua.pdf
 
Edge-Core - экономия без потери качества | Семинар для интеграторов 15.06.17
Edge-Core - экономия без потери качества | Семинар для интеграторов 15.06.17Edge-Core - экономия без потери качества | Семинар для интеграторов 15.06.17
Edge-Core - экономия без потери качества | Семинар для интеграторов 15.06.17
 
26.1.7 lab snort and firewall rules
26.1.7 lab   snort and firewall rules26.1.7 lab   snort and firewall rules
26.1.7 lab snort and firewall rules
 
S7 bas-16
S7 bas-16S7 bas-16
S7 bas-16
 
Overview of RTaW SysML-Companion
Overview of RTaW SysML-Companion Overview of RTaW SysML-Companion
Overview of RTaW SysML-Companion
 
PARAMETER SENSING REMOTE OPERATED VIDEO ENHANCED RECEIVER
PARAMETER SENSING REMOTE OPERATED VIDEO ENHANCED RECEIVERPARAMETER SENSING REMOTE OPERATED VIDEO ENHANCED RECEIVER
PARAMETER SENSING REMOTE OPERATED VIDEO ENHANCED RECEIVER
 
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdf
BRKRST-3068  Troubleshooting Catalyst 2K and 3K.pdfBRKRST-3068  Troubleshooting Catalyst 2K and 3K.pdf
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdf
 

Plus de qqlan

D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1   t. yunusov k. nesterov - bootkit via smsD1 t1   t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsqqlan
 
Kaspersky SAS SCADA in the Cloud
Kaspersky SAS SCADA in the CloudKaspersky SAS SCADA in the Cloud
Kaspersky SAS SCADA in the Cloudqqlan
 
Миссиоцентрический подход к кибербезопасности АСУ ТП
Миссиоцентрический подход к кибербезопасности АСУ ТПМиссиоцентрический подход к кибербезопасности АСУ ТП
Миссиоцентрический подход к кибербезопасности АСУ ТПqqlan
 
ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...
ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...
ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...qqlan
 
Best of Positive Research 2013
Best of Positive Research 2013Best of Positive Research 2013
Best of Positive Research 2013qqlan
 
Web-style Wireless IDS attacks, Sergey Gordeychik
Web-style Wireless IDS attacks, Sergey GordeychikWeb-style Wireless IDS attacks, Sergey Gordeychik
Web-style Wireless IDS attacks, Sergey Gordeychikqqlan
 
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...qqlan
 
SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]
SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]
SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]qqlan
 
Pt infosec - 2014 - импортозамещение
Pt   infosec - 2014 - импортозамещениеPt   infosec - 2014 - импортозамещение
Pt infosec - 2014 - импортозамещениеqqlan
 
SCADA StrangeLove Kaspersky SAS 2014 - LHC
SCADA StrangeLove Kaspersky SAS 2014 - LHCSCADA StrangeLove Kaspersky SAS 2014 - LHC
SCADA StrangeLove Kaspersky SAS 2014 - LHCqqlan
 
Firebird Interbase Database engine hacks or rtfm
Firebird Interbase Database engine hacks or rtfmFirebird Interbase Database engine hacks or rtfm
Firebird Interbase Database engine hacks or rtfmqqlan
 
SCADA StrangeLove 2: We already know
SCADA StrangeLove 2:  We already knowSCADA StrangeLove 2:  We already know
SCADA StrangeLove 2: We already knowqqlan
 
Internet connected ICS/SCADA/PLC
Internet connected ICS/SCADA/PLCInternet connected ICS/SCADA/PLC
Internet connected ICS/SCADA/PLCqqlan
 
SCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architectureSCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architectureqqlan
 
Techniques of attacking ICS systems
Techniques of attacking ICS systems Techniques of attacking ICS systems
Techniques of attacking ICS systems qqlan
 
Positive Technologies Application Inspector
Positive Technologies Application InspectorPositive Technologies Application Inspector
Positive Technologies Application Inspectorqqlan
 
Database honeypot by design
Database honeypot by designDatabase honeypot by design
Database honeypot by designqqlan
 
Positive Technologies Application Inspector
Positive Technologies Application InspectorPositive Technologies Application Inspector
Positive Technologies Application Inspectorqqlan
 
Black Hat: XML Out-Of-Band Data Retrieval
Black Hat: XML Out-Of-Band Data RetrievalBlack Hat: XML Out-Of-Band Data Retrieval
Black Hat: XML Out-Of-Band Data Retrievalqqlan
 
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysPositive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysqqlan
 

Plus de qqlan (20)

D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1   t. yunusov k. nesterov - bootkit via smsD1 t1   t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via sms
 
Kaspersky SAS SCADA in the Cloud
Kaspersky SAS SCADA in the CloudKaspersky SAS SCADA in the Cloud
Kaspersky SAS SCADA in the Cloud
 
Миссиоцентрический подход к кибербезопасности АСУ ТП
Миссиоцентрический подход к кибербезопасности АСУ ТПМиссиоцентрический подход к кибербезопасности АСУ ТП
Миссиоцентрический подход к кибербезопасности АСУ ТП
 
ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...
ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...
ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...
 
Best of Positive Research 2013
Best of Positive Research 2013Best of Positive Research 2013
Best of Positive Research 2013
 
Web-style Wireless IDS attacks, Sergey Gordeychik
Web-style Wireless IDS attacks, Sergey GordeychikWeb-style Wireless IDS attacks, Sergey Gordeychik
Web-style Wireless IDS attacks, Sergey Gordeychik
 
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
 
SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]
SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]
SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]
 
Pt infosec - 2014 - импортозамещение
Pt   infosec - 2014 - импортозамещениеPt   infosec - 2014 - импортозамещение
Pt infosec - 2014 - импортозамещение
 
SCADA StrangeLove Kaspersky SAS 2014 - LHC
SCADA StrangeLove Kaspersky SAS 2014 - LHCSCADA StrangeLove Kaspersky SAS 2014 - LHC
SCADA StrangeLove Kaspersky SAS 2014 - LHC
 
Firebird Interbase Database engine hacks or rtfm
Firebird Interbase Database engine hacks or rtfmFirebird Interbase Database engine hacks or rtfm
Firebird Interbase Database engine hacks or rtfm
 
SCADA StrangeLove 2: We already know
SCADA StrangeLove 2:  We already knowSCADA StrangeLove 2:  We already know
SCADA StrangeLove 2: We already know
 
Internet connected ICS/SCADA/PLC
Internet connected ICS/SCADA/PLCInternet connected ICS/SCADA/PLC
Internet connected ICS/SCADA/PLC
 
SCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architectureSCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architecture
 
Techniques of attacking ICS systems
Techniques of attacking ICS systems Techniques of attacking ICS systems
Techniques of attacking ICS systems
 
Positive Technologies Application Inspector
Positive Technologies Application InspectorPositive Technologies Application Inspector
Positive Technologies Application Inspector
 
Database honeypot by design
Database honeypot by designDatabase honeypot by design
Database honeypot by design
 
Positive Technologies Application Inspector
Positive Technologies Application InspectorPositive Technologies Application Inspector
Positive Technologies Application Inspector
 
Black Hat: XML Out-Of-Band Data Retrieval
Black Hat: XML Out-Of-Band Data RetrievalBlack Hat: XML Out-Of-Band Data Retrieval
Black Hat: XML Out-Of-Band Data Retrieval
 
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysPositive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-rays
 

Dernier

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine  KG and Vector search for  enhanced R...Workshop - Best of Both Worlds_ Combine  KG and Vector search for  enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

Dernier (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine  KG and Vector search for  enhanced R...Workshop - Best of Both Worlds_ Combine  KG and Vector search for  enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

ICS/SCADA/PLC Google/Shodanhq Cheat Sheet

  • 1. ICS/SCADA/PLC Google/Shodanhq Cheat Sheet Gleb Gritsai, Alexander Timorin, Yuri Goltsev, Roman Ilin http://scadastrangelove.org/
  • 2. vendor product google dork network info Siemens S7-200 all models: tcp/udp/102 (by vuln info) S7-300 snmp: Siemens, SIMATIC, S7 S7-3** , PCS7 inurl:/Portal0000.htm http: /S7Web.css Simatic S7 snmp: Siemens, SIMATIC S7, CPU-1200 Siemens, SIMATIC S7, CPU317-2 PN/DP Siemens, SIMATIC S7, CPU315-2 PN/DP
  • 3. Siemens, SIMATIC S7 *** inurl:"Portal/Portal.mwsl" http: /S7Web.css Automation License Manager tcp/4410 (by vuln info) Scalance S,X Security Module firewall telnet: Simatic, Scalance snmp: Scalance S*, Scalance W*, Scalance X* DCP protocol (by vuln info) tcp/80 netbios: WINCC_SRV21 <0x0> SIEMENS <0x0> Wincc flexible WINCC_SRV21 <0x20> Wincc flexible runtime / TIA Portal tcp/2308 (by vuln info) tcp/50523 (by vuln info)
  • 4. Synco OZW (Web server) http SIMATIC HMI Miniweb intitle:"Miniweb Start Page" | "/CSS/Miniweb.css" http: /CSS/Miniweb.css Simatic HMI snmp: Siemens, SIMATIC HMI, *** telnet:Welcome to the Windows CE Telnet Service on HMI_Panel
  • 5. vendor product google dork network info DeltaV and DeltaV Workstations/DeltaV Emerson ProEssentials Scientific Graph tcp/udp/111 (by vuln info) DeltaV Service Information System Ver3.3 vendor product google dork network info Allen-Bradley Rockwell Automation ControlLogix tcp/udp/44818 , http CompactLogix intitle:"Rockwell Automation" "Device Name" "Uptime"
  • 6. PLC5 http, snmp inurl:dtm.html intitle:1747-L552 SLC-5 inurl:dtm.html intitle:1747-L551 http, snmp Micrologix inurl:home.htm intitle:1766 http, snmp vendor product shodanhq dork network info Schneider Electric PM820SD Schneider Electric - PM820SD port:161 PM870SD Schneider Electric - PM870SD port:161 ECC21 Schneider Electric - ECC21 port:161 EGX100MG Schneider Electric - EGX100MG port:161 PowerLogic PM800 PowerLogic PM800 port:80 PowerLogic ION8650 A/B/C ION8650
  • 7. PowerLogic ION8650 A/B/C) 8650 ION PowerLogic ION8600 8600 ION PowerLogic ION7650/7550 ION 7550 PowerLogic ION7650/7550 ION 7650 PowerLogic ION7300 ION 7300 PowerLogic ION6200 ION6200 PowerLogic PM1200 PM1200 PowerLogic DM6200 DM6200 Powerlogic Enercept Powerlogic Energy Meter PowerLogic Branch Current Monitor BCM42 PowerLogic EM4800
  • 8. PowerLogic E5600 PowerLogic Ethernet Gateway (EGX) EGX100 PowerLogic EGX300 EGX300 PowerLogic ION7550RTU ION 7550RTU schneider electric vendor product google dork network info Schneider Electric Modicon intitle:"Quantum CPU Web Server" Quantum/Premiun/Micro intitle:"Premium CPU Web Server" intitle:"Citect Web" inurl:scada CitectSCADA filetype:htm CitectFacilities shodanhq: ClearSCADA "ViewXCtrl is not supported in this web browser." ClearSCADA intitle:"ClearSCADA Home" UnitelWay Device Driver
  • 9. Vijeo Historian Web Server several products Modicon M340 snmp: "Modicon M340" vendor product google dork network info General Electric Cimplicity intitle:"CIMPLICITY WebView" inurl:main.html http Proficy inurl:ProficyPortal/default.asp http