SlideShare una empresa de Scribd logo

ICS/SCADA/PLC Google/Shodanhq Cheat Sheet

Q
qqlan
Tecnología
1 de 9
Descargar para leer sin conexión
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet Gleb Gritsai, Alexander Timorin, Yuri Goltsev, Roman Ilin http://scadastrangelove.org/
vendor product google dork network info Siemens S7-200 all models: tcp/udp/102 (by vuln info) S7-300 snmp: Siemens, SIMATIC, S7 S7-3** , PCS7 inurl:/Portal0000.htm http: /S7Web.css Simatic S7 snmp: Siemens, SIMATIC S7, CPU-1200 Siemens, SIMATIC S7, CPU317-2 PN/DP Siemens, SIMATIC S7, CPU315-2 PN/DP
Siemens, SIMATIC S7 *** inurl:"Portal/Portal.mwsl" http: /S7Web.css Automation License Manager tcp/4410 (by vuln info) Scalance S,X Security Module firewall telnet: Simatic, Scalance snmp: Scalance S*, Scalance W*, Scalance X* DCP protocol (by vuln info) tcp/80 netbios: WINCC_SRV21 <0x0> SIEMENS <0x0> Wincc flexible WINCC_SRV21 <0x20> Wincc flexible runtime / TIA Portal tcp/2308 (by vuln info) tcp/50523 (by vuln info)
Synco OZW (Web server) http SIMATIC HMI Miniweb intitle:"Miniweb Start Page" | "/CSS/Miniweb.css" http: /CSS/Miniweb.css Simatic HMI snmp: Siemens, SIMATIC HMI, *** telnet:Welcome to the Windows CE Telnet Service on HMI_Panel
vendor product google dork network info DeltaV and DeltaV Workstations/DeltaV Emerson ProEssentials Scientific Graph tcp/udp/111 (by vuln info) DeltaV Service Information System Ver3.3 vendor product google dork network info Allen-Bradley Rockwell Automation ControlLogix tcp/udp/44818 , http CompactLogix intitle:"Rockwell Automation" "Device Name" "Uptime"
PLC5 http, snmp inurl:dtm.html intitle:1747-L552 SLC-5 inurl:dtm.html intitle:1747-L551 http, snmp Micrologix inurl:home.htm intitle:1766 http, snmp vendor product shodanhq dork network info Schneider Electric PM820SD Schneider Electric - PM820SD port:161 PM870SD Schneider Electric - PM870SD port:161 ECC21 Schneider Electric - ECC21 port:161 EGX100MG Schneider Electric - EGX100MG port:161 PowerLogic PM800 PowerLogic PM800 port:80 PowerLogic ION8650 A/B/C ION8650
PowerLogic ION8650 A/B/C) 8650 ION PowerLogic ION8600 8600 ION PowerLogic ION7650/7550 ION 7550 PowerLogic ION7650/7550 ION 7650 PowerLogic ION7300 ION 7300 PowerLogic ION6200 ION6200 PowerLogic PM1200 PM1200 PowerLogic DM6200 DM6200 Powerlogic Enercept Powerlogic Energy Meter PowerLogic Branch Current Monitor BCM42 PowerLogic EM4800
PowerLogic E5600 PowerLogic Ethernet Gateway (EGX) EGX100 PowerLogic EGX300 EGX300 PowerLogic ION7550RTU ION 7550RTU schneider electric vendor product google dork network info Schneider Electric Modicon intitle:"Quantum CPU Web Server" Quantum/Premiun/Micro intitle:"Premium CPU Web Server" intitle:"Citect Web" inurl:scada CitectSCADA filetype:htm CitectFacilities shodanhq: ClearSCADA "ViewXCtrl is not supported in this web browser." ClearSCADA intitle:"ClearSCADA Home" UnitelWay Device Driver
Vijeo Historian Web Server several products Modicon M340 snmp: "Modicon M340" vendor product google dork network info General Electric Cimplicity intitle:"CIMPLICITY WebView" inurl:main.html http Proficy inurl:ProficyPortal/default.asp http

Recomendados

Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-on
Splunk
 
The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0
Michael Gough
 
Security Onion
Security OnionSecurity Onion
Security Onion
johndegruyter
 
Hunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentHunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows Environment
Teymur Kheirkhabarov
 
SANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptx
SANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptxSANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptx
SANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptx
JasonOstrom1
 
security onion
security onionsecurity onion
security onion
Boni Yeamin
 
Linux command ppt
Linux command pptLinux command ppt
Linux command ppt
kalyanineve
 
Burpsuite 101
Burpsuite 101Burpsuite 101
Burpsuite 101
n|u - The Open Security Community
 

Recomendados

Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-on
Splunk
 
The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0
Michael Gough
 
Security Onion
Security OnionSecurity Onion
Security Onion
johndegruyter
 
Hunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentHunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows Environment
Teymur Kheirkhabarov
 
SANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptx
SANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptxSANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptx
SANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptx
JasonOstrom1
 
security onion
security onionsecurity onion
security onion
Boni Yeamin
 
Linux command ppt
Linux command pptLinux command ppt
Linux command ppt
kalyanineve
 
Burpsuite 101
Burpsuite 101Burpsuite 101
Burpsuite 101
n|u - The Open Security Community
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Himani Singh
 
kali linux.pptx
kali linux.pptxkali linux.pptx
kali linux.pptx
anumeha bhatnagar
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
n|u - The Open Security Community
 
Awx
AwxAwx
Awx
Scott van Kalken
 
Observability, Distributed Tracing, and Open Source: The Missing Primer
Observability, Distributed Tracing, and Open Source: The Missing PrimerObservability, Distributed Tracing, and Open Source: The Missing Primer
Observability, Distributed Tracing, and Open Source: The Missing Primer
VMware Tanzu
 
Hunting for Evil with the Elastic Stack
Hunting for Evil with the Elastic StackHunting for Evil with the Elastic Stack
Hunting for Evil with the Elastic Stack
Elasticsearch
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked Look
Jason Lang
 
Lacework slides from AWS Meetups
Lacework slides from AWS MeetupsLacework slides from AWS Meetups
Lacework slides from AWS Meetups
John Varghese
 
OWASP - Dependency Check
OWASP - Dependency CheckOWASP - Dependency Check
OWASP - Dependency Check
Vandana Verma
 
Docker 101
Docker 101Docker 101
Docker 101
SDU CYBERLAB
 
Uygulamali Sizma Testi (Pentest) Egitimi Sunumu - 3
Uygulamali Sizma Testi (Pentest) Egitimi Sunumu - 3Uygulamali Sizma Testi (Pentest) Egitimi Sunumu - 3
Uygulamali Sizma Testi (Pentest) Egitimi Sunumu - 3
BTRisk Bilgi Güvenliği ve BT Yönetişim Hizmetleri
 
Derevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse gameDerevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse game
Jaime Sánchez
 
Passwords#14 - mimikatz
Passwords#14 - mimikatzPasswords#14 - mimikatz
Passwords#14 - mimikatz
Benjamin Delpy
 
Wireshark
WiresharkWireshark
Wireshark
Sourav Roy
 
Packet capture in network security
Packet capture in network securityPacket capture in network security
Packet capture in network security
Chippy Thomas
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesKubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
SlideTeam
 
Nmap
NmapNmap
Nmap
Sreekanth Narendran
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
Mohammed Danish Amber
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep dive
Winton Winton
 
NMAP
NMAPNMAP
NMAP
Club Scientifique de l'ESI - CSE
 
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
qqlan
 
Technical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series SwitchesTechnical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series Switches
Robb Boyd
 

Más contenido relacionado

La actualidad más candente

Derevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse gameDerevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse game
Jaime Sánchez
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesKubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
SlideTeam
 

La actualidad más candente (20)

Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
 
kali linux.pptx
kali linux.pptxkali linux.pptx
kali linux.pptx
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
 
Awx
AwxAwx
Awx
 
Observability, Distributed Tracing, and Open Source: The Missing Primer
Observability, Distributed Tracing, and Open Source: The Missing PrimerObservability, Distributed Tracing, and Open Source: The Missing Primer
Observability, Distributed Tracing, and Open Source: The Missing Primer
 
Hunting for Evil with the Elastic Stack
Hunting for Evil with the Elastic StackHunting for Evil with the Elastic Stack
Hunting for Evil with the Elastic Stack
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked Look
 
Lacework slides from AWS Meetups
Lacework slides from AWS MeetupsLacework slides from AWS Meetups
Lacework slides from AWS Meetups
 
OWASP - Dependency Check
OWASP - Dependency CheckOWASP - Dependency Check
OWASP - Dependency Check
 
Docker 101
Docker 101Docker 101
Docker 101
 
Uygulamali Sizma Testi (Pentest) Egitimi Sunumu - 3
Uygulamali Sizma Testi (Pentest) Egitimi Sunumu - 3Uygulamali Sizma Testi (Pentest) Egitimi Sunumu - 3
Uygulamali Sizma Testi (Pentest) Egitimi Sunumu - 3
 
Derevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse gameDerevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse game
 
Passwords#14 - mimikatz
Passwords#14 - mimikatzPasswords#14 - mimikatz
Passwords#14 - mimikatz
 
Wireshark
WiresharkWireshark
Wireshark
 
Packet capture in network security
Packet capture in network securityPacket capture in network security
Packet capture in network security
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesKubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
 
Nmap
NmapNmap
Nmap
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep dive
 
NMAP
NMAPNMAP
NMAP
 

Similar a ICS/SCADA/PLC Google/Shodanhq Cheat Sheet

ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
qqlan
 
Scada deep inside: protocols and security mechanisms
Scada deep inside: protocols and security mechanismsScada deep inside: protocols and security mechanisms
Scada deep inside: protocols and security mechanisms
Aleksandr Timorin
 
SCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the NameSCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the Name
Positive Hack Days
 
SCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имяSCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имя
Ekaterina Melnik
 
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
Michael Smith
 
SELTA Energy Automation Portfolio 2018
SELTA Energy Automation Portfolio 2018SELTA Energy Automation Portfolio 2018
SELTA Energy Automation Portfolio 2018
SELTA
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
Freddy Buenaño
 
PARAMETER SENSING REMOTE OPERATED VIDEO ENHANCED RECEIVER
PARAMETER SENSING REMOTE OPERATED VIDEO ENHANCED RECEIVERPARAMETER SENSING REMOTE OPERATED VIDEO ENHANCED RECEIVER
PARAMETER SENSING REMOTE OPERATED VIDEO ENHANCED RECEIVER
Shaheem TM
 

Similar a ICS/SCADA/PLC Google/Shodanhq Cheat Sheet (20)

ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
 
Technical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series SwitchesTechnical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series Switches
 
ScilabTEC 2015 - Xilinx
ScilabTEC 2015 - XilinxScilabTEC 2015 - Xilinx
ScilabTEC 2015 - Xilinx
 
Scada deep inside: protocols and security mechanisms
Scada deep inside: protocols and security mechanismsScada deep inside: protocols and security mechanisms
Scada deep inside: protocols and security mechanisms
 
SCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the NameSCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the Name
 
SCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имяSCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имя
 
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
 
Mohamed Zakaria 01-2017
Mohamed Zakaria 01-2017Mohamed Zakaria 01-2017
Mohamed Zakaria 01-2017
 
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
 
FE_Technologies_PLC.ppt
FE_Technologies_PLC.pptFE_Technologies_PLC.ppt
FE_Technologies_PLC.ppt
 
CHM_Technologies_PLC.ppt
CHM_Technologies_PLC.pptCHM_Technologies_PLC.ppt
CHM_Technologies_PLC.ppt
 
FE_Technologies_PLC.ppt
FE_Technologies_PLC.pptFE_Technologies_PLC.ppt
FE_Technologies_PLC.ppt
 
SELTA Energy Automation Portfolio 2018
SELTA Energy Automation Portfolio 2018SELTA Energy Automation Portfolio 2018
SELTA Energy Automation Portfolio 2018
 
practical-guide-to-opcua.pdf
practical-guide-to-opcua.pdfpractical-guide-to-opcua.pdf
practical-guide-to-opcua.pdf
 
Edge-Core - экономия без потери качества | Семинар для интеграторов 15.06.17
Edge-Core - экономия без потери качества | Семинар для интеграторов 15.06.17Edge-Core - экономия без потери качества | Семинар для интеграторов 15.06.17
Edge-Core - экономия без потери качества | Семинар для интеграторов 15.06.17
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
 
S7 bas-16
S7 bas-16S7 bas-16
S7 bas-16
 
Overview of RTaW SysML-Companion
Overview of RTaW SysML-Companion Overview of RTaW SysML-Companion
Overview of RTaW SysML-Companion
 
PARAMETER SENSING REMOTE OPERATED VIDEO ENHANCED RECEIVER
PARAMETER SENSING REMOTE OPERATED VIDEO ENHANCED RECEIVERPARAMETER SENSING REMOTE OPERATED VIDEO ENHANCED RECEIVER
PARAMETER SENSING REMOTE OPERATED VIDEO ENHANCED RECEIVER
 
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdf
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdfBRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdf
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdf
 

Más de qqlan

D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsD1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via sms
qqlan
 
Миссиоцентрический подход к кибербезопасности АСУ ТП
Миссиоцентрический подход к кибербезопасности АСУ ТПМиссиоцентрический подход к кибербезопасности АСУ ТП
Миссиоцентрический подход к кибербезопасности АСУ ТП
qqlan
 
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
qqlan
 
SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]
SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]
SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]
qqlan
 
Pt infosec - 2014 - импортозамещение
Pt infosec - 2014 - импортозамещениеPt infosec - 2014 - импортозамещение
Pt infosec - 2014 - импортозамещение
qqlan
 
SCADA StrangeLove Kaspersky SAS 2014 - LHC
SCADA StrangeLove Kaspersky SAS 2014 - LHCSCADA StrangeLove Kaspersky SAS 2014 - LHC
SCADA StrangeLove Kaspersky SAS 2014 - LHC
qqlan
 
SCADA StrangeLove 2: We already know
SCADA StrangeLove 2: We already knowSCADA StrangeLove 2: We already know
SCADA StrangeLove 2: We already know
qqlan
 
Internet connected ICS/SCADA/PLC
Internet connected ICS/SCADA/PLCInternet connected ICS/SCADA/PLC
Internet connected ICS/SCADA/PLC
qqlan
 
SCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architectureSCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architecture
qqlan
 
Techniques of attacking ICS systems
Techniques of attacking ICS systems Techniques of attacking ICS systems
Techniques of attacking ICS systems
qqlan
 
Database honeypot by design
Database honeypot by designDatabase honeypot by design
Database honeypot by design
qqlan
 
Positive Technologies Application Inspector
Positive Technologies Application InspectorPositive Technologies Application Inspector
Positive Technologies Application Inspector
qqlan
 
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysPositive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-rays
qqlan
 

Más de qqlan (20)

D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsD1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via sms
 
Kaspersky SAS SCADA in the Cloud
Kaspersky SAS SCADA in the CloudKaspersky SAS SCADA in the Cloud
Kaspersky SAS SCADA in the Cloud
 
Миссиоцентрический подход к кибербезопасности АСУ ТП
Миссиоцентрический подход к кибербезопасности АСУ ТПМиссиоцентрический подход к кибербезопасности АСУ ТП
Миссиоцентрический подход к кибербезопасности АСУ ТП
 
ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...
ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...
ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...
 
Best of Positive Research 2013
Best of Positive Research 2013Best of Positive Research 2013
Best of Positive Research 2013
 
Web-style Wireless IDS attacks, Sergey Gordeychik
Web-style Wireless IDS attacks, Sergey GordeychikWeb-style Wireless IDS attacks, Sergey Gordeychik
Web-style Wireless IDS attacks, Sergey Gordeychik
 
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
 
SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]
SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]
SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]
 
Pt infosec - 2014 - импортозамещение
Pt infosec - 2014 - импортозамещениеPt infosec - 2014 - импортозамещение
Pt infosec - 2014 - импортозамещение
 
SCADA StrangeLove Kaspersky SAS 2014 - LHC
SCADA StrangeLove Kaspersky SAS 2014 - LHCSCADA StrangeLove Kaspersky SAS 2014 - LHC
SCADA StrangeLove Kaspersky SAS 2014 - LHC
 
Firebird Interbase Database engine hacks or rtfm
Firebird Interbase Database engine hacks or rtfmFirebird Interbase Database engine hacks or rtfm
Firebird Interbase Database engine hacks or rtfm
 
SCADA StrangeLove 2: We already know
SCADA StrangeLove 2: We already knowSCADA StrangeLove 2: We already know
SCADA StrangeLove 2: We already know
 
Internet connected ICS/SCADA/PLC
Internet connected ICS/SCADA/PLCInternet connected ICS/SCADA/PLC
Internet connected ICS/SCADA/PLC
 
SCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architectureSCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architecture
 
Techniques of attacking ICS systems
Techniques of attacking ICS systems Techniques of attacking ICS systems
Techniques of attacking ICS systems
 
Positive Technologies Application Inspector
Positive Technologies Application InspectorPositive Technologies Application Inspector
Positive Technologies Application Inspector
 
Database honeypot by design
Database honeypot by designDatabase honeypot by design
Database honeypot by design
 
Positive Technologies Application Inspector
Positive Technologies Application InspectorPositive Technologies Application Inspector
Positive Technologies Application Inspector
 
Black Hat: XML Out-Of-Band Data Retrieval
Black Hat: XML Out-Of-Band Data RetrievalBlack Hat: XML Out-Of-Band Data Retrieval
Black Hat: XML Out-Of-Band Data Retrieval
 
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysPositive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-rays
 

Último

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Último (20)

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 

ICS/SCADA/PLC Google/Shodanhq Cheat Sheet

  • 1. ICS/SCADA/PLC Google/Shodanhq Cheat Sheet Gleb Gritsai, Alexander Timorin, Yuri Goltsev, Roman Ilin http://scadastrangelove.org/
  • 2. vendor product google dork network info Siemens S7-200 all models: tcp/udp/102 (by vuln info) S7-300 snmp: Siemens, SIMATIC, S7 S7-3** , PCS7 inurl:/Portal0000.htm http: /S7Web.css Simatic S7 snmp: Siemens, SIMATIC S7, CPU-1200 Siemens, SIMATIC S7, CPU317-2 PN/DP Siemens, SIMATIC S7, CPU315-2 PN/DP
  • 3. Siemens, SIMATIC S7 *** inurl:"Portal/Portal.mwsl" http: /S7Web.css Automation License Manager tcp/4410 (by vuln info) Scalance S,X Security Module firewall telnet: Simatic, Scalance snmp: Scalance S*, Scalance W*, Scalance X* DCP protocol (by vuln info) tcp/80 netbios: WINCC_SRV21 <0x0> SIEMENS <0x0> Wincc flexible WINCC_SRV21 <0x20> Wincc flexible runtime / TIA Portal tcp/2308 (by vuln info) tcp/50523 (by vuln info)
  • 4. Synco OZW (Web server) http SIMATIC HMI Miniweb intitle:"Miniweb Start Page" | "/CSS/Miniweb.css" http: /CSS/Miniweb.css Simatic HMI snmp: Siemens, SIMATIC HMI, *** telnet:Welcome to the Windows CE Telnet Service on HMI_Panel
  • 5. vendor product google dork network info DeltaV and DeltaV Workstations/DeltaV Emerson ProEssentials Scientific Graph tcp/udp/111 (by vuln info) DeltaV Service Information System Ver3.3 vendor product google dork network info Allen-Bradley Rockwell Automation ControlLogix tcp/udp/44818 , http CompactLogix intitle:"Rockwell Automation" "Device Name" "Uptime"
  • 6. PLC5 http, snmp inurl:dtm.html intitle:1747-L552 SLC-5 inurl:dtm.html intitle:1747-L551 http, snmp Micrologix inurl:home.htm intitle:1766 http, snmp vendor product shodanhq dork network info Schneider Electric PM820SD Schneider Electric - PM820SD port:161 PM870SD Schneider Electric - PM870SD port:161 ECC21 Schneider Electric - ECC21 port:161 EGX100MG Schneider Electric - EGX100MG port:161 PowerLogic PM800 PowerLogic PM800 port:80 PowerLogic ION8650 A/B/C ION8650
  • 7. PowerLogic ION8650 A/B/C) 8650 ION PowerLogic ION8600 8600 ION PowerLogic ION7650/7550 ION 7550 PowerLogic ION7650/7550 ION 7650 PowerLogic ION7300 ION 7300 PowerLogic ION6200 ION6200 PowerLogic PM1200 PM1200 PowerLogic DM6200 DM6200 Powerlogic Enercept Powerlogic Energy Meter PowerLogic Branch Current Monitor BCM42 PowerLogic EM4800
  • 8. PowerLogic E5600 PowerLogic Ethernet Gateway (EGX) EGX100 PowerLogic EGX300 EGX300 PowerLogic ION7550RTU ION 7550RTU schneider electric vendor product google dork network info Schneider Electric Modicon intitle:"Quantum CPU Web Server" Quantum/Premiun/Micro intitle:"Premium CPU Web Server" intitle:"Citect Web" inurl:scada CitectSCADA filetype:htm CitectFacilities shodanhq: ClearSCADA "ViewXCtrl is not supported in this web browser." ClearSCADA intitle:"ClearSCADA Home" UnitelWay Device Driver
  • 9. Vijeo Historian Web Server several products Modicon M340 snmp: "Modicon M340" vendor product google dork network info General Electric Cimplicity intitle:"CIMPLICITY WebView" inurl:main.html http Proficy inurl:ProficyPortal/default.asp http