Thursday, August 25, 2011

Gleg releases Ver 1.5 of the SCADA+ Exploit Pack for Immunity Canvas

Today (August 25, 2011), Gleg announced the availability of Version 1.5 of the SCADA+ add-on exploit pack for Immunity's CANVAS exploitation framework (much like the Metasploit Framework). As we have seen over the past few months, this release contains several new automated SCADA exploits, including several zero days.

Monday, August 22, 2011

Gleg releases Version 1.4 of the SCADA+ Pack for Canvas

On July 21, Gleg Ltd. annouced the availability of Release 1.4 of the SCADA+ pack for Immunity's Canvas.  This confirms a trend by which Gleg appears to be offering an updated SCADA+ pack about every month. Details of v1.2 - 1.3 are also provided below.

ICS-CERT also released an alert ICS-ALERT-11-230-01 on August 18 which provides some additional details on the SCADA+ Pack.  Though there were no alerts or updates for SCADA+ Versions 1.2 and 1.3, the ICS-CERT update and this blog should provide good revision control.

Offensive Security Releases Backtrack 5 R1

On August 18, Offensive Security released BackTrack 5 R1. This release contains over 120 bug fixes, 30 new tools and 70 tool updates. They plan to roll out new how-to's on their website's wiki in the coming weeks.  Topics to be covered include VMware tool installation, alternate compat-wireless setups, etc.

The kernel was updated to 2.6.39.4 and includes the relevant injection patches.

As with Backtrack 5, choices exist for either the GNOME or KDE GUI, and include both 32- and 64-bit versions.  A VMware image is available in 32-bit GNOME only.

Download available directly from SCADAhacker.com using the Tools section, or through the normal Offensive Security website.

Comments on Langner post: "ICS-CERT on Beresford Vulns: Flawed Analysis, Misleading Advice"

On August 20, 2011, Ralph Langner posted a very insightful blog on the recent security work of NSS Labs' Dillon Beresford (Twitter @D1N) and the report that ICS-CERT released regarding this research. This was a very well written article, which I have to say I agree with most of the document. In particular, I am a bit disappointed in how ICS-CERT is handling these reports in general especially in the way of offering sound, practical, ICS-based guidance on dealing with these threats.

There are a couple of points that Ralph mentions that I feel deserve mention that would require more than 140 characters in a tweet to discuss!