Industrial Systems are widely believed to be air-gapped. At previous Black Hat conferences, people have demonstrated individual utilities control systems directly connected to the internet. However, this is not an isolated incident of failure, but rather a disturbing trend. By visualising results from SHODAN over a 2 1/2 year period, we can see that there are thousands of exposed systems around the world. By using some goelocation, and vulnerability pattern matching to service banners we can see their rough physical location and the numbers of standard vulnerabilities they are exposed to. This allows us to look at some statistics about the industrial system security posture of whole nations and regions. During the process of this project I worked with ICS-CERT to inform asset-owners of their exposure and other CERT teams around the world. The project has reached out to 63 countries, and sparked discussion of convergence towards the public internet of many insecure protocols and devices.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8165 documents and 530.8 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.