IEC-104

comparing apple to orange

Comparison of tools that extract files from PCAP

| | Chaosreader, extract, Files, FTP, http, http2, IEC-104, IMAP, LPD, LPR, NetworkMiner, NFS, njrat, pcap, POP3, smb, SMB2, smtp, Suricata, tcpflow, TFTP, Wireshark, Zeek
One of the premier features in NetworkMiner is the ability to extract files from captured network traffic in PCAP files. NetworkMiner reassembles the file contents by parsing protocols that are used to ...
NETRESEC Network Security Blog
COSMICENERGY: ‘Russian’ Threat to Power Grids ICS/OT

COSMICENERGY: ‘Russian’ Threat to Power Grids ICS/OT

| | COSMICENERGY, electric grid, electrical grid, Electrical grids, energy grid, grid cyber attack, ICS, IEC 60870-5-104, IEC-104, INCONTROLLER, Industroyer, Industroyer2, Malware, OT, power grid, Power-Grid Security, Red Team, Red team exercises, red team operations, red team testing, Red Teaming, Red Teams, red-team-tools, redteam, Russia, Russia Exodus, Russia power grid, Russia-Ukraine, russia-ukraine conflict, Russia's War on Ukraine, russian, Russian Cyber War, SB Blogwatch, Solar Polygon, triton, TRITON ICS malware, Triton malware
Shouty name—dangerous game. Red-team tool ripe for misuse ...
Security Boulevard
NetworkMiner 2.8

NetworkMiner 2.8 Released

| | CAPWAP, CIDR, IEC-104, NamedPipe, NetworkMiner, PIPI, smtp, SOCKS
I am happy to announce the release of NetworkMiner 2.8 today! This new version comes with an improved user interface, better parsing of IEC-104 traffic and decapsulation of CAPWAP traffic. The professional ...
NETRESEC Network Security Blog
Industroyer2 trying to connect to TCP port 2404 on 10.82.40.105, 192.168.122.2 and 192.168.121.2

Industroyer2 IEC-104 Analysis

| | 10.82.40.105, 192.168.121.2, 192.168.122.2, 40_115.exe, 60870-5-104, CRASHOVERRIDE, ICS, IEC-104, Industroyer, Industroyer2, SCADA, Ukraine
The Industroyer2 malware was hardwired to attack a specific set of electric utility substations in Ukraine. It seems to have been custom built to open circuit breakers, which would effectively cut the ...
NETRESEC Network Security Blog
CapLoader 1.9 Logo

CapLoader 1.9 Released

| | Anchor_DNS, BPF, CapLoader, CobaltStrike, DNP3, HTran, IEC-104, Netresec, OSINT, pcap, Pcap-NG, periodicity, RemoteFX, RevengeRAT, Row Filter, Tofsee, Winsecsrv, WireGuard
A new version of the PCAP filtering tool CapLoader has been released today. The new CapLoader version 1.9 is now even better at identifying protocols and periodic beacons than before. The user ...
NETRESEC Network Security Blog