Welcome to our collaborative OT/ICS Resource List Repository. This space is dedicated to assembling a wide range of resources that cover everything from foundational learning materials to sophisticated tools and datasets for those involved in Operational Technology and Industrial Control Systems cybersecurity. By pooling knowledge from various sources, we aim to foster a learning and working environment that encourages sharing and growth. Each entry in this repository has been selected for its relevance and utility in addressing the unique challenges of OT cybersecurity. We invite you to explore, contribute, and help us keep this resource vibrant and current for the global cybersecurity community.
My personal OT resource list, gathered through research and internet adventures.
The purpose of this wiki is basically to cover a large sprectrum of Cybersecurity for the OT field, from training to simple definitions of the technical knowledge.
If you are here to search for resources and mass information on different protocols and concepts, I advise you to go directly to the sections ics_ressource_pcap_dataset_collection, ICS_Lab_Setup_And_Hacking_Tutorial, and ICS_news_outlet.
The rest is just a compilation of my own research. If you are interested, an HTML bookmark file, usable on Firefox, is available.
- OT_Resource_List
- Information
- Sections:
- ICS_challenge
- ICS_OSINT
- ICS_CERT
- ICS_Protocol
- ICS_ressource_pcap_dataset_collection
- ICS_Security_paper_and_conference
- ICS_Tool_And_PLC_Emulator
- ICS_Lab_Setup_And_Hacking_Tutorial
- Hardware
- ICS_Training
- ICS_General_Information
- ICS_Protocol_Parameter
- ICS_job
- ICS_book
- ICS_news_article
- ICS_news_outlet
- ICS_Requirement-guide_and_standart
- ICS_Monitoring_equipement
- ICS_GROUP_OR_ALIANCE_COMITEE
| Title | Description |
|---|---|
| Labtainer Lab Summary - Center for Cybersecurity and Cyber Operations - Naval Postgraduate School | Fully packaged Linux-based computer science lab exercises with an initial emphasis on cybersecurity. |
| SANS Dragos CTF 2023 Event | This free ICS CTF will feature multiple challenges focused on analyzing logic files, logs, network traffic, ICS protocols, digital forensic artifacts, and more to analyze attacks against an in-depth ICS range. |
| Play Now with BOTS Partner Experiences: Dragos Splunk | Helps you quickly prioritize, investigate, and respond to industrial threats which can also help compliance requirements across both IT and OT environments. |
| WRITE UP: Color Plant 1+2 (Misc) - FCSC2022 | (FR) A FCSC Challenge in 2022 about a web interface for monitoring the industrial system |
| Hack a Sat challenge | A fun challenge that bridges the cybersecurity aficionados and space program lovers |
| Title | Description |
|---|---|
| Hunto IP browser | Chinese Shodan-like IP browser |
| FOFA IP brower | Little browser of Shodan |
| Shodan | Best search engine for IoT I guess |
| Zoomeye | Best IP search engine on the east side of the world |
| Censys | Yet Another Shodan browser-like |
| Onyphe | French shodan like , that is really interesting |
| quanxin | Chniese IP Browser |
| Shodan wreapper | shodan api wrapper with dns record direclty show |
| Shadowservers world map of OT equipment 1 | Show the world statistics of IoT devices per country |
| Title | Description |
|---|---|
| API base cli search for zoomeye | Cyberspace Search auxiliary tool |
| API base cli search for FOFA | Search engine for mapping the cyberspace |
| API base cli search for IP browser | (CH) Information collection tool for GUI interface developed by the official api of cyberspace search engine |
| API base cli search for shodan and other | Python framework to automatically discover and enumerate hosts from different back-end systems (Shodan, Censys) |
| Title | Description |
|---|---|
| Honeydet conpot simens signature | honeydet is a signature based honeypot detector tool written in Golang |
| Honeypot Cyber deceptions based paper | Honeypot and cyber deception as a tool for detecting cyber attacks on critical infrastructure |
| ICSRANK | Query for search ICS equipent on public ip vrowse |
| Title | Description |
|---|---|
| CERT Siemens | Siemens ProductCERT and Siemens CERT |
| CERT ABB Group | ABB CERT and alert services |
| CERT Schneider | Cybersecurity support portal of Schneider CERT |
| Dragos CVE disclosure | Dragos CVE Discosure |
| Title | Description |
|---|---|
| IEC 61131-3 - Wikipedia | International Standard for programmmable logic controllers - Main focus here on PLCs (Feel free to check out the other IECs) |
| TCF - Eclipsepedia | Target Communication Framework Documentation |
| ascolab GmbH | Lab for industrial communication documentation |
| Wireshark Foundation / wireshark · GitLab | Come on guys, do we have to tell you what is wireshark ? Haha |
| BACnet stack - open source BACnet protocol stack | BACnet app layer, network layer and MAC layer communication services |
| Current list of all used apps with OPC UA compliance | OPC Servers, clients, toolkits and services from members of the OPC Foundation |
| Industrial Cyber, Efficiently monitor the cybersecurity posture of your IC environment | Pascal Ackerman, Packet editions |
| Overall Ethernet protocol usage and specifications for Allan Bradley PLC | Ethernet documentation based on the International Standard IEEE 802.3 |
| Official page for programming parameters of snap 7 on the LOGO! 8 | Documentation for LOGO! implementation settings |
| Title | Description |
|---|---|
| Resource collections for beginners | Security-oriented list of resources about industrial network protocols |
| ICSCSI - Library of Resources for Industrial Control System Cyber Security | Library of Resources for Industrial Control System Cyber Security |
| Orange-Cyberdefense/awesome-industrial-protocols | Compilation of industrial network protocols resources focusing on offensive security |
| PCAP Archive ICS Defense | Collection of PCAPs for ICS Defense |
| MITRE ICS matrix | TTP MITRE matrix schemes for ICS |
| OpenPLC Project | This project is the source for the OpenPLC Project's website |
| Traffic captures between STEP7 WinCC and S7-300/S7-400 PLCs | Some Snap7-PCAPs for clients applications, s7-300 and s7-400 series PLCs from a pretty cool dude |
| Electra dataset, aggregations of multiple big PCAP | Anomaly detection ICS dataset from Electra dataset |
| OPC UA DATASET | The OPC UA CSV source file can be downloaded here. You can also find it in the IEEE DataPort.The generation of the dataset containing OPC UA traffic was possible due to the setup and execution of a laboratory CPPS testbed. This CPPS uses OPC UA standard for horizontal and vertical communications. Regarding the CPPS testbed setup, it consists on seven nodes in the network, as represented in the next Figure. |
| OPC UA DARASET | Dataset to "Easing the Conscience with OPC UA: An Internet-Wide Study on Insecure Deployments" |
| Cloudshark mofbus bcap | online pcap containng modbus and ICP protocol |
| Title | Description |
|---|---|
| The Spear To Break The Security Wall Of S7CommPlus | Exploit Explanation of S7CommPlus and some security measures to counter it |
| Europe's 2022 Energy Sector: the Cyber Threats landscape - Citalid | Cyber threat Landscape of 2022 for the Energy Sector |
| SANS ICS Security - Control Systems Are a Target.pdf | 3-slide presentation of SANS on ICS/SCADA Security. Pretty cool for education. |
| Principles of Information Security, 5th ed. - Principles of Information Security (PDFDrive) | [Down for the moment - Use to be a bible of Cybersec] |
| Industrial Control System Security - Top 10 Threats and Countermeasures 2016 | BSI publication on OWASP Top 10 like but for ICS Security (2019) |
| ICS Honeypot System (CamouflageNet) Based on Attacker's Human Factors - ScienceDirect | ICS Honeypot System (2015) |
| CCE-Phase-1-4-Reference-Document.pdf | [Down for the moment] |
| DEF CON 26 - Thiago Alves - Hacking PLCs and Causing Havoc on Critical Infrastructures - YouTube | 40mn-conference on Hacking PLCs with OpenPLC |
| Reverse of a Schneider network protocol by Biero Llagas - Medium | A medium article on the UMAS schneider compliant protocol from a pretty cool dude |
| Grehack - Paper - Industrial Control Systems Dynamic Code Injection.pdf | [Down for the moment - Used to be a write-up on a ICS chall] |
| AMNESIA:33 How TCP/IP Stacks Breed Critical Vulnerabilities in IoT, OT and IT Devices | AMNESIA is a study of the Project Memoria on the results of the security analysis of seven open source TCP/IP stacks and a bundle of 33 vulnerabilities used on major IoT, OT and IT device vendors |
| VIRTUAL PLC PLATFORM FOR SECURITY AND FORENSICS OF INDUSTRIAL CONTROL SYSTEMS | 2023 research paper on virtual PLC platform for security and forensics of industrial control systems |
| Towards High-Interaction Virtual ICS Honeypots-in-a-Box | Research Paper on the design of virtual, high-interaction and server-based ICS honeypot and the deployment of a realistic, cost-effectibe and maintainable ICS honeypots. |
| Pwn2Own Miami 2022: OPC UA .NET Standard Trusted Application Check Bypass | 1st part of a series of write-up about ICS vulnerabilities. This one is about the Trusted Application Check Bypass in the OPC UA .NET Standard (CVE-2022-29865) |
| Siemens Trust Center PKI | Documentation on the Siemens Certification Authority Hierarchy of 2020 |
| HTB ICS network segmentation | Learn about the Purdue Model of ICS network segmentation from Hack The Box's ICS expert Barry "8balla" Murrell. |
| CVE-2019-12480 article releated | article on how they have discover the vulnerability (spoiler by fuzzing) |
| Article by forescout | Clearing the Fog of War – A critical analysis of recent energy sector cyberattacks in Denmark and Ukraine |
| Paper on PLC attack detections and forensic | A Survey on Programmable Logic Controller Vulnerabilities, Attacks, Detections, and Forensics |
| Compromising Industrial Processes using Web-Based Programmable Logic Controller Malware | 2024 Research Paper on how to compromise industrial processes using Web-based PLC Malware |
| CWE Industrial Control System and Operational Technology Special Interest Group | While IT has an extant body of work related to identifying and classifying security weaknesses, IT and ICS/OT are different, and existing IT classifications are not always useful in describing and managing security weaknesses in ICS/OT systems. Addressing this gap will help all stakeholders communicate more efficiently and effectively and promote a unity of effort in identifying and mitigating ICS/OT security weaknesses, especially in critical infrastructure. |
| Unpacking the Blackjack Group's Fuxnet Malware | Unpacking the Blackjack Group's Fuxnet Malware Ukrenian state sponsor attacking russian PLC |
| Title | Description |
|---|---|
| FUXA | Web-based Process Visualization (SCADA/HMI/Dashboard) software |
| ScadaBR - Portuguese | SCADA system with applications in Process Control and Automation (opensource) (portuguese version) |
| ScadaBR - French | SCADA system with applications in Process Control and Automation (opensource) (french version) |
| ScadaBR - English | SCADA system with applications in Process Control and Automation (opensource) (english version) |
| ControlThings.io - Tools | A collection of tools for OT/ICS pentesting made by ControlThings |
| NetToPLCSim download SourceForge.net | TCP/IP-Network extension for the PLC simulation software Siemens PLCSim (Step 7 V5.4/5.5) |
| MHJ-Software EN - comdrvs7 | All-in-one communication Library for S7-PLCs |
| DNP3 OPC Server Configuration Guide | Everything's in the title |
| IOServer - Interface to multiple protocols through a single OPC Server | Software allowing OPC clients such as HMI and SCADA systems to exchange plant floor data with PLCs |
| OpenPLC V3 - Docker Image Docker Hub | A Docker Image based on Ubuntu 18.04 for the OpenPLC Server |
| HoneyPLC: High-interaction Honeypot for PLCs and Industrial Control Systems | Github repository of HoneyPLC, designed to simulate multiple PLC models from different vendors |
| Parallel DNP3 slave simulator | Github repository for DNP3 Slave Simulator. Designed to be used for integration and performance testing of frent-end applications. |
| DNP3, MODBUS, OPC Client & Server Simulator | Link for Free Trial Version – Everything's in the title |
| OpenPLC Server - Docker Image Docker Hub | Docker containers for openplc server and editor |
| The World's Most Popular Allen-Bradley PLC Simulator | A stand-alone PLC training system without the expense of a PLC |
| Modifier Conpot of multiple ICS protocols | Modifier Conpots on dockerhub - with docker images from 2021, with 15 repositories |
| ICS Development Kits. | Downloadable SDK for multiple Protocol (very cool) |
| Siemens LOGO firmware download page | siemens website , siemens LOGO PLC firmware download page |
| snap7 dockerfile | Docker containing S7-comm protocol capabilities via snap7 lib |
| Title | Description |
|---|---|
| How to connect Open PLC with Factory I/O - YouTube | A 20mn video tutorial on how to connect OpenPLC with Factory I/O |
| Virtual Industrial Cybersecurity Lab archivos - Rodrigo Cantera | A tutorial on how to develop and implement a TCP sequence prediction attack to inject malicious Modbus TCP packets with Scapy |
| How to set up an OT analysis lab. by biero llagas Medium | A Medium article on how to set up an OT analysis lab on the S7comm protocol made by a cool dude |
| Let’s Call It a Day — Virtual SCADA Hacking with GRFICSv2 Part 1 | A tutorial on how to exploit built-in ICS functionality to shut down a virtual plant simulator |
| Going Out With a Bang — Virtual SCADA Hacking with GRFICSv2 Part 2 | Well, it's the 2nd part of the article below |
| Fortiphyd Logic - YouTube | A gold mine of a youtube channel about built solutions for security and operations in IT and OT |
| PLC Hacking (Pt. 1) Redfox Security | [Down for the moment] A tutorial on PLC hacking |
| Rapid SCADA website | Rapid SCADA is an open source industrial automation platform. The out of the box software provides tools for rapid creation of monitoring and control systems. In case of large implementation, Rapid SCADA is used as a core for development of custom SCADA and MES solutions for a Customer. |
| Investigations challenge on ICS equipement | investigate dammage related ICS cyberattack |
| Title | Description |
|---|---|
| Online Circuit Emulator | A visualization of how electronic circuits are working |
| IC Logos Elnec | Programmable IC Logos |
| An Affordable And Programmable PLC Hackaday | A review of an Affordable and Programmable PLC |
| TechInfoDepot Wiki | Wikipedia for Hardware, but it's not wikipedia |
| Title | Description |
|---|---|
| #01 - Identifying Components - Hardware Hacking Tutorial | A 15mn-tutorial video on youtube if you're looking for a very good introduction to hardware hacking |
| Make Me Hack - A hardware reverse youtube channel | Everything related to Hardware Hacking and Reverse Engineering including tutorials for beginners and more advanced stuff |
| Title | Description |
|---|---|
| Datasheet Database: alldatasheet | Everything's in the title |
| Datasheet Database: datasheetcatalog | DatasheetCatalog.com is free an online datasheet source for electronic components and semiconductors from multiple constructors |
| Datasheet Database: datasheets | Datasheets on electronic components |
| Title | Description |
|---|---|
| Online Circuit emulator | Electronic circuit Emulator |
| IC logo Database | Everything's in the title |
| An Affordable And Programmable PLC Hackaday | A review of an alternative of a PLC |
| TechInfoDepot Wiki | Wiki about ICS, but it's not wikipedia |
| Title | Description |
|---|---|
| ICS Training Calendar CISA | Basically the training calendar of the CISA |
| ICS 301v Review · Aaron Hoffmann | A free online course on ICS 301v made by Aaron Hoffmann |
| HOME Dean Parsons | The home page of Dean Parsons, a major ICS expert, instructor & defender |
| Assessing and exploiting control systems IIOT | Free e-learning tutorial on SCADA security |
| Global Industrial Cyber Security Professional (GICSP) | GICSP home page for this certification |
| ICS Cyber conference | Some conference for ICS |
| ISA secure certifications program | The ISASecure program delivers OT cybersecurity certifications. |
| Title | Description |
|---|---|
| Industrial Automation Abbreviation Acronyms – PLC Tutorial Point | Wiki of abbreviations - good if, like myself, you hate acronyms because it goes messy if you're versatile |
| Major PLC manufacturers and PLC Software’s List – PLC Tutorial Point | List of the major PLC manufacturers & softwares |
| MrM8BRH GitHub user resource list | A smaller version of this github, but not made by myself |
| Biero OT/ICS Resource list | Refresh button, but I had to put it there at some point. |
| Title | Description |
|---|---|
| M256-Automation/PLCnext-Useful-Commands | A list of useful commands on PLCnext terminal |
| Modbus functions code explanations | An Ozeki collection appendix |
| Schneider electric own modbus documentation | Everything's in the title |
| Title | Description |
|---|---|
| GRIMM company job board | Wanna work in the US ? There you go. Or you can go to Linkedin, Indeed or whatever. I guess I have nothing to teach you, young pwndawan. Fly, fly further ! |
| Title | Description |
|---|---|
| ISC security monitoring from Packt (second edition) | ICS security from Packt written by Pascal Ackerman, second edition |
| ICS field book | Basic but useful stuff on Industrial Security |
| Industrial Network Security : Securing critical infrastructure network | The best book you can find yet (from personal experience) |
| SCADA for Relay Technicians | 2019 book for SCADA beginners |
| Cybersécurité des systèmes industriels par Jean-Marie Flaus | French book on the ICS system |
| The Industrial Control System Cyber Kill Chain | The Industrial Control System Cyber Kill Chain writen in October 2015 by SANS |
| Title | Description |
|---|---|
| OPC UA Deep Dive: A Complete Guide to the OPC UA Attack Surface - Claroty | A 10-step article on the OPC UA Attack SUrface |
| Evil PLC Attack: Weaponizing PLCs - Claroty | Team82 white paper on Evil PLC Attack |
| Siemens simatic exploit article | Experts found undocumented access feature in Siemens SIMATIC PLCs |
| Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology | A 09-2023 article by Mandiant about the Sandworm disrupt power in Ukraine. Threat Intelligence is great, Mandiant does it better. |
| Russian RE Modicon PLC | Some Russian who reverse-engineered the Modicon PLC from Schneider |
| Assessing the BACnet Control System Vulnerability - Dragos | A 3mn-read article by Dragos on how to assess the BACnet Control System Vulnerability |
| Article about offensive onsint on OT equipement | Offensive OSINT s01e04 - Intelligence gathering on critical infrastructure in Southeast Asia |
| Nozomi Hour november 2023 | Nozomi Hour is usually a 40mn video of the Threat Landscape, posted each semester. Feel free to update yourselves with these links, it's a great source of info for your cyberwatch. |
| OT Hunt: Finding ICS/OT with ZoomEye | Article on ZoomEye and how to use it. It's not that incredible article but it can help |
| Water management system hack | 2 municipal water facilities report falling to hackers in separate breaches |
| Title | Description |
|---|---|
| Scadafence blog panel | A SCADA-focused defence blog. Very interesting, I recommend it. |
| The Only SCADAhacker blog | A blog that provides a single point of contact for a wide range of readers covering multiple industry segments for quitely everything related to industrial security |
| Ruscadasec telegram | Russian SCADA news telegram |
| Iranian ICS news telegram | Iranian/Persian telegram ICS-related news |
| Article about offensive onsint on OT equipement? | Offensive OSINT s01e04 - Intelligence gathering on critical infrastructure in Southeast Asia |
| Offensive OSINT blog news | From the creator of KAMERKA |
| Good old Hackernews | Well, it's Good'ol Hackernews mi friend ! |
| Securityweek news OT/ICS sections | Securityweek news OT/ICS sections |
| Security affair | Nothing related to your supervisory officer having extramarital activities, it's a Threat Intelligence source of information |
| Japanese cyber ICS/OT news | Threat Intel source of info, but it's japanese |
| FBI Internet Crime Complaint Center (IC3) | Everything's in the title |
| Centralised podcast themed ICS | A list of ICS themed podcast |
| Industrial Cyber news outlet | Centralised info about vendor news and other articles on ICS and OT |
| Title | Description |
|---|---|
| DOD requirement propositions | DEPARTMENT OF DEFENSE CONTROL SYSTEMS SECURITY REQUIREMENTS GUIDE |
| OPC UA Security Analysis | OPC UA Security Analysis from the German Governement |
| IRG on Water sector | Incident Response Guide Water and Wastewater Sector |
| IACS System Testing and Assessment Rating Score Calculator | A method on how to assess and rate a vulnerability |
| NIST Special Publication SP 800-82r3 Guide to Operational Technology Security | Fundamental requirement for anybody who wants to start a OT security program |
| NIS directive in eatch EU country | specifications and informations about implementations of the NIS directiv in eatch EU country |
| The NIST Cybersecurity Framework (CSF) 2.0 | The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high- level cybersecurity outcomes that can be used by any organization — regardless of its size, sector, or maturity — to better understand, assess, prioritize, and communicate its cybersecurity efforts. |
| CWE VIEW: Weaknesses Addressed by ISA/IEC 62443 Requirements | This view (slice) covers weaknesses that are addressed by following requirements in the ISA/IEC 62443 series of standards for industrial automation and control systems (IACS). Members of the CWE ICS/OT SIG analyzed a set of CWEs and mapped them to specific requirements covered by ISA/IEC 62443. |
| (UK) Control Of Major Accident Hazards Regulations 2015 (COMAH) | Everything's in the title |
| (Risk Management) EBIOS RM Method | The french way of assess the risk, with its 2018 version. You like it ? It's french. |
| Title | Description |
|---|---|
| STORMSHIELD-SNi40-Datasheet | Stormshield monitoring & security solution for industries |
| Checkpoint 1570R-rugged-security-gateway-datasheet | The Check Point NGFW description sheet |
| Nozomi Network Solutions | The home page of Nozomi's Threat Detection & Response for Critical Infrastructure & Industrial Security Teams |
| SIGASEC | A collection of monitoring solutions for OT network |
| Leroy Automation | French PLC manufacturer |
| Title | Description |
|---|---|
| ISA Global Cyber Alliance | The main page of the ISA Global Cybersecurity Alliance (ISAGCA), a global consortium working to secure critical infrastructure |
| Institute of Electrical and Electronics Engineers | not full ICS oriented , but one of the biggest organisations in the electrical and electronics engeniering field |