SUCCESS: 26/26 (100%) Tests passed pic.twitter.com/Eh4tzKgiQV
— Bernd Lörwald (@bloerwald) March 25, 2014
As you may or may not know, Adam Crain @jadamcrain and I have been working on an ICS/SCADA procotol fuzzing framework –Aegis– for a year now. Â It is a generational type fuzzer that tests both the server/slave and client/master side of industrial protocols. Â Adam originally wrote Aegis to test his openDNP3 protocol stack. Â It turned out to be very effective in finding bugs in DNP3 stacks and Project Robus was born. Â After finding many broken DNP3 implementations and getting many of them fixed in a responsible way, we knew that we could expand his fuzzer into a framework for many ICS protocols.
Adam released the scala source code, binaries, and user manual for Aegis 0.1.0 in conjunction with our keynote talk at the 9th SANS ICS Summit.  We had a lot of great feedback from the conference and had a full session at the demo.  Currently, we are almost done porting over the DNP3 module to C# (hopefully to be released at Blackhat).  The Modbus module is nearly complete as well, but won’t be publicly released until later this year.  After DNP3 and Modbus, we plan to add IEC 61850 family, IEC 60870-5 family, IEC 60870-6 family (ICCP/TASE.2), Telegyr 8979 (a serial-only protocol), EtherNet/IP,  and more.
@parttimesecguy @chrissistrunk @jadamcrain Anything that uses ASN.1 deserves to die.
— James Arlen (@myrcurial) March 5, 2014
As always we will release private updates to Aegis to give time for vendors to fix the issues we plan to find before releasing publicly.
Check out Adam’s blog here. Â He has informative posts about writing code and fuzzing. Â He also released the openDNP3 fuzzer code coverage results from Aegis, Wurldtech Achilles, and Mu-4000 fuzzers. Â If you are interested in helping us add more protocols to the framework, please leave a comment, or send us a tweet.
Happy Fuzzing!
Chris
@chrissistrunk
