sixnet-tools
Tool for exploiting Sixnet RTUs. Abstract: Supervisory Control and Data Acquisition (SCADA) networks and devices are the computational brains behind the nation’s infrastructure. They monitor and control industrial machinery in power plants, oil and gas lines, assembly lines, and etcetera. There exist programmable logic controllers and remote terminal units sitting on these SCADA networks that are critically lacking in some of the most basic security processes and controls. This paper and the corresponding project are meant to highlight such a weakness at the application level of Sixnet SCADA devices. The tool detailed in this project is written in Python and allows an attacker to gain root level access to these Sixnet devices with very little effort. The Project: There are three aspects to a basic SCADA network. The network itself is the medium through which the endpoints communicate with each other. These networks are very similar to corporate local area or wide area networks and may consist of various routing and switching components. Ideally a SCADA network is a completely isolated subnet of a greater corporate network and out of reach of the internet. Another aspe
FEATURES
ALTERNATIVES
A collection of tips and tricks for container and container orchestration hacking
A DNS rebinding attack framework for security researchers and penetration testers.
An image with commonly used tools for creating a pentest environment easily and quickly, with detailed instructions for launching in a VPS.
A VM for mobile application security testing, Android and iOS applications, with custom-made tools and scripts.
A proof-of-concept obfuscation toolkit for C# post-exploitation tools, designed to conceal malicious activities from detection.
Parrot Security OS is a comprehensive, secure, and customizable operating system for cybersecurity professionals, offering over 600+ tools and utilities for red and blue team operations.
Advanced command and control tool for red teaming and adversary simulation with extensive features and evasion capabilities.
A C++ staged shellcode loader with evasion capabilities, compatible with Sliver and other shellcode sources, designed for offensive security testing.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Kriptos
An AI-driven data classification and governance platform that automatically discovers, analyzes, and labels sensitive information while providing risk management and compliance capabilities.
System Two Security
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
Aikido Security
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Permiso
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.