Articles / Papers / Magazines / Journals

• A. Sood, "Discovering and fingerprinting BACnet Devices", Help Net Security, July 2019
• A. Sood, "Too fast, too insecure: Securing Mongo Express Web Administrative Interfaces", Help Net Security, April 2019
• A. Sood "Cloudifying Malware: Understanding Cloud App Threats", ISACA Journal, 2018.
• A. Sood and S. Zeadally "Cybercrime at a Scale: A Practical Study of Deployments of HTTP-Based Botnet Command and Control Panels", IEEE Communications Magazine, 2017.
• A. Sood "The State of Web Vulnerabilities in SCADA WEB HMIs.", STSC Crosstalk - Journal of Defense Engineering, 2016.
• A. Sood and S. Zeadally "Drive-by Download Attacks: A Comparative Study of Browser Exploit Packs Features and Attack Techniques! ", IEEE IT Professional - Special Edition of Cyber Security , 2016.
• A. Sood and S. Zeadally "A Taxonomy of Domain Generation Algorithms", IEEE Security and Privacy Magazine, 2016.
• A. Sood "Data Science as a Tool for Cloud Security", ISACA Journal, 2018.
• A. Sood, S. Zeadally, R. Bansal, "Exploiting Trust - Stealthy Attacks through Socioware and Insider Threats", IEEE Systems Journal, 2015.
• A. Sood and R. Enbody, "U.S. Military Defense Systems - The Anatomy of Cyber Espionage by Chinese Hackers!", Georgetown Journal of International Affairs, 2015.
• A. Sood, S. Zeadally, R. Enbody, "An Empirical Study of HTTP-based Financial Botnets", IEEE Transactions on Dependable and Secure Computing, 2015.
• A. Sood and R. Enbody, " Targeted Cyberattacks - Superset of Advanced Persistent Attacks", IEEE Security and Privacy Magazine, 2013.
• A. Sood, R. Bansal, and R. Enbody, "Cybercrime - Dissecting the State of Underground Enterprise", IEEE Internet Computing Magazine, 2013.
• A. Sood and R. Enbody, "Dissecting SpyEye - Understanding the Design of Third Generation Botnets", Elsevier Computer Networks Journal,2013.
• A. Sood and R. Enbody, " Crimeware-as-a-Service (CaaS) - A Survey of Commoditized Crimeware in the Underground Market ", International Journal of Critical Infrastructure Protection, 2013.
• A. Sood and R. Enbody, "The Art of Cyber Bank Robbery", STSC Crosstalk - Journal of Defense Engineering, 2013.
• A. Sood and R. Enbody, "iPhone Malware Paradigm", STSC Crosstalk - Journal of Defense Engineering, 2012.
• A. Sood and R. Enbody, "Browser User Interface Design Flaws", STSC Crosstalk - Journal of Defense Engineering, 2011.
• A. Sood and R. Enbody, "The Conundrum of Declarative Security HTTP Response Headers: Lessons Learned ", USENIX CollSec, 2010.
• Online Social Networks Malware, Computer Society of India, June 2013
• Circumventing SMS based Two-factor Authentication, Digital Forensics, August 2012
• Iphone Malware Paradigm., STSC Crosstalk Journal, March/April 2012
• Social Networks - Launchpads for Malware., Commercial Crime International, December 2011
• Cross Interface Attacks in Network Devices., ISACA Journal, December 2011
• Breaking Down the {I*} Devices - Penetration Testing Like a Hacker., Hakin9 Magazine, September 2011
• Browser Interface Design Flaws., STSC Crosstalk Journal, May/June 2011
• Social Networks - Chain Exploitation., ISACA Journal, January 2011
• JavaScript Infection Model., ISSA Journal, November 2010
• Holistic Analysis of Defective Threads., Debugged Magazine, December 2009
• Artifacts of Inline User Mode Heap Analysis., Debugged Magazine, September 2009
• Hacking 802.11 Protocol Insecurities., Usenix ;login Magazine, April 2008
• Insecurities in Designing XML Signatures., Usenix ;login Magazine, February 2008
• Design Flaws in IP Surveillance Cameras., Hakin9 Magazine, July 2011

Elsevier Journals

• Enhancing Cyber Security at scale with ML/AI frameworks, Network Security - Mag Online Library, May, 2023
• Cloud databases: A Breeding Ground for Ransomware, Network Security - Mag Online Library, January, 2023
• DGAs Die Hard: Detecting Malicious Domains using AI, Network Security - Mag Online Library, June, 2022
• The Covid-19 Threat Landscape, Computer Fraud and Security - Mag Online Library, September, 2021
• State of Declarative Security in Banking Websites., Elsevier Computer Fraud and Security (CFS) Journal, July 2011
• Spying on the Browser - Dissecting the Design of Malicious Extensions., Elsevier Network Security (NESE) Journal, May 2011
• Abusing Glype Proxies: attacks , Exploits and Defenses, Elsevier Network Security, December 2012
• Malvertising - Exploiting Web Advertising., Elsevier CFS, April 2011
• Frametrapping the Framebusting Defense., Elsevier Network Security (NESE) Journal, October 2011

Virus Bulletin: Research Reports and Articles

• Cryptojacking on the Fly: TeamTNT Using NVIDIA Drivers to Mine Cryptocurrency, Virus Bulletin Magazine, April 2022
• Collector-stealer: A Russian Origin Credential and Information Extractor, Virus Bulletin Magazine, November 2021
• Dissecting the Design and Vulnerabilities in AZORult C&C Panels, Virus Bulletin Magazine, Feb 2020
• LokiBot: Dissecting the C&C panel Deployments, Virus Bulletin Magazine, Feb 2020
• Powering the distribution of Tesla stealer with PowerShell and VBA macros, Virus Bulletin Magazine, May 2018
• Prosecting the Citadel Botnet - Revealing the Dominance of the Zeus Descendent: Part Two, Virus Bulletin Magazine, September 2014
• Prosecting the Citadel Botnet - Revealing the Dominance of the Zeus Descendent: Part One, Virus Bulletin Magazine, September 2014
• CPanel Iframe Injector - A Look Into NiFramer, Virus Bulletin Magazine, October 2013
• Styx Exploit Pack Design Analysis, Virus Bulletin Magazine, September 2013
• Sweet Orange Exploit Pack Design Analysis, Virus Bulletin Magazine, March 2013
• Winlocker Ransomware - Analysis, Virus Bulletin, November 2012
• Inside the ICE IX bot, descendent of Zeus, Virus Bulletin Magazine, August 2012
• Malware Design Strategies for Circumventing Detection and Prevention Controls – Part Two, Virus Bulletin Magazine, June 2012
• Malware Design Strategies for Circumventing Detection and Prevention Controls – Part One, Virus Bulletin Magazine, May 2012
• Zombifying Targets - Malicious Phishing Campaigns, Virus Bulletin Magazine, April 2012
• Dissecting the NGR Bot Framework, Virus Bulletin Magazine, January 2012
• The Art of Stealing Banking Information - Form Grabbing on Fire, Virus Bulletin Magazine, November 2011
• SpyEye Bot Exploitation Tactics., Virus Bulletin Magazine, August 2011
• SpyEye Malware Infection Framework., Virus Bulletin Magazine, July 2011
• Browser Malware Taxonomy., Virus Bulletin Magazine, June 2011

Hack-in-the-Box: Magazine

• Bot Wars: The Game of Win 32/64 System Takeover, Hack In The Box - Ezine, November 2012
• Exploit Distribution Mechanism in Browser Exploit Packs, Hack In The Box - Ezine, April 2012
• Extending SQL Injection using Buffer Overflows, Hack In The Box - Ezine, October 2011
• Botnet Resistant Coding, Hack In The Box - Ezine, May 2011
• Exploiting Web Virtual Hosting, Hack In The Box - Ezine, January 2011
• Notorious Datacenter Servers Support Systems, Hack In The Box - Ezine, October 2010
• Chinese Malware Factory, Hack In The Box - Ezine, July 2010
• Open Redirect - Wreck Off, Hack In The Box - Ezine, April 2010
• Malware Obfuscation - Tricks and Traps, Hack In The Box - Ezine, January 2010

Whitepapers

• BlackHat 2014 Briefing - Exploiting Fundamental Weaknesses in Botnet C&C Panels., 2014
• Dissecting Java Server Faces for Penetration Testing., 2011
• Digging inside VxWorks (OS + Firmware) - The Holistic Security., 2011
• Design Inaccuracy - Cross Link Authoring Flaw - Scribd Flaw - iPaper Platform., 2010
• PDF Silent HTTP Form Repurposing Attacks., 2009
• Evading Web XSS Filters through Word (MS Office) in Enterprise Web Applications., 2009

Talks

• MELEE: A Tool to Detect Ransomware Infections in MongoDB, BlackHat Arsenal, Las Vegas, 2023
• Using ML/AI to Design Cybersecurity Solutions, SF Tech Summit, San Francisco, 2023
• Compromising the Keys to the Kingdom - Exfiltrating Data to Own and Operate the Exploited Systems, FIRST Incident Response Conference, Montreal, 2023
• Cloudifying Ransom Wars, Anti Phishing Working Group (APWG) eCrime Conference, Internet, 2022
• Data is the New E-Currency: Dissecting the Paradigm of Present-day Cyberattacks , Pacific Hackers Conference, Mountain View, 2022
• Combating Ransom-Wars: Evolving Landscape of Ransomware Infections in Cloud Databases, Hackers on Planet Earth (HOPE) Conference, New York, 2022.
• World of Modern Apps: Dissecting Ransomware and Botnet Threats in Cloud Databases, Secure 360 Conference, Prior Lake Minnesota, 2022.
• Dethroning Ransomware Infections in the Cloud Databases used for Modern Applications, Texas Cyber Security Summit, San Antonio, 2021.
• {Internet of Things or Threats}: Anatomizing the Structure of IoT Botnets, Hack in Paris (HiP) Conference, San Antonio, 2021.
• Internet of {Things or Threats}, BSides, Berlin, 2021.
• Enfilade: A Tool to Detect Potential Ransomware Infections in MongoDB Instances, BlackHat Arsenal USA, 2021.
• Uncovering Botnets in IOT Hemisphere, Secure 360 Conference, St. Paul Minnesota, 2020.
• Strafer: A Tool to Detect Potential Infections in Elasticsearch Instances, BlackHat Arsenal Europe, 2020.
• Compromising IoT C&C panels for Unearthing Infections, Virus Bulletin Local Host, 2020.
• Jamming into the World of IoT Botnets: The Hacker’s Way, UTSA, San Antonio, Texas, 2020.
• Connected World of Devices - Exploiting the Embedded Web Security Pacific Hackers Conference , Santa Clara, CA, 2019.
• Embedding Security and Privacy in DevOps - Real World Case Studies SANS DevOps Summit, Denver, Colorado, 2019.
• The State of Embedded Web Security in IOT Devices, Texas Cyber Security Summit, San Antonio, 2019.
• IoT Botnet Chaos, ToorCon Security Conference, San Diego, California, 2018.
• The State of IoT Botnets - The Bad and The Ugly, Hackers on Planet Earth (HOPE) Security Conference, New York, NY, USA, 2018.
• Crimeware Chaos: Empirical Analysis of HTTP-based Botnet C&C Panels, BSides SF , San Francisco, USA, 2018.
• The State of IoT Botnets: An Overview, IoT Security Symposium, Burlingame, CA, USA, 2018.
• Cloud Storage Abuse and Exploitation, EDGE Security Conference, Knoxville, Tennesse, USA, 2017.
• The Budding World of Cloud Storage Abuse and Exploitation : A Technical Deep Dive, FIRST Security Conference, Puerto Rico, USA, 2017.
• The TAO of Automated Iframe Injectors - Building Drive-by Platforms For Fun and Profit, Virus Bulletin, Denver, USA, 2016.
• Understanding the Crux - Abuse of Cloud Storage Apps, CSA Secure Cloud , Dublin, Ireland, 2016.
• Delivering Security in Cloud Generation World, RSA, San Francisco, USA, 2016.
• Sanctioned to Hack - Hunting Vulnerabilities in SCADA HMIs, Ground Zero, New Delhi, India, 2015
• Design Flaws in Network Switches - Your Network Devices Belong to Us!, ToorCon, San Diego, CA, USA, 2015
• Dynamics of Cloud Storage Abuse and Exploitation - One More for the Road!, ToorCon, San Diego, CA, USA, 2015
• Applying Data Science to Cloud Services Auditing, Compliance, Monitoring and Security, PSR (Privacy Security Risk), Las Vegas, USA
• The State of Web Security in SCADA HMIs, OWASP, San Francisco, CA, USA, 2015
• Hunting Vulnerabilities in SCADA HMIs, DEFCON, Las Vegas, Nevada, USA, 2015
• Exploiting Fundamental Weaknesses in Botnet C&C Panels, BlackHat, Las Vegas, Nevada, USA, 2014
• C-SCAD - Assessing Security Flaws in ClearSCADA WebX Client,BlackHat Arsenal, Las Vegas, Nevada, USA, 2014
• How I Hacked Your Botnet C&C Panels, ToorCon, San Diego, 2014
• Sparty : A Tool to Audit FrontPage and SharePoint, BlackHat Arsenal,Las Vegas, Nevada, USA, 2013
• Emerging Trends in Online Social Network Malware, Secure 360 , St. Paul, Minnesota, 2013
• Dissecting Socioware - A Study of Online Social Network Malware, InfoSec Security Southwest (ISSW),Austin, Texas, 2013
• Malandroid - Android Malware Mayhem, ToorCon, San Diego, 2012
• Bust a Cap in the Mobile App, SANS AppSec, Las Vegas, 2012
• The Realm of Third Generation Botnet Attacks, GrrCon, Grand Rapids,2012
• Bonded with Botnets, US-CERT GFIRST, Atlanta, 2012
• Botnets Die Hard - Owned and Operated, DEFCON, Las Vegas,2012
• Advancements in Botnet Attacks and Malware Distribution, Hackers on Planet Earth(HOPE), New York,2012
• Insidious Infections - Mangling with Botnets, Layer One, Anaheim, California, 2012
• Dissecting the State of Present-day Malware, HackCon, Oslo, Norway, 2012
• Hunting Web Malware, Hacker Halted, Miami, Florida, 2011
• Browser Exploit Packs - Death by Bundled Exploits, Virus Bulletin, Barcelona, Spain, 2011
• Botnets and Browsers - Brothers in the Ghost Shell, BruCon, Brussels, Belgium, 2011
• The Good Hacker - Dismantling Web Malware, OWASP AppSec, Minnesota, Minneapolis, USA, 2011
• Browser Exploit Packs - Exploitation Tactics, ToorCon, Seattle, Washington, 2011
• Art of Info Jacking - Detecting Hidden Devices, Source, Seattle, Washington, 2011
• Spying on SpyEye Botnet - What Lies Beneath, Hack-in-the-Box (HitB), Amsterdam, Netherlands, 2011
• Eye for and Eye - SpyEye Banking Trojan, ToorCon, San Diego, California, 2010
• Web Maniac - Hacking Trust, Hacker Halted, Miami, Florida, 2010
• The Art of Information Extraction, OWASP AppSec, Brazil, 2010
• Bug Alcoholic - Untamed World of Web Vulnerabilities, OWASP AppSec, Irvine, California,USA, 2010
• Scaling Web 2.0 Malware Infections, TRISC - Texas Regional Infrastructure Security , Grapevine, Texas, 2010
• Untamed XSS Wars - Filters vs Payloads, RSA, San Francisco, California, 2010
• Browser Design Flaws, Troopers, Munich, Germany, 2009
• Web Psyschic 2.0, Excalibur , Wuxi, China, 2009
• Rumbling Infections - Web 2.0 Malware Anatomy, SecurityByte - OWASP AppSec, New Delhi, India, 2009
• Webnoxious 2.0 - Attacking Open End Web, FOSS (Free and Open Source Software), Bangalore, India, 2009
• Vulnerability Vectors in PDF - Synthesizing PDF Attacks, EUSecWest, London, UK, 2008
• Rolling Balls - Can You Hack Clients?, XFOCUS XCON, Beijing, China, 2008
• KungFoo Jacking Browsers, XFOCUS XCON / XKungFoo, Beijing, China, 2008

Presentations - Video Links

A number of videos available for the talks:

• ANTI PHISING ECRIME CONFERENCE -2022 - Cloidifying Ransom Wars
• GOVWARE -2022 - Detecting Database Compromises at Scale
• VIRUS BULLETIN CONFERENCE 2021 - Compromising IOT C&C Panels for Unearthing Infections
• TEXAS CYBER SECURITY CONFERENCE 2021 - Dethroning Ransomeware Infections in Cloud databases
• HACK IN PARIS CONFERENCE 2021 - {Internet of Things or Threats}: Anatomizing the Structure of IoT Botnets
• PACIFIC HACKERS CONFERENCE 2020 - Connected World of Devices - Exploiting the Embedded Web Security
• BSIDES SF 2018 - Crimeware Chaos: Empirical Analysis of HTTP-Based Botnet C&C Panels
• TOORCON 2018 - IOT Botnets: The Crux of Internet of Things Chaos.
• HOPE 2018 - The Evidential Study of IOT Botnets.
• DEF CON 20 - Botnets Die Hard
• DEF CON 23 - Dissecting the Design of SCADA Web HMIs
• OWASP LAS CON 2016 - The Good Hacker Dismantling Web Malware
• BLACKHAT 2015 - Exploiting Fundamental Weaknesses in Botnet C&C Panels!
• LAYER ONE 2012 - Insidious Infections: Mangling with Malware
• GRRCON 2012 - The Realm of Third Generation Botnets.
• HOPE 2012 - Advancements in Botnet Attacks and Malware Distribution.

Patents

• US 20150264070 - Method and system for detecting algorithm-generated domains: A method and system for detecting algorithm-generated domains (AGDs) is disclosed wherein domain names requested by an internal host are categorized or classified using curated data sets, active services (e.g. Internet services), and certainty scores to match domain names to domain names or IP addresses used by command and control servers.

Research Projects

Botnets and Cybercrime

• Cybercrime at a Scale: A Practical Study of Deployments of HTTP-Based Botnet Command and Control Panels
  Cybercriminals deploy botnets for conducting nefarious operations on the Internet. Botnets are managed on a large scale and harness the power of compromised machines, which are controlled through centralized portals known as C&C panels. C&C panels are considered as attackers primary operating environment through which bots are controlled and updated at regular intervals of time. C&C panels also store information stolen from the compromised machines as a part of the data exfiltration activity. In this empirical study, we analyzed many over 9000 C&C web URLs to better understand the deployment and the operational characteristics of HTTP-based botnets.
  
  Published: IEEE Communications Magazine: https://ieeexplore.ieee.org/abstract/document/7981519
• The Taxonomy of Domain Generation Algorithms
  Domain-generation algorithms (DGAs) allow attackers to manage infection-spreading websites and command-and-control (C&C) deployments by altering domain names on a timely basis. DGAs have made the infection and C&C architecture more robust and supportive for attackers.
  
  Published: IEEE Security and Privacy Magazine: https://www.computer.org/csdl/magazine/sp/2016/04/msp2016040046/13rRUNvyadg
• Drive-by Download Attacks: A Comparative Study of Browser Exploit Packs Features and Attack Techniques
  Attackers are using domain-generation algorithms and command-and-control operations to efficiently distribute malware. A detailed taxonomy of DGAs highlights this problem in depth, improving our understanding of various attack techniques and their existing and potential trends.
  
  Published: IEEE IT Professional: https://ieeexplore.ieee.org/document/7579103
• An Empirical Study of HTTP-based Financial Botnets
  Cyber criminals are covertly attacking critical infrastructures, and botnets are a common component of those attacks. In recent years, botnets have been shifting their focus from broad-based attacks to more targeted ones such as attacking financial institutions, especially banks.
  
  Published: IEEE Transactions on Dependable and Secure Computing: https://ieeexplore.ieee.org/document/6991594
• Exploiting Trust: Stealthy Attacks Through Socioware and Insider Threats
  Online social networks (OSNs) provide a new dimension to people lives by giving birth to online societies. OSNs have revolutionized the human experience, but they have also created a platform for attackers to distribute infections and conduct cybercrime. An OSN provides an opportunistic attack platform for cybercriminals through which they can spread infections at a large scale.
  
  Published:IEEE Systems Journal: https://ieeexplore.ieee.org/document/7042925?arnumber=7042925
• Cybercrime - Dissecting the State of Underground Enterprise
  Cybercrime’s tentacles reach deeply into the Internet. A complete, underground criminal economy has developed that lets malicious actors steal money through the Web. The authors detail this enterprise, showing how information, expertise, and money flow through it. Understanding the underground economy’s structure is critical for fighting it.
  
  Published: IEEE Internet Computing Magazine: https://www.computer.org/csdl/magazine/ic/2013/01/mic2013010060/13rRUILc8bN
• Targeted Cyberattacks - Superset of Advanced Persistent Attacks
  Targeted cyberattacks play an increasingly significant role in disrupting the online social and economic model, not to mention the threat they pose to nation-states. A variety of components and techniques come together to bring about such attacks.
  
  Published:IEEE Security and Privacy Magazine: https://ieeexplore.ieee.org/document/6231617
• Crimeware-as-a-Service (CaaS) - A Survey of Commoditized Crimeware in the Underground Market
  Crimeware-as-a-service (CaaS) has become a prominent component of the underground economy. CaaS provides a new dimension to cyber crime by making it more organized, automated, and accessible to criminals with limited technical skills. This paper dissects CaaS and explains the essence of the underground economy that has grown around it. The paper also describes the various crimeware services that are provided in the underground market.
  
  Published:International Journal of Critical Infrastructure Protection: https://www.sciencedirect.com/science/article/abs/pii/S1874548213000036
• The Conundrum of Declarative Security: HTTP Response Headers: Lessons Learned
  The stringency of attacks has grown simultaneously with the development of the web. To combat some of the new attacks, declarative security has been proposed in the form of HTTP response headers from the server side. The declarative model provides an extensible set of security parameters in form of HTTP responses. In this, browsers can respond with a requested security mechanism. This paper explores the state of HTTP declarative security and how it is being applied today.
  
  Published:Usenix Collsec: https://www.usenix.org/legacy/event/collsec10/tech/full_papers/Sood.pdf
• Exploiting Fundamental Weaknesses in Botnet C&C Panels
  Bot herders deploy Command and Control (C&C) panels for commanding and collecting exfiltrated data from the infected hosts on the Internet. To protect C&C panels, bot herders deploy several built-in (software-centric) protection mechanisms to restrict direct access to these C&C panels. However, there exist fundamental mistakes in the design and deployment of these C&C panels that can be exploited to take complete control. This talk discusses about the methodology of launching reverse attacks on the centralized C&C panels to derive intelligence that can be used to build automated solutions. This research reveals how to detect vulnerabilities and configuration flaws in the remote C&C panels and exploit them by following the path of penetration testing. This talk is derived from the real time research in which several C&C panels were targeted and intelligence was gathered to attack the next set of C&C panels. A number of case studies will be discussed to elaborate step-by-step process of attacking and compromising C&C panels. This talk also demonstrates the use of automated tools authored for making the testing easier for the researchers.
  
  Webpage: BlackHat Research

Tools

• Enfilade - A Tool to Detect Infections in Elasticsearch Instances: MongoDB infections are rising exponentially. The adversaries are exploiting open and exposed MongoDB interfaces to trigger infections in the cloud and non-cloud deployments. During this talk, we will release a tool named "ENFILADE" to detect potential infections in the MongoDB instances. The tool allows security researchers, penetration testers, and threat intelligence experts to detect compromised and infected MongoDB instances running malicious code. The tool also enables you to conduct efficient research in the field of malware targeting cloud databases.
  
  Webpage: Enfilade : BlackHat Arsenal
• Strafer - A Tool to Detect Infections in Elasticsearch Instances: Elasticsearch infections are rising exponentially. The adversaries are exploiting open and exposed Elasticsearch interfaces to trigger infections in the cloud and non-cloud deployments. During this talk, we will release a tool named "STRAFER" to detect potential infections in the Elasticsearch instances. The tool allows security researchers, penetration testers, and threat intelligence experts to detect compromised and infected Elasticsearch instances running malicious code. The tool also enables you to conduct efficient research in the field of malware targeting cloud databases.
  
  Webpage: Strafer : BlackHat Arsenal
• Sparty - Sharepoint Web Application Penetration Testing Tool: Sparty is an open source tool written in python to audit web applications using sharepoint and frontpage architecture. The motivation behind this tool is to provide an easy and robust way to scrutinize the security configurations of sharepoint and frontpage based web applications. Due to the complex nature of these web administration software, it is required to have a simple and efficient tool that gathers information, check access permissions, dump critical information from default files and perform automated exploitation if security risks are identified. A number of automated scanners fall short of this and Sparty is a solution to that.
  
  Webpage: Sparty : BlackHat Arsenal
• C-SCAD: Assessing Security Flaws in C-SCAD WebX Client: C-SCAD is an information gathering and penetration testing tool written to assess the security issues present in the Web-X (Internet Explorer-based web interface) client used to interact with the ClearSCADA server. WebX client is hosted on the embedded web server which is shipped as a part of complete ClearSCADA architecture. Primarily, the WebX client is restricted to perform any configuration changes but it can reveal potential information about the ClearSCADA server and associated components. Insecure deployments of WebX client can reveal potential information about the various functions such as alarm pages, SQL lists, and diagnostic checks including various reports.
  
  Webpage: C-SCAD : BlackHat Arsenal
• Declarative Security Detector: Mozilla Addons Clickjacking Defense - Declarative Sec Detector and HTTP Content Security Policy Detector.
  
  Webpage: Declarative Security Addons

Vulnerabilities Discovered

A number of vulnerabilities have been disclosed under the hood of "Responsible Disclosure" and cannot be disclosed due to business and legal constraints. A number of disclosed vulnerabilities are listed below but not limited to:

• ICSA-18-221-02, NetComm Wireless 4G LTE Light Industrial M2M Router.
• ICSA-16-348-01, Visonic PowerLink2 Vulnerabilities.
• ICSA-16-343-01, Moxa MiiNePort Session Hijack Vulnerabilities.
• ICSA-16-063-01, Moxa ioLogik E2200 Series Weak Authentication Practices.
• ICSA-16-061-02, Rockwell Automation Allen-Bradley CompactLogix Reflective Cross-Site Scripting Vulnerability.
• ICSA-16-019-01, Siemens OZW672 and OZW772 XSS Vulnerability
• ICSA-15-349-01, Adcon Telemetry A840 Vulnerabilities
• ICSA-15-351-02, Motorola MOSCAD SCADA IP Gateway Vulnerabilities
• ICSA-15-300-03A, Rockwell Automation Micrologix 1100 and 1400 PLC Systems Vulnerabilities (Update A).
• ICSA-15-246-02, Schneider Electric Modicon PLC Vulnerabilities.
• ICSA-15-013-02, Clorius Controls A/S ISC SCADA Insecure Java Client Web Authentication.
• ICSA-14-259-01A, Schneider Electric SCADA Expert ClearSCADA Vulnerabilities.
• CVE-2010-2453, Web Commands Injection through FTP Login in Synology Disk Station.

Note: a number of vulnerabilities are in the process of getting patched and will be added once advisories are released.

Bug Bounties (*FUN*)

Reported many vulnerabilities to vendors as a part of bug bounties (entirely fun). The list of vendors are presented below but are not limited to:

• NetFlix | PayPal | BlackBerry | Barracuda Networks | Apple | Adobe | Microsoft | ZScaler

Skills

• Executing Information Security Management Program (ISMP)
• Security Assessments - Penetration Testing and Vulnerability Discovery
• Cloud Security - Architectural Design
• IOT Security Research and Algorithm Design
• Vulnerability Research
• Mobile Security Assessments
• Source Code Reviews
• Security and Privacy Risk Assessments including Impact Analysis
• Malware Research and Analysis
• Secure Design Reviews
• Risk Assessments: Security and Privacy
• Configuration Management Reviews
• Product Management for Security Initiatives


• Details: For consulting services, please contact via Linkedin.

Speaking Engagements

• Details: For speaking engagements, please contact via Linkedin.

Published Blogs

   

Tweets by @AdityaKSood

• Blog[at]Medium
• Malware at Stake Blog - An Official Malware Research Blog of SecNiche Security Labs. Analysis, Straight from the Hidden and Underground.
• Pentester's Blog: An Personal Security Research Blog.