Ralph Langner, who is on our top ten list, always has some interesting tools or information when we talk. Recently he showed me an application Langner Communications uses when having difficulty convincing asset owners they should worry about security.
It is a simple demo:
1. Press “PowerScan” to obtain a detailed listing of all networked PLCs, along with model information, configuration information, and reverse DNS names.
2. Select victim PLCs by checking the box left to the list entry.
3. Select if you want to switch all outputs of all selected PLCs on, off, or randomly. Then press the “Set Outputs” button.
4. Watch the skeptical asset owner’s face drop.
The tool was originally for a specific vendors products, but it has been generalized to be effective on a few vendors now.