Academy
Labs
Careers
Partner Login
Support
search bar

Nozomi Networks Labs

Nozomi Networks Labs is dedicated to reducing cyber risk for the world’s industrial and critical infrastructure organizations. Through our cybersecurity research and collaboration with industry and institutions, we’re helping defend the operational systems that support everyday life.

Subscribe to LabsVulnerability Advisories

Vulnerability Advisories

Bosch Rexroth Nexo cordless nutrunners Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) - CVE-2023-48242

DetailsCVESecurity Notification

Bosch Rexroth Nexo cordless nutrunners Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) - CVE-2023-48243

DetailsCVESecurity Notification

Bosch Rexroth Nexo cordless nutrunners Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) - CVE-2023-48244

DetailsCVESecurity Notification

Bosch Rexroth Nexo cordless nutrunners Missing Authorization – CVE-2023-48245

DetailsCVESecurity Notification

Bosch Rexroth Nexo cordless nutrunners Missing Authorization – CVE-2023-48247

DetailsCVESecurity Notification

Bosch Rexroth Nexo cordless nutrunners Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) – CVE-2023-48248

DetailsCVESecurity Notification
View all

Labs Blogs

Read the latest blog content from our security research team.

View all Labs blogs

Nozomi Networks Labs Takes on the Armasuisse ICS and Automotive Hackathons

Continue Reading

Agrius in Focus: Dissecting a Web Shell

Read

P2PInfect Worm Evolves to Target a New Platform

Read

Vulnerabilities on Bosch Rexroth Nutrunners May Be Abused to Stop Production Lines, Tamper with Safety-Critical Tightenings

Read

Nozomi Networks Labs Presents Zero-Day Vulnerabilities Affecting Mitsubishi Electric Safety PLCs at Black Hat MEA 23

Read

Latest Labs Research

Research Report: Assessing the Threat Landscape

Read

OT/IoT Security Report Executive Summary - February 2024

Read

Assessing the Threat Landscape for OT & IoT Security – A Review of the Second Half of 2023

Read

Codename I11USION: Eleven Practical Ways to Pwn Browser Based HMls in 2023

Read

Threat Intelligence

Curated and maintained by Nozomi Networks Labs, the Threat Intelligence™ service provides threat and vulnerability updates to Guardian, making it easy for IT/OT professionals to stay on top of current OT and IoT risks.

Learn more
Threat Intel screenshot
Nozomi Logo circle

“Threat actors love finding new ways to attack critical infrastructure. We love finding new ways to detect their malware before damage occurs.”

— Andrea Carcano & Moreno Carullo
Co-founders, Nozomi Networks

Research Projects

TRITON

TRITON is the first known cyberattack that directly interacted with a Safety Instrumented System (SIS). Labs reverse engineered the TriStation suite of software and delivered a report and two free tools for security researchers. This research was presented at Black Hat USA 2018.

Learn More

GreyEnergy

The Labs team reverse engineered the GreyEnergy malicious document (maldoc) that leads to the installation of the malware (backdoor) on a victim’s network. Project outcomes include a report, multiple blogs and two free tools for security researchers.

Learn More

IEC 62351

IEC Working Group 15 (WG15) is developing technology standards for secure-by-design power systems. Labs contributes to the standards and has demonstrated how they can be used to identify hard-to-detect cyberattacks. Research from this effort was presented at Black Hat USA 2019.

Learn More
See all

Tools

Guardian Community Edition Assertions (Queries) for COVID-19 Cybersecurity

New assertions (queries) have been added to Guardian Community Edition to help with COVID-19-related cybersecurity challenges.

Queries that check for communications with malicious IP addresses and URLs

Assertions for COVID-19 Network Indicators

Queries that check the number of simultaneous remote connections and generate alerts if the number surpasses a threshold.

Assertions for Remote Access Monitoring

COVID-19 Malware: OT and IoT Threat Intelligence

To help your organization proactively detect and prevent COVID-19 themed cyberattacks, download our network indicators, ransomware and malware threat intelligence.

Network IOCs (Indicators of Compromise)

COVID-19 themed Network Indicators

Yara rules for detecting coronavirus ransomware

COVID-19-Themed Ransomware Rules

Yara rules for detecting COVID-19 Informer malware

COVID-19 Informer Malware Rules

List of hashes that detect malicious files

COVID-19-Themed Hash

SNORT rule for detecting network infection

COVID-19 Chinoxy Backdoor Malware
Learn More on GitHub

URGENT/11 Nmap NSE Script for Detecting Vulnerabilities

Our Nmap NSE script for detecting URGENT/11 vulnerabilities is a research tool for quickly checking industrial systems for vulnerable assets based on the version of VxWorks exposed within the FTP service.

Due the fact that is not always possible to detect the running version, we recommend that industrial operators use full featured security products for effective vulnerability assessment.

Learn More on GitHub

Radamsa Enhancement, Introducing PCAPNG Awareness

Our contribution allows Radamsa to mutate PCAPNG files focusing only on the packets themselves, eliminating the bytes and data structures used by the PCAPNG format itself. It is useful for testing the robustness of protocol stacks, helping to improve the quality of OT-device software.

Learn More on GitLab

GreyEnergy Unpacker + Yara Module

Automatically unpacks both the dropper and the backdoor and extracts them onto a disk

GreyEnergy Unpacker

Determines whether a file processed by Yara is the GreyEnergy packer or not

GreyEnergy Yara Module
Learn More on GitHub

Tricotools

Facilitates seeing and comprehending TriStation communications and identifies hardware connected to the safety controller

TriStation Protocol Plug-in for Wireshark

Simulates SIS controllers on the network, useful for detecting reconnaissance scans and capture malicious payloads

Triconex Honeypot Tool
Learn More on GitHub

Take the next step.

Discover how easy it is to identify and respond to cyber threats by automating your IoT and OT asset discovery, inventory, and management.

Request a DemoWatch Demo

Subscribe

LinkedIn

Demo

PLATFORM

Platform OverviewVantageCentral Management ConsoleGuardianGuardian AirArcAsset IntelligenceThreat IntelligenceSmart PollingPSIRT

Professional Services

OverviewDesignDeploymentFast TrackOptimizationProject Management

Solutions: Business needs

Threat Detection & ResponseContinuous Network MonitoringAsset Inventory ManagementRisk & Vulnerability ManagementIoT SecurityData Center Cybersecurity

Solutions: Compliance

NERC CIPNIS2 DirectiveTSA Security Directives

Solutions: Industry

AirportsElectric UtilitiesHealthcareFederal GovernmentManufacturingMaritimeMiningOil & GasPharmaceuticalRailRetailSmart CitiesWater & Wastewater

Learn

PartnersResourcesCompanyContact UsAcademyCareersLabsLegal
© 2024 Nozomi Networks Inc. All Rights Reserved. Privacy Policy and Certifications. System Status.