Academy
Labs
Careers
Partner Login
Support
search bar

Nozomi Networks Labs

Nozomi Networks Labs is dedicated to reducing cyber risk for the world’s industrial and critical infrastructure organizations. Through our cybersecurity research and collaboration with industry and institutions, we’re helping defend the operational systems that support everyday life.

Subscribe to LabsVulnerability Advisories

Vulnerability Advisories

Schweitzer Engineering Laboratories (SEL) SEL-5030 acSELerator QuickSet Inclusion of Functionality from Untrusted Control Sphere – CVE-2023-31168

DetailsCVESecurity Notification

Schweitzer Engineering Laboratories (SEL) SEL-5030 acSELerator QuickSet Improper Handling of Unicode Encoding – CVE-2023-31169

DetailsCVESecurity Notification

Schweitzer Engineering Laboratories (SEL) SEL-5030 acSELerator QuickSet Inclusion of Functionality from Untrusted Control Sphere – CVE-2023-31170

DetailsCVESecurity Notification

Schweitzer Engineering Laboratories (SEL) SEL-5030 acSELerator QuickSet Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') – CVE-2023-31171

DetailsCVESecurity Notification

Schweitzer Engineering Laboratories (SEL) SEL-5030 acSELerator QuickSet Incomplete Filtering of Special Elements – CVE-2023-31172

DetailsCVESecurity Notification

Schweitzer Engineering Laboratories (SEL) SEL-5037 SEL Grid Configurator Use of Hard-coded Credentials – CVE-2023-31173

DetailsCVESecurity Notification
View all

Labs Blogs

Read the latest blog content from our security research team.

View all Labs blogs

9 New Vulnerabilities Impact Schweitzer Engineering Labs Software Applications on Engineering Workstations

Continue Reading

Protecting the Phoenix: Unveiling Critical Vulnerabilities in Phoenix Contact HMI – Part 1

Read

Six Vulnerabilities Found in Axis Camera Systems License Plate Verifier Application

Read

New Report: Nozomi Networks Labs Finds Defenses Are Improving But Threats Continue to Rise

Read

Nozomi Networks Discovers Three Vulnerabilities Affecting BlueMark DroneScout ds230 Remote ID Receiver

Read

Latest Labs Research

Research Report: Unpacking the OT & IoT Threat Landscape with Unique Telemetry Insight

Read

OT/IoT Security Report Executive Summary – August 2023

Read

OT/IoT Security Report Executive Summary - January 2023

Read

OT/IoT Security Report - January 2023

Read

Threat Intelligence

Curated and maintained by Nozomi Networks Labs, the Threat Intelligence™ service provides threat and vulnerability updates to Guardian, making it easy for IT/OT professionals to stay on top of current OT and IoT risks.

Learn more
Threat Intel screenshot
Nozomi Logo circle

“Threat actors love finding new ways to attack critical infrastructure. We love finding new ways to detect their malware before damage occurs.”

— Andrea Carcano & Moreno Carullo
Co-founders, Nozomi Networks

Research Projects

TRITON

TRITON is the first known cyberattack that directly interacted with a Safety Instrumented System (SIS). Labs reverse engineered the TriStation suite of software and delivered a report and two free tools for security researchers. This research was presented at Black Hat USA 2018.

Learn More

GreyEnergy

The Labs team reverse engineered the GreyEnergy malicious document (maldoc) that leads to the installation of the malware (backdoor) on a victim’s network. Project outcomes include a report, multiple blogs and two free tools for security researchers.

Learn More

IEC 62351

IEC Working Group 15 (WG15) is developing technology standards for secure-by-design power systems. Labs contributes to the standards and has demonstrated how they can be used to identify hard-to-detect cyberattacks. Research from this effort was presented at Black Hat USA 2019.

Learn More
See all

Tools

Guardian Community Edition Assertions (Queries) for COVID-19 Cybersecurity

New assertions (queries) have been added to Guardian Community Edition to help with COVID-19-related cybersecurity challenges.

Queries that check for communications with malicious IP addresses and URLs

Assertions for COVID-19 Network Indicators

Queries that check the number of simultaneous remote connections and generate alerts if the number surpasses a threshold.

Assertions for Remote Access Monitoring

COVID-19 Malware: OT and IoT Threat Intelligence

To help your organization proactively detect and prevent COVID-19 themed cyberattacks, download our network indicators, ransomware and malware threat intelligence.

Network IOCs (Indicators of Compromise)

COVID-19 themed Network Indicators

Yara rules for detecting coronavirus ransomware

COVID-19-Themed Ransomware Rules

Yara rules for detecting COVID-19 Informer malware

COVID-19 Informer Malware Rules

List of hashes that detect malicious files

COVID-19-Themed Hash

SNORT rule for detecting network infection

COVID-19 Chinoxy Backdoor Malware
Learn More on GitHub

URGENT/11 Nmap NSE Script for Detecting Vulnerabilities

Our Nmap NSE script for detecting URGENT/11 vulnerabilities is a research tool for quickly checking industrial systems for vulnerable assets based on the version of VxWorks exposed within the FTP service.

Due the fact that is not always possible to detect the running version, we recommend that industrial operators use full featured security products for effective vulnerability assessment.

Learn More on GitHub

Radamsa Enhancement, Introducing PCAPNG Awareness

Our contribution allows Radamsa to mutate PCAPNG files focusing only on the packets themselves, eliminating the bytes and data structures used by the PCAPNG format itself. It is useful for testing the robustness of protocol stacks, helping to improve the quality of OT-device software.

Learn More on GitLab

GreyEnergy Unpacker + Yara Module

Automatically unpacks both the dropper and the backdoor and extracts them onto a disk

GreyEnergy Unpacker

Determines whether a file processed by Yara is the GreyEnergy packer or not

GreyEnergy Yara Module
Learn More on GitHub

Tricotools

Facilitates seeing and comprehending TriStation communications and identifies hardware connected to the safety controller

TriStation Protocol Plug-in for Wireshark

Simulates SIS controllers on the network, useful for detecting reconnaissance scans and capture malicious payloads

Triconex Honeypot Tool
Learn More on GitHub

Take the next step.

Discover how easy it is to identify and respond to cyber threats by automating your IoT and OT asset discovery, inventory, and management.

Request a DemoWatch Demo

Subscribe

LinkedIn

Demo

PLATFORM

Platform OverviewVantageCentral Management ConsoleGuardianArcAsset IntelligenceThreat IntelligenceSmart Polling

Professional Services

OverviewDesignDeploymentFast TrackOptimizationProject Management

Solutions: Business needs

Threat Detection & ResponseContinuous Network MonitoringAsset Inventory ManagementRisk & Vulnerability ManagementIoT SecurityData Center Cybersecurity

Solutions: Compliance

NERC CIPNIS2 DirectiveTSA Security Directives

Solutions: Industry

AirportsElectric UtilitiesHealthcareFederal GovernmentManufacturingMaritimeMiningOil & GasPharmaceuticalRailRetailSmart CitiesWater & Wastewater

Learn

PartnersResourcesCompanyContact UsAcademyCareersLabsLegal
© 2023 Nozomi Networks Inc. All Rights Reserved. Privacy Policy and Certifications. System Status.