Do-it-yourself Scada Vulnerability Testing with Lzfuzz

Security vulnerabilities typically start with bugs: in input validation, and also in deeper application logic. Fuzz-testing is a popular security evaluation technique in which hostile inputs are crafted and passed to the target software in order to reveal such bugs. However, for SCADA software used in critical infrastructure, the widespread use of proprietary protocols makes it difficult to apply existing fuzz-testing techniques, which work best when protocol semantics are known, targets can be instrumented, or at least large network traces are available. These things typically don’t apply in real-world infrastructure such as power SCADA. Domain experts often do not have the time and data to understand the proprietary protocols their equipment uses well enough for fuzz-testing. Domain experts are understandably unwilling to share sufficient internal access to allow external security experts to perform the fuzz-testing; and the domain uses live sessions with short data validity time window, which makes it hard to prime a fuzzer with large network