Mais informação na ArsTechnica:
"GHH is the reaction to a new type of malicious web traffic: search engine hackers. GHH is a “Google Hack” honeypot. It is designed to provide reconaissance against attackers that use search engines as a hacking tool against your resources.
(...) Google (...) allows for searching on an immense amount of information. The Google index has swelled past 8 billion pages [February 2005] and continues to grow daily. Mirroring the growth of the Google index, the spread of web-based applications such as message boards and remote administrative tools has resulted in an increase in the number of misconfigured and vulnerable web apps available on the Internet.
These insecure tools, when combined with the power of a search engine and index which Google provides, results in a convenient attack vector for malicious users. GHH is a tool to combat this threat. "
GHDB - Google Hacking Database
"We call them 'googledorks': Inept or foolish people as revealed by Google. Whatever you call these fools, you've found the center of the Google Hacking Universe!"
Peach is a cross-platform fuzzing framework written in Python. Peach can fuzz just about anything from COM/ActiveX, SQL, shared libraries/DLL's, network applications, web, you name it.
Alguns posts sobre o assunto no blog Zero Day:
Blackmail ransomware returns with 1024-bit encryption key
Who’s behind the GPcode ransomware?
PHP Shell is a shell wrapped in a PHP script. It’s a tool you can use to execute arbitrary shell-commands or browse the filesystem on your remote webserver. This replaces, to a degree, a normal telnet connection, and to a lesser degree a SSH connection.
You use it for administration and maintenance of your website, which is often much easier to do if you can work directly on the server. For example, you could use PHP Shell to unpack and move big files around. All the normal command line programs like ps, free, du, df, etc… can be used.http://phpshell.sourceforge.net/
European Committee for Strandarization (CEN)
Software Assurance: An Overview of Current Industry Best Practices
Software Assurance Forum for Excellence in Code (SAFECode)
SCADApedia - a resource for control system security and IT related issues in control systems
Vulnerability Notes - explicações detalhadas das vulnerabilidades em sistemas SCADA do US-CERT
SCADA security resources
Honeypots para SCADA
SCADA HoneyNet Project
"The study (...) is notable for its breadth. Unlike many security reports, which focus on a single issue or type of threat, OECD examines how various types of malware function, the changing shape of the industry's business model, the role governments and international governmental organizations play in halting malware distribution (or, in some cases, facilitating it), and the various incentives and disincentives that might effectively retard the growth and reduce the impact of malicious software."