Utilities with more mature monitoring capabilities may be interested in a new tool by Nozomi Networks, a Wireshark plug-in developed to detect TriStation protocol traffic on the network, the TriStation Protocol Plug-in for Wireshark. Wireshark, a widely used open source network packet analyzer commonly used for network troubleshooting and analysis, is extremely useful for advanced malware analysis, including detecting TRITON/TRISIS/HatMan activity. During plug-in development, Nozomi injected the TRITON malware into a Triconex SIS controller, and then analyzed the proprietary TriStation protocol. According to Nozomi, the TriStation Protocol Plug-in for Wireshark has been developed to help cyber security researchers and ICS operators dissect Safety Instrumented System (SIS) controller communications to help identify compromises and evaluate cybersecurity risks. Nozomi Networks.
You are here
Related Resources
Dec 12, 2024 in Cybersecurity, in Federal & State Resources, in Security Preparedness
Dec 12, 2024 in Cybersecurity, in OT-ICS Security, in Security Preparedness
Dec 12, 2024 in Cybersecurity, in OT-ICS Security, in Federal & State Resources