During 2013, Chris Sistrunk and I reported reported a large number of defects in implementations of the DNP3 protocol. The bug were found using a custom smart fuzzer I wrote to test opendnp3. This prototype was later refined and expanded with Modbus and IEC 104 support to become the Aegis Fuzzer we sell today.
This work garnished us a lot of recognition, and shook the industry up a little bit. A couple of mainstream publications wrote about the work:
For the informed reader, a couple of well-known industry security bloggers summarized the work well:
For posterity’s sake, a table of all the advisories from DHS CISA (previously ICS-CERT) follows: