bring in some profinet links and other misc things

Author: timyardley

pcaps/profinet/ChangeIPUsingDCP.pcap

@@ -1,4 +1,4 @@
-# ICS Protocols 
+# ICS Protocols
 ## Developed as a community asset at S4x16
 
 ## AMI
@@ -7,6 +7,15 @@
 ## BACnet
 * [BACpypes](https://github.com/JoelBender/bacpypes) - BACpypes provides a BACnet application layer and network layer written in Python for daemons, scripting, and graphical interfaces.
 
+## {PROFINET}
+### Protocol Implementation
+* [Profinet - Python](https://github.com/devkid/profinet) - Simple PROFINET implementation in python
+* [Profinet - C](https://github.com/kprovost/libs7comm) - PROFINET implementation in C
+* [Profinet Explorer](https://sourceforge.net/projects/profinetexplorer/) - Simple PROFINET explorer written in C#
+
+### Fuzzing
+* [ProFuzz](https://github.com/HSASec/ProFuzz) - Simple PROFINET fuzzer based on Scapy
+
 ## Modbus
 ### Protocol Implementation
 * [pyModBus](https://github.com/bashwork/pymodbus) - A full modbus protocol written in python.
@@ -30,7 +39,7 @@
 ## 61850
 ### Protocol Implementation
 * [libIEC61850](http://libiec61850.com/libiec61850/) - open source library for IEC 61850.
-* [rapid61850](https://github.com/stevenblair/rapid61850) - Rapid-prototyping protection and control schemes with IEC 61850 
+* [rapid61850](https://github.com/stevenblair/rapid61850) - Rapid-prototyping protection and control schemes with IEC 61850
 
 ### Tools
 * [IEDScout](https://www.omicronenergy.com/en/products/all/secondary-testing-calibration/iedscout/noc/1/) - IEDScout provides access to 61850-based IEDs and can simulate entire Ed. {1,2} IEDs. Specifically, IEDScout lets you look inside the IED and at its communication. All data modeled and exchanged becomes visible and accessible. Additionally, IEDScout serves numerous useful tasks, which could otherwise only be performed with dedicated engineering tools or even a functioning master station. IEDScout shows an overview representing the typical workflow of commissioning, but also provides detailed information upon request. **[commercial]** Free 30 day evaluation license.
@@ -48,4 +57,3 @@
 * [AFL](http://lcamtuf.coredump.cx/afl/) - American fuzzy lop is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary.
 
 (creative commons license)
-

pcaps/profinet/Profinet_Connect.pcap

@@ -15,5 +15,7 @@
 ### Network
 * [GRASSMARLIN] (https://github.com/iadgov/GRASSMARLIN) - GRASSMARLIN provides IP network situational awareness of industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks to support network security. Passively map, and visually display, an ICS/SCADA network topology while safely conducting device discovery, accounting, and reporting on these critical cyber-physical systems.
 
-(creative commons license)
+### Protocols
+* [TruffleHog](https://github.com/TruffleHog/TruffleHog) - A network analysis tool that works together with snort to visually represent a PROFINET network graph.
 
+(creative commons license)

pcaps/profinet/Profinet_Failed.pcap

@@ -11,6 +11,9 @@
 ## IDS Signatures
 * [Quickdraw ICS IDS](http://www.digitalbond.com/tools/quickdraw/) - Digital Bond’s original research project was to develop a set of IDS rules for SCADA protocols. The initial rules for Modbus TCP and DNP3 have now been enhanced for EtherNet/IP, Vulnerability rules and Device Specific rules. Quickdraw also includes Snort preprocessors and plugins that allow rules for more complex control system protocols.
 
+## IDS Extensions
+* [Profinet for Suricata](https://github.com/rain8841/Suricata_Profinet_MOD) - Profinet extensions for Suricata
+
 ## IoC Tools
 * [FireEye IoC Editor](https://www.fireeye.com/services/freeware/ioc-editor.html) - IOCs are XML documents that help incident responders capture diverse information about threats, including attributes of malicious files, characteristics of registry changes and artifacts in memory. The IOC Editor provides an interface for managing data, including: 1) Manipulation of the logical structures that define the IOC, 2) Application of meta-information to IOCs, including detailed descriptions or arbitrary labels, 3) Conversion of IOCs into XPath filters, and 4) Management of lists of “terms” used within IOCs.