OPC UA Deep Dive Series (Part 5): Inside Team82’s Research Methodology

Team82 details their OPC UA research methodology, describing lab setup, target mapping, custom and coverage-based fuzzing, manual/specification-driven analysis, and reverse engineering that led to the discovery and disclosure of ~50 vulnerabilities across ~15 protocol stacks affecting hundreds of products; they also developed multiple universal exploit techniques, open-source fuzzing tools, and plan to release an OPC UA exploit framework, and they note coordination with vendors and improvements to specs following disclosure.