Main fields of research include:
- Discovery of 0-day vulnerabilities in cyber physical systems and coordinated vulnerability disclosure;
- Security assessment of ICS protocols and development suites;
- Identification of publicly Internet-connected ICS components and secure it with help of proper authorities;
- Development of security hardening guides for ICS software;
- Mapping cybersecurity on to functional safety;
- Awareness control and delivery of information regarding the actual security state of ICS systems.
SCADA Strangelove's interests expand further than classic ICS components and covers various embedded systems, however, and encompass smart home components, solar panels, wind turbines, SmartGrid as well as other areas.
Group members have and continue to develop and publish numerous open source tools for scanning, fingerprinting, security evaluation and password bruteforcing for ICS devices. These devices work over industrial protocols such as modbus, Siemens S7, MMS, ISO EC 60870, ProfiNet.
The group has published security-hardening guidelines for industrial solutions based on Siemens SIMATIC WinCC and WinCC Flexible. The guidelines contain detailed security configuration walk-throughs, descriptions of internal security features and appropriate best practices.
Among the group’s more noticeable projects is Choo Choo PWN (CCP) also named the Critical Infrastructure Attack (CIA). This is an interactive laboratory built upon ICS software and hardware used in real world. Every system is connected to a toy city infrastructure, which includes factories, railroads and other facilities. The laboratory has been demonstrated at various conferences including PHDays, Power of Community, and 30C3.
Primarily the laboratory is used for the discovery of new vulnerabilities and for evaluation of security mechanisms, however it is also used for workshops and other educational activities. At Positive Hack Days IV, contestants found several 0-day vulnerabilities in Indusoft Web Studio 7.1 by Schneider Electric, and in specific ICS hardware RTU PET-7000 during the ICS vulnerability discovery challenge.
The group supports Secure Open SmartGrid (SCADASOS) project to find and fix vulnerabilities in intellectual power grid components such as photovoltaic power station, wind turbine, power inverter. More than 80 000 of industrial devices discovered and isolated from the Internet in 2015 
Most notable talks are:
An overview of vulnerabilities discovered in the widely distributed Siemens SIMATIC WinCC software and tools that are implemented for searching ICS on the Internet.
Implications of security research aimed at realization of various industrial network protocols Profinet, Modbus, DNP3, IEC 61850-8-1 (MMS), IEC (International Electrotechnical Commission) 61870-5-101/104, FTE (Fault Tolerant Ethernet), Siemens S7.
Presentations of security research showing the impact of radio and 3G/4G networks on the security of mobile devices as well as on industrial equipment.
Analysis of security architecture and implementation of the most wide spread platforms for wind and solar energy generation which produce many gigawatts of it.
China Internet Security Conference 2016
In "Greater China Cyber Threat Landscape" keynote by Sergey Gordeychik an overview of vulnerabilities, attacks and cyber-security incidents in Greater China region was presented. 
In talk "Hopeless: Relay Protection for Substation Automation" by Kirill Nesterov and Alexander Tlyapov security analysis results of key Digital Substation component - Relay Protection Terminals was presented. Vulnerabilities, including remote code execution in Siemens SIPROTEC, General Electric Line Distance Relay, NARI and ABB protective relays was presented. 
All names, catchwords and graphical elements refer to Stanley Kubrick’s film, Dr. Strangelove. In their talks, group members often refer to Cold War events such as the Caribbean Crisis, and draw parallels between nuclear arms race and the current escalation of cyberwar.
Group members follow the approach of “responsible disclosure” and “ready to wait for years, while vendor is patching the vulnerability”. Public exploits for discovered vulnerabilities are not published. This is on account of the longevity of ICS and by implication the long process of patching ICS. However, conflicts still happen, notably in 2012 when the talk at DEF CON was called off due to a dispute of persistent weaknesses in Siemens industrial software.
- GitHub: scada-tools ‹See Tfd›(in English)
- Shodan ICSmap Archived 2015-02-21 at the Wayback Machine
- Changelog for hydra
- GitHub: wincc_harvester
- Redpoint Release: Siemens S7 Enumeration
- Siemens Simatic WinCC Flexible 2008 Security Hardening Guide
- [POC2013-TV] 실제 스카다 시스템, 2시간 만에 해킹당해 
- Smart City Hacked at PHDays IV
- Secure Open SmartGrid (SCADASOS) Project
- Could hackers turn the lights out?
- SCADA STRANGELOVE or: How I Learned to Start Worrying and Love Nuclear Plants 
- Positive Hack Days III
- Positive Hack Days IV
- SCADA deep inside: protocols and security mechanisms Archived 2014-12-19 at the Wayback Machine
- Root via SMS
- CCCTV: Too Smart Grid in da Cloud
- The Great Train Cyber Robbery
- Greater China Cyber Threat Landscape
- Vulnerable industrial controls directly connected to Internet? Why not?
- Siemens industrial software targeted by Stuxnet is still full of holes