Alexander Polyakov and Mathieu Geli of ERPScan presented some interesting research on vulnerabilities in ERP application software that could be used to attack ICS last week at BlackHat Europe in Amsterdam. In particular, the researchers have discovered vulnerabilities...
Immediately after the last speaker at S4x16, at 4:30 on Thursday Jan 14th, we will be having a craft beer bash at the Jackie Gleason Theater where S4x16 is held. More details to come on what brewers are being included, but I know many of you are making airplane...
Idea: Set of wireless sentinels to identify and locate jamming attempts in or around a plant site. The big two industrial wireless protocols are WirelessHART and ISA100.11A. Unlike most ICS protocols they are not insecure by design. They have encryption and...
S4 Web Page: https://s4xevents.com/ 1. It has the most detailed technical content and bleeding edge offensive and defensive security presentations. Watch the videos or ask around if you need confirmation. Since 2007, S4 is where the best researchers around the world...
Corey Thuen lead a recent Labs research project focused on Serial-to-Ethernet gateways. Traditionally, remote field sites were connected to wide ICS and SCADA networks via serial connections. Leased serial lines are increasingly harder to come by, as telcos...
Recently we looked at a few ethernet-to-cellular and serial-to-cellular gateways for security issues by scavenging and analyzing firmwares from a few common vendors. These are devices that are targeted towards Industrial users (and, ironically, ATMs are also in...
A common problem that occurs when you provide an environment or playground is that the sheer number of choices is overwhelming. Providing a network full of PLCs, Historians, and other ICS equipment often results in an interested participant not actually participating...
My initial alarm on the term Industrial Internet of Things (IIOT) occurred at the ARC Forum this February. I was stunned that basic DCS, SCADA and other ICS functions that have been occurring for decades were called IIOT. In fact ARC was taking well understood, more...
We will provide five lucky students a free ticket to attend S4x16, Jan 12-14 in Miami South Beach. If you want one of these tickets send an email to s4@digitalbond.com and describe your ICSsec qualifications, any current related research project, and why you want...
Register for S4x16 Now We are pleased to announce another big name and interesting speaker for the S4x16 Main Stage. Richard Bejtlich, Chief Security Strategist of FireEye, will present The Revolution in Private Sector Intelligence as the closing Keynote of S4x16. You...
