The ICS Security Research Newsletter has been dormant for a while now, but Reid Wightman and the team at Digital Bond Labs has resurrected it. They are committed to at least a quarterly issue in 2015. The first issue for 2015 includes: Information on the IBAL...
We had Kim Zetter on stage for an interview at ICSage during S4x15 Week to discuss her new book: Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon. This first 2015 episode of the Unsolicited Response Podcast features that...
The ARC Advisory Group invited me to participate in one of the security panels at the annual ARC Forum this week in Orlando. It’s an event I always wanted to check out so I spoke and attended. Here are some brief thoughts from the event. The best part of the...
Digital Bond Labs has been using the IDA Pro API to extend it and make it even more useful for gray / black box testing. At S4x15 Reid Wightman, who heads up the Labs, introduced the first IDA Binary Analysis Library (IBAL) that are released for public consumption on...
https://vimeo.com/118627217/ Alexander Bolshev of Digital Security in Russia gave a great talk at S4x14 on exploiting vulnerabilities in the HART protocol and devices. His latest research is testing a large number of field devices accessible via the...
I thought I would write a quick post to share some interesting web logs. I set up a very temporary server to make the CANBus Hacking class materials available for attendees. The server was available for about a week and not connected to anything or linked from...
S4 in January is a great way to start off a new year. This year I had a session entitled “Remote Control Automobiles” where I analyzed an OBD-II dongle from Progressive that is designed to track vehicle usage for insurance purposes. It’s a...
Today we posted the video of Corey Thuen’s S4x15 Technical Session on the insecure by design Progressive Snapshot dongle. Progressive responded with a statement to a Forbes reporter: if an individual has credible evidence of a potential vulnerability...
While at S4, Digital Bond Labs had a security advisory published by ICS-CERT (see ICSA-15-013-03). One thing that we tried to do differently with releasing information on the issue this time around was to reach out to vendors that were obviously using...
LtCol William Hagestad Jr. of Red Dragon Rising brought his expertise on China and Iran to ICSage. The session includes briefings on Iranian and Chinese offensive cyber security efforts with some interesting Q&A on both....
