https://vimeo.com/118627217/ Alexander Bolshev of Digital Security in Russia gave a great talk at S4x14 on exploiting vulnerabilities in the HART protocol and devices. His latest research is testing a large number of field devices accessible via the...
I thought I would write a quick post to share some interesting web logs. I set up a very temporary server to make the CANBus Hacking class materials available for attendees. The server was available for about a week and not connected to anything or linked from...
S4 in January is a great way to start off a new year. This year I had a session entitled “Remote Control Automobiles” where I analyzed an OBD-II dongle from Progressive that is designed to track vehicle usage for insurance purposes. It’s a...
Today we posted the video of Corey Thuen’s S4x15 Technical Session on the insecure by design Progressive Snapshot dongle. Progressive responded with a statement to a Forbes reporter: if an individual has credible evidence of a potential vulnerability...
While at S4, Digital Bond Labs had a security advisory published by ICS-CERT (see ICSA-15-013-03). One thing that we tried to do differently with releasing information on the issue this time around was to reach out to vendors that were obviously using...
LtCol William Hagestad Jr. of Red Dragon Rising brought his expertise on China and Iran to ICSage. The session includes briefings on Iranian and Chinese offensive cyber security efforts with some interesting Q&A on both....
Bryan Singer and Lily Glick start off the S4 Technical Sessions with a great presentation they named The Pragmatic Pwn of ICS. They focus on the engineering aspects of a cyber attack and the defense of a process using a distillation column (making 80...
Here is my short, 13-minute introduction to S4x15. After going into a brief review of S4x12, x13 and x14, it covers the theme of S4x15 and where ICS security research is heading. https://vimeo.com/117940030/ Assume an attacker has gained a presence on the ICS, such as...
Stephen had an article yesterday on the ICS Village / Capture The Flag (CTF) competition at S4x15. We also will be putting up a page with more info on the flags, techniques and pcaps in the next week. In the meantime, check out the interview with the winning team....
This year at S4x15, Digital Bond set out to create an ICS Capture The Flag, or CTF. Flags were created to simulate real world situations that an attacker would encounter if he targeted an ICS. By the end of the CTF, there were over 30 teams playing. Most of the...
