The S4xJapan registration, Oct 14-15, opens on Monday morning, Tokyo time. We have been working hard to make this a Japanese event in terms of session focus, language and fun. For example, Kaspersky generously translated their KIPS experience into Japanese for the...
For my first blog post at Digital Bond I’m going to break The Rule and talk about what happened in Vegas. Every year I head to Las Vegas in early August for DEF CON. Usually I’m participating with my fine teammates in the capture-the-flag competition but this year we...
Last week Stephen made a minor, but very helpful, update to the Redpoint script that identifies and enumerates BACnet gateways and devices. All publicly available Redpoint scripts are on our GitHub, and some of the scripts have been integrated into the nmap download....
Digital Bond has started backing Kickstarter projects in order to build up our rack of security assessment and research tools. One of our recent deliveries is the RFIDler, a low-cost 125khz and 134khz RFID tool. RFIDler is an interesting project because it...
The US National Institute of Standards and Technology (NIST) is looking to award contracts to build one or more Reconfigurable Control System Cyber Security Testbeds, see diagram below. This could be useful for basic education, that a lot of University programs are...
I am very happy to announce that Corey Thuen will be joining Digital Bond Labs as a researcher and consultant. Long-time followers of Digital Bond and the S4 conference will know Corey as co-creator of, “SCADA from Scratch,” a project he...
Kaspersky issued a research report on Havex they called Energetic Bear – Crouching Yeti after the threat actor. It’s probably worth it’s own post and worth reading but here are three highlights. On page 15 (HT: Damiano Bolzoni) they describe the...
You are pounded with the message: ICS security is different than IT security. The fact is the Operations Technology (OT) in an ICS is a mission critical / high value IT system and needs to be treated like one. Don’t let the ICS is different argument allow you to...
I was talking a while ago to Justin Engler, a friend who also happens to be a really talented web app and mobile app security researcher, about the popping-up of ICS management software for mobile devices. He theorized that mobile apps for ICS would be an interesting...
After the PG&E substation shooting, FERC had ordered NERC, as the ERO, to develop and submit a Physical Security Reliability Standard within a very short time frame for this type of work. NERC complied and now FERC says they will approve the standard with two...
