We hear all the time about the lifecycle of ICS software and hardware being measured in decades rather than years. So even if new code goes through a security development lifecycle (SDL), the ICS community has a large amount of legacy code with latent vulnerabilities...
The NY Times reported NSA Devises Radio Pathway Into Computers. This program fits perfectly into my Preparation and Persistence talk at ICSage and the motivation behind the PLCpwn. I’ll have more on this when we post the PLCpwn video, but readers can think about...
As discussed in an earlier blog, attendees of S4x14 wanted to interact with ICS devices they may not have seen before, or even in some case just wanted more practice with devices they know quite well. It also allowed people from the novice to the advanced to have...
We decided to move up the release of Adam Crain / Chris Sistrunk S4x14 video because DISTRIBUTECH is next week in San Antonio. This is a big electric sector event and the DNP3 Technical Committee meets in conjunction with this event. The story of vulns in the DNP3...
Jason kicked off S4x14 with an instant classic S4 talk, and not because it spawned a lot of triangle jokes. 4kB of free space. That is all Jason had on this sensor to implement the attack and whatever measures to hide the attack from the operator. This is not enough...
At the S4x14 conference in Miami this past week, Alexander Bolshev of ERPScan gave an presentation on his work on the Highway Addressable Remote Transducer protocol (HART). HART is a commonly used industrial protocol for communication over legacy 4-20 ma...
Last Monday was a busy day for Digital Bond and volunteers at S4x14 setting up the ICS Village. Starting with laying out and setting up networks for attendees of the conference to utilize to reach the devices inside the ICS Village. As shown in previous blogs, there...
The ICS Security Research Community is healthier than it has ever been. That’s my conclusion based on the S4x14 sessions and what I discuss in my 11-minute mini-keynote you can watch below. http://vimeo.com/84615727 S4x13 was all about 0days. Session after...
Every year we invite a small number of press to cover S4. We typically pick a couple from the technical press and others from the more mainstream press, and we try to get reporters with a history of covering ICS security. This is not only because they are likely to...
<<< ICSage on Friday is sold out, but there are still spots available for S4x14 and OTDay. Register now.>>> The ICS Village is another new addition to S4 in 2014. We want to provide an environment where attendees can attack, defend and interact with...
