At S4x14 this year, there was a great talk about using an Ardunio Shield to communicate via the HART Protocol by Alexander Bolshev. Michael Toecker Blogged about this talk earlier, read his blog for more details about the talk. As the talk shows the Ardunio shield is...
PLCpwn is a Digital Bond project that Stephen Hilt led and presented at S4x14. It was inspired by the Power Pwn that we had used with a number of clients to help them realize ignoring the physical security perimeter might be a mistake. http://vimeo.com/85668729...
After hearing about PLCpwn, S4 vet Jake Brodsky over on SCADA Perspective wrote “Only problem: If you have physical access to the network of a PLC or to the PLC itself, you own it. End of story. That’s very unlikely to change.” While the ICS...
A very brief Friday News and Notes … Critical Intelligence reports that Shodan is now scanning the default PROFINET port (TCP/34962). Last September Shodan added DNP3 to its scan list. S4x13 vet Ali Abbassi has released a “very basic Modbus fuzzer”...
We encourage passionate disagreement and promotion of new, maybe slightly crazy concepts at S4 through Unsolicited Responses. Attendees can submit their idea for a 5 minute talk, with or without slides, at the event. Some are serious; some are funny. Normally we...
Eric Byres suggested we take our back and forth from the blogs to the stage at S4x14. I had 5 minutes to explain why SCADA Apologist, as I claim Eric is, are a major impediment to progress in ICS security. Then Eric had 5 minutes to respond why he was a SCADA Realist...
With all the furor about S4 over the past week, our readers may have missed some of the developments on the NERC CIP front. Last week, NERC and electric power representatives (and a bunch of us consulting folks) met in both Phoenix and Atlanta for a one-day conference...
We hear all the time about the lifecycle of ICS software and hardware being measured in decades rather than years. So even if new code goes through a security development lifecycle (SDL), the ICS community has a large amount of legacy code with latent vulnerabilities...
The NY Times reported NSA Devises Radio Pathway Into Computers. This program fits perfectly into my Preparation and Persistence talk at ICSage and the motivation behind the PLCpwn. I’ll have more on this when we post the PLCpwn video, but readers can think about...
As discussed in an earlier blog, attendees of S4x14 wanted to interact with ICS devices they may not have seen before, or even in some case just wanted more practice with devices they know quite well. It also allowed people from the novice to the advanced to have...
