Research and PR and ICSsec Frenzy

If you had any doubts about the thirst for ICS security news in the press, this week’s articles on some research from NC State provided a vivid demonstration. NC State puts out a press release on some early research, far away from anything that can be purchased,...

Scanning PLC Devices – PLCScan

PLCScan is a utility that was released by scadastrangelove to help identify PLC devices. It does so by acting as a port scanner to see if two common ports are open and then decides what to do based on the availability of the ports. Documented within The Rack is...

John The Ripper – S7 Password Cracking

At S4x13, Scadastrangelove (@scadasl) released a offline brute force password cracking script (http://pastebin.com/0G9Q2k6y). Shortly after the script was released the functionality from that script was added into John The Ripper. Documented in The Rack is how John...

Friday News & Notes

I asked Eyal Udassin of C4-Security in Israel to comment on the ICS hack disclosed this week. “The hack isn’t something for the books. It’s of small kibutz named Sa’ar in the northern part of Israel, indeed from a year ago. The operator had a remote access...

S4x13 Video: Detecting 0-Day Attacks with Non-Signature IDS

Damiano Bolzoni’s of Security Matters presented Detecting 0-Day and Targeted Attacks on ICS with Non-Signature Based IDS. While the quantitative mode of anomaly detection, looking at the quantity of packets, has had some success, qualitative approach has...

Last Call: Cyber Security Training in Chicago

There are several seats still available for the upcoming Cyber Security for Power Generation training outside of Chicago.  The one-day course is specifically designed for those engineers and IT professionals responsible for securing a power plant DCS and balance...

Response Fuzzing

Fuzzing, as a practice, has been around for a while. Throw garbage at an input to a program and see what falls apart. Analyze the crashes and dumps, and see if any involve commonly exploitable issues, such as buffer overflows, off by one errors, etc. I’ve seen...

Review of ISA-62443-3-2 Security Risk Assessment and System Design

A draft of ISA-62443-3-2 is out for comment now. Previously it was called Zones and Conduits, but the latest draft recommends a title change to Security Risk Assessment and System Design. The recommended new title is more accurate for the content. Readers looking for...

Friday News & Notes

Apologies for being late with the Friday News & Notes this week. I spent the end of last week getting some inspiration from people that achieve amazing things through passion and incredibly high standards in unrelated fields. Heise, a major German publisher,...

Practice Practice Practice

A lot has been said about the effectiveness of awareness training recently.  While Training and awareness are necessary to build a solid foundation, practicing with real tools and hardware elevates your knowledge and hones your craft. As part of my series about...