Our Stephen Hilt released another Project Redpoint script as part of his DerbyCon presentation on Sunday. Modicon-info.nse will identify PLC’s and other Schneider Electric/Modicon devices on the network and then enumerates the device. The script pulls...
There is a truism in information security, and it is that everything will eventually be found to be vulnerable. I believe the lesson here should be, ‘plan to patch.’ It is tragically common in the embedded device space that vendors don’t take...
The clock is ticking to get your session proposal in for S4x15 Week. Take a look at the full CFP and get it in by October 1. We don’t just wait for the CFP responses. We actively chase down researchers and topics. So if you see something that is S4-worthy please...
David Perera of Politico released a good article yesterday on the difficulty of taking out the electric grid. Unfortunately the headline writers missed the mark, “US Grid Safe From Large Scale Attack, Experts Say”, and it is difficult to write two very...
We have been working with author Rob Lee and the very helpful Richard Stiennon to translate SCADA and Me – a book for children and management into Japanese. Attendees at our S4xJapan, Oct 14-15 in Tokyo, will receive a free copy of this fun book. It’s...
I spoke at the inaugural ArchC0n in St. Louis this Saturday. The main reason I chose to go to this IT security event was they had Richard Bejtlich, Bruce Schneier and Charlie Miller as keynotes. Quite a haul for the first run. Here are some of the items that I wrote...
The agenda is up and registration is open for the first S4xJapan, Oct 14-15 in Tokyo. There is space for 100 people so register now to get your spot. Tuesday, October 14th is Operations Technology day (OTDay). Attendees will learn proven techniques to run a reliable...
The S4xJapan registration, Oct 14-15, opens on Monday morning, Tokyo time. We have been working hard to make this a Japanese event in terms of session focus, language and fun. For example, Kaspersky generously translated their KIPS experience into Japanese for the...
For my first blog post at Digital Bond I’m going to break The Rule and talk about what happened in Vegas. Every year I head to Las Vegas in early August for DEF CON. Usually I’m participating with my fine teammates in the capture-the-flag competition but this year we...
Last week Stephen made a minor, but very helpful, update to the Redpoint script that identifies and enumerates BACnet gateways and devices. All publicly available Redpoint scripts are on our GitHub, and some of the scripts have been integrated into the nmap download....