In my talk way back at S4x15 I briefly mentioned a few techniques at identifying interesting parts of an application for reverse engineers. A lot of times we as reverse engineers load up a firmware or DLL or executable. We want to get hunting for bugs as quickly...
We generally do not allow product presentations at S4, but occasionally there is a technology that is novel or potentially important that we make an exception. For example, we had Kaspersky present on their ICS operating system at S4x15. A second exception was made...
Billy Rios of Laconicly joined me on the Unsolicited Response Podcast to discuss two topics: WhiteScope – an online ICS/SCADA whitelist that is trying to solve the last mile supply chain problem until vendors start signing their code. The WhiteScope data...
In part 1 we looked at what CAN is and what the difference between CAN and OBDII traffic is on a vehicle network. In this part we’re going to look at simple reverse engineering techniques to determine which CAN IDs are of interest to us. For this exercise, we’d like...
Save the date: S4x16 is January 12-16 S4x16 is moving to the Fillmore Miami Beach at Jackie Gleason Theater in the heart of South Beach. It’s literally 3 blocks from the beach, 1 block from Lincoln Road and right in the middle of all the SoBe...
I thought I’d take a step back after releasing tools and presenting on CAN to do a quick intro into what communications are going on inside a vehicle anyway. What is CANBus? What is OBDII? Is there a difference? We’re going to skip all the electrical fun parts, the...
Belden buys Tofino, GE buys Wurldtech, Lockheed Martin buys Industrial Defender and now iSight Partners acquires Critical Intelligence. The trend continues of larger organizations buying ICS security expertise. Bob Huber and Sean McBride left Idaho National Labs...
At S4x14 Adam Crain of Automatak, along with Chris Sistrunk, presented the results of their Project Robus that fuzzed DNP3 stacks and found most had problems with processing malformed or illegal responses. This year at S4x15 Adam talked about Avoiding Insecurity...
Part 1 covered the need to pull and publish more useful information from the gathered ICS incident and vulnerability data. Part 2 covers “Are the numbers intentionally misleading? 245 Incidents Reported To ICS-CERT in 2014 Means What? The big statistic picked up...
“There are three kinds of lies: lies, damned lies, and statistics.” Mark Twain (purportedly quoting Benjamin Disraeli) The latest edition of the ICS Monitor, last week’s USA Today articles and the reemergence of Joe Weiss’s secret database...
