S4_Call
AAA  AAA 

Archive for 'Site Info'

Inaugural Issue of Control System Security Quarterly

I’m pleased to announce a new quarterly e-report from Digital Bond named – – Control System Security Quarterly. Take a look at this two-page document that describes the publication and the feature stories in the inaugural 3rd Quarter edition.
Our goals with this are two-fold.
1. Identify the control system security stories and issues from each quarter [...]

Research Presentation from EnergySec

I’m out at EnergySec in Seattle and gave a 1 hour presentation yesterday on our Bandolier, Portaledge and Quickdraw presentation. Here is a link to the presentation.
Our approach to control system security research is to extend existing tools and applications in two ways.
1. Add control system intelligence to existing IT security tools.
Bandolier extends the the [...]

Blog Post 1000

We had to note a minor milestone. This is the 1000th blog post.
The raw number of posts has never been a goal here, and the team specifically avoids short posts with links unless we are breaking news or its in a compilation Friday News and Notes blog post. The instructions for the team are simple [...]

Tweeting at S4

I started my tweeting at S4. Today is the Advanced Security Testing of Control System Components, tomorrow and Thursday at the S4 event. Follow me on twitter for running commentary on the event.

September SCADApedia Entries

SCADApedia – – all can read – – subscribers can write.
New entries in September:

ABB PCU400 Remote Buffer Overflow
Bandolier Severity Ratings
Best Practices for Firewalls in Digital Control and SCADA Systems
Exploit Frameworks
OPC UA
PI TCPResponse Interface
Portaledge Event Taxonomy
Portaledge: Availability Event Class
Portaledge: Enumeration Event Class
Quickdraw Security Events
Security Conferences
Vulnerability Exploit IDS Signatures
Windows Management Instrumentation

A number of [...]

Digital Bond Turns Ten

Digital Bond opened our doors ten years ago today on Sept 28, 1998. Like most businesses, Digital Bond morphed over time.
Gen 1 was a company designing a smart card solution to secure Internet brokerage transactions. We actually did pharming demonstrations with brokerage sites back in 1999, but we were never able to get the large [...]

A Quick Rundown on Exploitaiton Frameworks

It occurred to me as I was writing up the previous post that there’s probably a good chance that some of our readers aren’t familiar with Metasploit or other exploitation frameworks, so I’ve created a SCADApedia page outlining the basics and giving a brief description of the more popular platforms. I’ve used Metasploit for a [...]

August SCADApedia Entries

SCADApedia – – all can read – – subscribers can write.
New entries in August:

ARP Backscatter
ArpScan
EtherCAT
Field Device Fingerprinting
FL-net
Foundation Fieldbus HSE
PROFIBUS/PROFINET
Quickdraw Security Events

A number of the other pages have been updated as well.
You may also want to look at All Pages or the links to Control System Vulnerability Notes or the links to Digital Bond’s Research Projects.

Warning: Petty Post

Ok. I’m going to break the rules. I always tell the team be clear on the facts, explain your opinions, you own what you write, and above all avoid personal attacks on the blog.
I actually held back when I saw Joe Weiss’s blog post, which followed a Walt Boyes blog, castigating DHS, DoE, and a [...]

July SCADApedia Entries

SCADApedia – – all can read – – subscribers can write.
New entries in July:
Black Box Testing

Common Attack Pattern Enumeration and Classification (CAPEC)
Control System Port List
DNP3
PI Ping Interface
SCADA Honeywall
Security Content Automation Protocol (SCAP)
White Box Testing

Changes to many pages including: Bandolier, Bandolier User Guide for Nessus, Digital Bond Research Projects, ISA99 Part 4, List of Bandolier Audit [...]