My topic " OT Hunt: Nordex NC2 " This is part of my research on hunting OT devices online.

https://zerontek.com/zt/2023/07/12/ot-hunt-nordex-nc2/

#icscybersecurity #otsecurity #windfarm

In my last post, I mentioned some cool things to come in 2023... so let's gooo! 🙌

In my research analyst role at SANS, I'm running a survey through March 28 on OT/ICS visibility-- and I want to hear from the community! We're looking for experts to share their perspective on IT and OT visibility, #industrial organizations and their SOCs, as well as detection capabilities across IT and OT networks. We'll share the findings in a public report released later this year so everyone can leverage the insights to help improve their OT visibility program.

Link to survey ➡ https://sans.org/u/1pqp

If driving our industry's detection capabilities is not enough incentive for you, don't worry, there's more! All respondents will be entered for a chance to win a $250 Amazon gift card for participating!

#otcybersecurity #otsecurity #ICSCybersecurity #soc #detection

I'm pleased to announce our new paper has been published! This work discusses a technique, and subsequently presents a proof of concept, for scanning for vulnerabilities within PLC control logic. As I've mentioned through numerous talks and work recently, traditional enterprise focused reconnaissance, enumeration, and vulnerability scanning techniques are inadequate against OT and provide very little information on OT-specific vulnerabilities. This tool goes further than typical network scanning to understand where the control logic itself may have vulnerabilities. Read the paper here:

https://www.sciencedirect.com/science/article/pii/S0167404823000263

We hope this work is just the first step in tooling to improve the state of in-PLC vulnerabilities and PLC programming practices, greatly reducing the exploitability of OT moving forward.

#otcybersecurity #icscybersecurity #icssecurity #plcprogramming #cybersecurity

If I answered some questions about Industrial Control System cybersecurity and cyberattacks during my downtime today, what would you like to know?

Some background - my expertise is in incident response and digital forensic investigation of hacking of infrastructure systems - like power, water, manufacturing, oil and gas, transportation, agriculture, etc. There aren’t a lot of people who specialize in this. My company provides consulting and products to do cybersecurity for weird stuff that powers critical infrastructure like PLCs and SCADA. These networks are quite different than enterprise IT, and doing security in them can be challenging.

My own background is pretty left field as expected, with degrees in Networks, Electronics, and Avionics. I’ve been doing this for a while now. What would you like to know?

#cybersecurity #DFIR #ics #CriticalInfrastructure #ICSCybersecurity #IndustrialControl