Logo
 
ICS SECURITY R&D PROJECTS BY CLINT BODUNGEN (@Z_Kr4K3n)
   
Project Description

ThreatGEN™ Red vs. Blue - Multiplayer Cybersecuirty Training

What do you get when you cross INFOSEC training, hacking, and multi-player online gaming? This! Combining our passion for computer security, hacking, and video game development, we have created the world's first (we think) online multi-player red team vs. blue team computer security training simulator. No, this is not "Uplink" or "Hacker Evolution". This is head-to-head, human-on-human, cyber-warfare "RISK" in the form of an online multi-player computer game... in the cloud. No hacking or programming experience? No problem! We have designed a revolutionary way for anybody and everybody to play the part of the red team with no learning curve, and without sacrificing methodology fidelity.

  • Learn how to deploy defenses against a live adversary strategizing against you.
  • Learn the methods and techniques of a cyber-threat as you figure out how to penetrate your target's defenses, navigate through their network, and gain control of their operations.


ThreatGEN™ Cyber Range - Industrial Cyber Range & Training Simulator

As an extension to PCAP3D, ThreatGEN™ (a.k.a. "SimICS") is designed to receive actual ICS/SCADA protocol data from real-world devices. It then adds realistic, fully interactive, 3D models of pipelines, tanks, well heads, a refinery, electrical substations, and an offshore platform (all with full walk-through capability) to the environment. These environments are coded with realistic physics that provide visual feedback for penetration testing training/labs, hacking demonstrations, red team/blue team exercises, and more. Users can cause several safety hazards and disasters such as pipes exploding and tanks overflowing by exceeding physical limits and thresholds. Future plans for ThreatGEN will be the ability for users to configure custom layouts/environments, and support for Oculus Rift, allowing users to experience the environment in immersive virtual reality.

>>View Screenshots<<

>>ThreatGEN™ Cyber Range is a specific implementation based on the PhysicsGEN platform originally developed by Clint Bodungen and now owned and maintained by Derezzed LLC.<<

"Hacking Exposed, Industrial Control Systems: ICS and SCADA Security Secrets & Solutions"

The next title in McGraw Hill's infamous "Hacking Exposed" series, "Hacking Exposed: Industrial Control Systems" is a detailed technical reference that takes the reader through a keystroke by keystroke guided lesson on penetration testing an ICS environment using the same advanced techniques and methodology of a real-world hacker. Other key concepts are: How to setup and manage an ICS penetration testing project, how to perform a penetration test that is safe for ICS environments, ICS risk assessment/analysis methodologies, and how to defend against the attacks covered.

Publisher: McGraw-Hill Education
ISBN-10: 1259589714
ISBN-13: 978-1259589713
Authors: Clint Bodungen, Bryan Singer, Aaron Shbeeb, Kyle Wilhoit, Stephen Hilt
Release Date: Sept. 16, 2016

>>Now Available Here<<

"DIY SITUATIONAL AWARENESS - Exploring Open-Source ICS Asset Identification and 'Anomaly Detection' Solutions"

A multi-part series that follows our progress as we evaluate and explore open source options for Industrial Control Systems (ICS) Situational Awareness tools, which includes asset identification, network security monitoring (NSM), and anomaly detection. Specific topics include: Using GrassMarlin, extending GrassMarlin with the ELK stack, corralative analysis techniques, an anomaly detection and machine learning primer, and more.

>>Read Here<<

S4x18 Conference Video: "CrashOverideBowmanDragonfly"

I returned at S4x18 with yet another almost truthful documentary related to cyber security. this time I examine the art and pseudoscience of malware naming conventions.

>>Watch Here<<

S4x17 Conference Video: "History of ICS [In]security Farce"

A unique look at the history of ICS cyber security, or lack thereof, presented as a comical parody produced specifically for the S4x17 conference.

DISCLAIMER: Some of the jokes are "inside jokes" directed towards the ICS cyber security community and, in many cases, specifically toward some of the S4x17 audience.

>>Watch Here<<

PCAP3D

A 3D network traffic visualization interface using a modern gaming engine to display real-time network nodes and traffic, from any angle, in 3 dimensional space. Use cases are: network monitoring, intrusion detection/analysis, capture the flag (CTF) contests, red team/blue team exercises, and as an alternative visual interface for penetration testing tools such as Metasploit.

>>This project will resume soon...<<

Pwn3D

Pwn3D leverages PCAP3D along with a heads-up display (HUD) to provide an almost “Hollywood” like penetration testing/hacking experience. Users can craft packets, sniff networks, perform man-in-the-middle attacks, scan systems, and much more using a touch screen 3D environment. Support for Metasploit modules and Oculus Rift is currently being developed.

>>This project will resume soon...<<

   
Copyright © 2011-2019, Clint Bodungen