Logo
 
ICS/OT SECURITY R&D PROJECTS BY CLINT BODUNGEN (@R1ngZer0)
   
Project Description

ThreatGEN® Red vs. Blue - Multiplayer Cybersecuirty Gamification

VERSION 1.5 and the IR TABLETOP EXERCISE MODULE will be out soon!   

What do you get when you cross cybersecurity training and online multiplayer gaming? This! Combining our passion for computer security, hacking, and computer games, we have created the world's first online multiplayer red team vs. blue team computer security training game that is completely based on real-world cybersecurity. No, this is not "Uplink" or "Hacker Evolution". This is head-to-head, human-on-human, cyber warfare "RISK" in the form of an online multiplayer computer game. No hacking or programming experience? No problem! We have designed a revolutionary new way for anybody and everybody to play the part of the red team with no learning curve, and without sacrificing methodology fidelity. We have a Steam edition and a professional edition that uses web browser cloud delivery and has expanded features such as multi-seat licensing, player/student analytics, LMS integration, labs & exercises, a tournament bracket system, and more! Professional edition for individuals and students you ask? That is coming very soon!

Visit the official website for more information

Or, check out the Steam edition here:


ThreatGEN® Red vs. Blue: BASE (Coming Soon)

ThreatGEN's Breach and Attack Simulation Engine (BASE) is the world's most advanced and scalable cyber range for both enterprise and ICS/OT cybersecurity. More information will be released later in 2021.

"Hacking Exposed, Industrial Control Systems: ICS and SCADA Security Secrets & Solutions"

Part of the McGraw Hill's infamous "Hacking Exposed" series, "Hacking Exposed: Industrial Control Systems" is a detailed technical reference that takes the reader through a keystroke by keystroke guided lesson on penetration testing an ICS environment using the same advanced techniques and methodology of a real-world hacker. Other key concepts are: How to setup and manage an ICS penetration testing project, how to perform a penetration test that is safe for ICS environments, ICS risk assessment/analysis methodologies, and how to defend against the attacks covered.

Publisher: McGraw-Hill Education
ISBN-10: 1259589714
ISBN-13: 978-1259589713
Authors: Clint Bodungen, Bryan Singer, Aaron Shbeeb, Kyle Wilhoit, Stephen Hilt
Release Date: Sept. 16, 2016

>>Available Here<<


Industrial Vulnerability Scoring System (IVSS)

IVSS is a replacement for the Common Vulnerability Scoring System (CVSS) used throughout the cybersecurity industry to score vulnerabilities. However, IVSS is meant specifically for industrial environments such as industrial control systems (ICS), supervisory control and data acquisition systems (SCADA), and operational technology (OT). Why is a replacement needed for industrial systems? Because the CVSS base and environmental scores focus primarily on data confidentiality, integrity, and availability (CIA). Industrial risk scoring uses a more granular, consequence-based metric. For example, while information (more specifically, data) integrity and availability (and confidentiality to some extent) is still important to industrial systems, it is not the primary focus. Rather, how vulnerabilities could effect the ability to view, monitor, and control industrial systems, as well as how they could impact overall system operability, is of far greater importance. This is because if these systems malfunction, the consequences are not only monetary, but could also impact human and environmental safety. Therefore, IVSS aims to use metrics more closely related to a hazards analysis for industrial systems.

"Complete Industrial Cybersecurity Program Management: A Guide to Practical ICS/OT Cyber Risk Management"

This book has been put on hold until further notice.

Publisher: McGraw-Hill Education
ISBN-10: TBD
ISBN-13: TBD
Authors: Clint Bodungen
Release Date: TBD

S4x18 Conference Video: "CrashOverideBowmanDragonfly"

I returned at S4x18 with yet another almost truthful documentary related to cyber security. this time I examine the art and pseudoscience of malware naming conventions.

>>Watch Here<<

S4x17 Conference Video: "History of ICS [In]security Farce"

A unique look at the history of ICS cyber security, or lack thereof, presented as a comical parody produced specifically for the S4x17 conference.

DISCLAIMER: Some of the jokes are "inside jokes" directed towards the ICS cyber security community and, in many cases, specifically toward some of the S4x17 audience.

>>Watch Here<<

   

Copyright © 2003-2021, Clint Bodungen