Project Description

"Complete Industrial Cybersecurity Program Management: A Guide to Practical ICS/OT Cyber Risk Management"

Description and image unavailable but will be available soon.

Publisher: McGraw-Hill Education
Authors: Clint Bodungen
Release Date: Q3 2021


Industrial Vulnerability Scoring System (IVSS)

Description and image unavailable but will be available soon.

ThreatGEN™ Red vs. Blue - Multiplayer Cybersecuirty Training


What do you get when you cross INFOSEC training, hacking, and multi-player online gaming? This! Combining our passion for computer security, hacking, and video game development, we have created the world's first (we think) online multi-player red team vs. blue team computer security training simulator. No, this is not "Uplink" or "Hacker Evolution". This is head-to-head, human-on-human, cyber-warfare "RISK" in the form of an online multi-player computer game... in the cloud. No hacking or programming experience? No problem! We have designed a revolutionary way for anybody and everybody to play the part of the red team with no learning curve, and without sacrificing methodology fidelity.

  • Learn how to deploy defenses against a live adversary strategizing against you.
  • Learn the methods and techniques of a cyber-threat as you figure out how to penetrate your target's defenses, navigate through their network, and gain control of their operations.

ThreatGEN™ Cyber Range - Industrial Cyber Range & Training Simulator

As an extension to PCAP3D, ThreatGEN™ (a.k.a. "SimICS") is designed to receive actual ICS/SCADA protocol data from real-world devices. It then adds realistic, fully interactive, 3D models of pipelines, tanks, well heads, a refinery, electrical substations, and an offshore platform (all with full walk-through capability) to the environment. These environments are coded with realistic physics that provide visual feedback for penetration testing training/labs, hacking demonstrations, red team/blue team exercises, and more. Users can cause several safety hazards and disasters such as pipes exploding and tanks overflowing by exceeding physical limits and thresholds. Future plans for ThreatGEN will be the ability for users to configure custom layouts/environments, and support for Oculus Rift, allowing users to experience the environment in immersive virtual reality.

>>View Screenshots<<

"Hacking Exposed, Industrial Control Systems: ICS and SCADA Security Secrets & Solutions"

The next title in McGraw Hill's infamous "Hacking Exposed" series, "Hacking Exposed: Industrial Control Systems" is a detailed technical reference that takes the reader through a keystroke by keystroke guided lesson on penetration testing an ICS environment using the same advanced techniques and methodology of a real-world hacker. Other key concepts are: How to setup and manage an ICS penetration testing project, how to perform a penetration test that is safe for ICS environments, ICS risk assessment/analysis methodologies, and how to defend against the attacks covered.

Publisher: McGraw-Hill Education
ISBN-10: 1259589714
ISBN-13: 978-1259589713
Authors: Clint Bodungen, Bryan Singer, Aaron Shbeeb, Kyle Wilhoit, Stephen Hilt
Release Date: Sept. 16, 2016

>>Available Here<<

"DIY SITUATIONAL AWARENESS - Exploring Open-Source ICS Asset Identification and 'Anomaly Detection' Solutions"

A multi-part series that follows our progress as we evaluate and explore open source options for Industrial Control Systems (ICS) Situational Awareness tools, which includes asset identification, network security monitoring (NSM), and anomaly detection. Specific topics include: Using GrassMarlin, extending GrassMarlin with the ELK stack, corralative analysis techniques, an anomaly detection and machine learning primer, and more.

>>Read Here<<

S4x18 Conference Video: "CrashOverideBowmanDragonfly"

I returned at S4x18 with yet another almost truthful documentary related to cyber security. this time I examine the art and pseudoscience of malware naming conventions.

>>Watch Here<<

S4x17 Conference Video: "History of ICS [In]security Farce"

A unique look at the history of ICS cyber security, or lack thereof, presented as a comical parody produced specifically for the S4x17 conference.

DISCLAIMER: Some of the jokes are "inside jokes" directed towards the ICS cyber security community and, in many cases, specifically toward some of the S4x17 audience.

>>Watch Here<<

Copyright © 2003-2019, Clint Bodungen