Category: Uncategorized

Introduction Industrial Control Systems (ICS) differ from traditional Information Technology (IT) systems. This can make the implementation of certain security controls difficult. Access Controls (AC) deal with how users or processes access the system. The National Institute of Standards and Technology (NIST) defines Access controls as: “The process of granting or denying specific requests for… Read more

Introduction Industrial Control Systems (ICS) are part of the Supervisory Control and data acquisition environments. These systems are responsible for the infrastructure of our cities and towns. ICS are used to control water distribution, electricity, some mass transit functions, and other industrial related activities. Traditionally ICSs were air gapped or had minimal network connectivity. Times… Read more

Sometimes, malware is just hiding. Analyze the issue of packed malware, including tools, tricks and popular packers. Introduction Malware is created with deception in mind. Malware authors want to go undetected in order to steal, alter or delete as much information as possible. Obfuscating malware is a way to keep the files associated with the… Read more

What is security clearance There are three types of security clearance levels: CONFIDENTIAL This clearance level is issued to personnel that need to access material, which, if improperly disclosed, could be reasonably expected to cause some measurable damage to the national security. The vast majority of military personnel are given this fundamental level of clearance.… Read more

Introduction Humans are repeatedly identified as the weakest link in the cybersecurity chain. We are highly susceptible to falling for phishing attacks, social engineering schemes, and other deceptive attempts. This realization makes cybersecurity training increasingly important. Companies are putting more effort into their cybersecurity training programs, but does law require cybersecurity training? Or just something… Read more

Introduction             The Network+ certification is a vendor neutral exam that verifies that the tester is knowledgeable in maintenance, troubleshooting and configuration of networks. It is a multiple-choice exam that consists of 90 questions that cover six domains: The Network+ certification is considered an entry level exam, but it is also the prerequisite for many… Read more

PowerShell is a command line shell that includes an environment for creating scripts. It is particularly designed for use by system administrators to manage, administer, monitor and troubleshoot. PowerShell uses some C# syntax. It is built on the .NET framework. Commands issued in PowerShell are referred to as “cmdlets”. As it is a Microsoft it… Read more

Having a security clearance can increase your job options and make you a more sought-after employee. An individual is not authorized to obtain a clearance on their own. They must be sponsored by the government or a cleared contracting company. Many employers would prefer to hire a candidate that already has a security clearance, as… Read more

A close and personal look at debugging using OllyDbg, including a walkthrough of debugging a recent malware. Introduction OllyDbg is 32-bit debugging tool used to analyze binary code. Its popularity is tied to being able to use it despite not having access to the source code. OllyDbg can be used to evaluate and debug malware.… Read more

Introduction Industrial computer systems (ICSs) are a type of Supervisory Control and Data Acquisition (SCADA) systems. ICS’s embedded architectures differ from standard enterprise systems. They do consist of interconnected systems, but the heart of their system is the Programmable Logic Controller (PLC) instead of a CPU. The PLC is responsible for providing system reliability by… Read more