Publications and Presentations
| Publication Date | Publication Name | Type | Link |
|---|---|---|---|
| 2023-05-30 | Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals | Blog | Void Rabisu |
| 2023-05-23 | Future Exploitation Vector: File Extensions as Top-Level Domains | Blog | File Extensions TLD |
| 2023-02-02 | What SOCs Need to Know About Water Dybbuk, A BEC Actor Using Open-Source Toolkits | Blog | Water Dybbuk |
| 2022-12-15 | The Near and Far Future of Ransomware Business Models | Paper | Ransomware Business Models |
| 2022-11-08 | DeimosC2: What SOC Analysts and Incident Responders Need to Know About This C&C Framework | Blog | DeimosC2 |
| 2022-06-06 | Closing the Door: DeadBolt Ransomware Locks Out Vendors With Multitiered Extortion Scheme | Blog | Closing The Door |
| 2022-04-26 | How Cybercriminals Abuse Cloud Tunneling Services | Blog/Paper | Cloud Tunneling |
| 2022-03-29 | A Floating Battleground Navigating the Landscape of Cloud-Based Cryptocurrency Mining | Paper | A Floating Battleground |
| 2022-03-17 | Cyclops Blink Sets Sights on Asus Routers | Blog | Cyclops Blink |
| 2022-01-20 | Backing Your Backup: Defending NAS Devices Against Evolving Threats | Paper | NAS Attacks |
| 2021-06-08 | Modern Ransomware's Double Extortion Tactics and How to Protect Enterprises Against Them | Paper | Double Extortion Ransomware |
| 2021-03-11 | The Future of P2P IoT Botnets | Blog | The Future of P2P IoT Botnets |
| 2021-01-19 | VPNFilter Two Years Later: Routers Still Compromised | Blog | VPFilter Two Years Later |
| 2020-12-22 | How to Protect Your Kid's Privcay While At-Home Learning | Blog | Kid's Privacy |
| 2020-09-16 |
Tribe Of Hackers Blue Team Edition |
Book |
Tribe Of Hackers Blue Team Edition |
| 2020-07-15 |
Worm War: The Botnet Battle for IoT Territory | Paper | Worm
War |
| 2020-01-20 | Caught in the Act: Running a Realistic Factory Honeypot to Capture Real Threats | Paper | Fake Company, Real Threats |
| 2019-09-10 | The Internet of Things in the Cybercrime Underground | Paper | IoT In the Cyber Crime Underground |
| 2019-08-30 | Tribe Of Hackers Red Team Edition | Book | Tribe Of Hackers Red Team Edition |
| 2019-03-07 | Cultivating Security in the Food Production Industry: Nipping IoT Risks and Threats in the Bud | Paper | Security in the Food Production Industry |
| 2019-03-06 | Cybersecurity Risks in Complex IoT Environments: Threats to Smart Homes, Buildings and Other Structures | Paper | Cybersecurity Risks in Complex IoT Environments |
| 2019-01-16 | A Security Analysis of Radio Remote Controllers for Industrial Applications | Paper | Industrial Radios |
| 2018-10-30 | Exposed and Vulnerable Critical Infrastructure: Water and Energy Industries | Paper | Exposed and Vulnerable Critical
Infrastructure |
| 2017-12-30 |
The Sound of a Targeted Attack | Paper |
The
Sound of a Targeted Attack |
| 2017-06-06 |
How Cybercriminals Can Abuse Chat Platform
APIs as C&C Infrastructures |
Paper |
Chat
Platform API's as C&C |
| 2017-05-30 |
Securing Smart Cities: Moving Toward Utopia with Security in Mind | Paper |
Securing
Smart Cities |
| 2017-02-15 |
US Cities Exposed |
Paper |
US
Cities Exposed |
| 2016-12-13 |
Leaking Beeps: IT Systems Broadcasting
Sensitive Info |
Paper |
Leaking
Beeps (IT) |
| 2016-11-30 |
HDDCryptor: Subtle Updates, Still a Credible Threat | Blog |
HDDCryptor:
Subtle Updates |
| 2016-11-09 |
Pawn Storm Ramps Up Spear-phishing Before
Zero-Days Get Patched |
Blog |
PawnStorm
Ramps Up Spear-Phishing |
| 2016-10-25 |
Leaking Beeps: Unencrypted Pager Messages
in Industrial Environments |
Paper |
Leaking
Beeps (ICS) |
| 2016-09-29 |
The Rise and Fall of Encryptor RaaS |
Blog |
Rise
and Fall of Encryptor RaaS |
| 2016-09-20 |
Fox-info PCWorx-info |
Code |
fox-info.nse pcworx-info.nse |
| 2016-09-26 |
Leaking Beeps: Unencrypted Pager Messages
in the Healthcare Industry |
Paper |
Leaking
Beeps (Health Care) |
| 2016-09-15 |
BkSoD by Ransomware: HDDCryptor Uses
Commercial Tools to Encrypt Network Shares and Lock HDDs |
Blog |
HDDCryptor |
| 2016-08-28 |
Hacking Exposed Industrial Control Systems |
Book |
Hacking
Exposed ICS |
| 2015-12-07 |
North American Underground: The Glass Tank |
Paper |
North
American Underground |
| 2015-11-11 |
GasPot Integrated Into Conpot, Contributing
to Open Source ICS Research |
Blog |
Gaspot/Conpot |
| 2015-08-05 |
The Gaspot Experiment |
Paper |
The
Gaspot Experiment |
| 2015-06-03 |
bacnet-info enip-info omron-info s7-info |
Code |
bacnet-info.nse enip-info.nse omron-info.nse s7-info.nse |
| 2014-10-01 |
Threat Intelligence firm mistakes research for nation-state attack | Blog |
APT Chattanooga |
| 2014-03-26 |
Redpoint: Discover & Enumerate BACnet
Devices |
Blog |
Redpoint:
Bacnet |
| 2014-2-03 |
PlcPwn |
Blog |
PlcPwn |
| Conference Date | Conference Name | Presentation Name | Link |
|---|---|---|---|
| 2020-05 |
BSidesKnoxville |
|
https://www.youtube.com/watch?v=xBXktWwvEyI |
| 2020-01 |
S4x20 |
Factory Honeynet: Highly Realistic and Interactive | https://www.youtube.com/watch?v=p84HJveHQdg |
| 2019-10 |
CS3STHLM |
How we reverse-engineered multiple
industrial radio |
https://www.youtube.com/watch?v=5l_cWD5ZR-M |
| 2019-03 |
RSA |
Secure the Pod Bay Doors, HAL:
Cybersecurity Risks of IoT Automation |
https://www.youtube.com/watch?reload=9&v=6vFYLJstCq0 |
| 2019-01 |
S4x19 |
The Industrial Radio Project - Hacking
Cranes Using SDR |
https://www.youtube.com/watch?v=1wBdD-KZ4rI |
| 2019-01 |
S4x19 |
ICS Honeypots - How To Use Them (Panel) | https://www.youtube.com/watch?v=pxP_D1oVYkg |
| 2019-11 |
SecureWorld |
SecureWorld: Behind the Scenes |
https://www.youtube.com/watch?v=tqKfau4ZLmk |
| 2018-08 |
DEFCON 26 (IOT VILLAGE) |
The Sound of a Targeted Attack |
https://www.youtube.com/watch?reload=9&v=zzgmWlCfCRU |
| 2018-05 |
BSidesKnoxville |
The differences and niches in the different
major criminal undergrounds |
https://youtu.be/hhniUz5xG24?t=2564 |
| 2018-04 |
HITB2018AMS |
Attacking IoT Speakers |
https://www.youtube.com/watch?v=za6F0pfisek |
| 2017-09 |
Derbycon 7.0 |
Victim Machine has joined #general: Using
Third Party APIs as C&C Infrastructure. |
https://www.irongeek.com/i.php?page=videos/derbycon7/t115-victim-machine-has-joined-general-using-third-party-apis-as-cc-infrastructure-stephen-hilt-lord-alfred-remorin |
| 2016-09 |
Derbycon 6.0 |
The 90's called, they want their technology back | http://www.irongeek.com/i.php?page=videos/derbycon6/316-the-90s-called-they-want-their-technology-back-stephen-hilt |
| 2015-10 |
4SICS (CS3STHLM) |
The little pump gauge that could |
https://www.youtube.com/watch?v=m3utW3cj5ls |
| 2015-08 |
Black Hat 2015 |
The Little Pump Gauge That Could: Attacks
Against Gas Pump Monitoring Systems |
https://www.youtube.com/watch?v=gorNee0MaoU |
| 2015-?? |
Hack3rCon 5 |
I Am Nation State (And So Can You!) | http://www.irongeek.com/i.php?page=videos/hack3rcon5/h13-i-am-nation-state-and-so-can-you-tothehilt-synackpwn |
| 2014-09 | Derbycon 4.0 |
Protocol Me Maybe?: How to Date SCADA |
http://www.irongeek.com/i.php?page=videos/derbycon4/t124-protocol-me-maybe-how-to-date-scada-stephen-hilt |
| 2014-01 |
S4x14 |
PLCPwn |
<links needed> |