Cutaway Security

Proxmox AI Development Lab

Sat, 11 Apr 2026 00:00:00 +0000

TL;DR
#

Setting up a proper Windows testing environment for ICS/OT security tool development goes beyond spinning up a single VM. You need multiple Windows versions, from legacy Windows 7 through Server 2022, templated, sysprepped, and network-isolated so you can rapidly deploy clean test systems and tear them down when you’re done. This post summarizes my experience building a Proxmox-based development lab with automated VM management for testing Sysmon configurations and security scripts across every supported Windows version. The complete setup guide is available as a PDF download. We document these projects to both remember what we have done and also help others with similar projects.

Building a Local AI Development Server with Framework Desktop

Sat, 07 Feb 2026 00:00:00 +0000

TL;DR
#

Using AI/LLM goes beyond using ChatGPT, Gemini, and Claude. Running large language models (LLMs) locally eliminates cloud dependencies, keeps sensitive data on-premises, and provides the computational muscle needed for AI-assisted security research. This post summarizes my experience building a dedicated AI development server using the Framework Desktop with AMD’s Ryzen AI Max+ 395 processor — a system capable of running 70B parameter models entirely in local memory.

Starting Cybersecurity Program for Small ICS / OT Teams

Wed, 26 Feb 2025 00:00:00 +0000

This morning I was thinking about completing an article I was writing about KPIs and OKRs. The more I wrote, the more I realized I was just regurgitating research and making pity comments. Which means, it was crap. So, I refocused and turned to AI to help me. I ask Google’s Gemini the following question.

Remote Access To Your BESS and You

Wed, 19 Feb 2025 00:00:00 +0000

This last week was the week of Battery Energy Storage System (BESS). Joe Weiss released a blog post titled Cyber-vulnerable battery systems are catching fire and communicate directly to China where he discusses his concerns about threat actors from the People Republic of China (PRC) remotely accessing BESS deployments in the United States. While I share the concern I am not a fan of “reading between the lines” to correlate an event with threat actor activities.

Unrestricted Access to Your Critical Infrastructure - The U.S. Treasury

Sat, 08 Feb 2025 00:00:00 +0000

The US Treasury Department is an industrial control environment integrated with an active business environment. This organization collects taxes, pays bills for the United States, produces coins and currency (ICS controllers, field devices, servers, and applications), manages government accounts, and enforces tax and finance laws. The recent access to access that has been provided to the Department of Government Efficiency (DOGE) team equates unmoderated administrative access to this control environment. The US Treasure Department one piece of the United States’ critical infrastructure.

Accelerating IACS / OT Cybersecurity Improvements

Fri, 17 Jan 2025 00:00:00 +0000

Today I had to remind myself to tell a team leader about an IT cybersecurity team member that provides superior security assessment work for a utility client. The IACS and OT industry likes to say that IT administrators and cybersecurity professionals cannot provide good guidance or do active assessments safely in production environments. This individual’s contributions to the vulnerability assessment of complex production and test environments continues to be invaluable and has helped to improve the design and deployment of solutions affecting millions of people supported by the utility.

Finger Wagging and Disrespecting Professionals Will Not Secure Critical Infrastructure

Fri, 10 Jan 2025 00:00:00 +0000

In his recent article, titled Critical infrastructures cannot be secured because network security and engineering won’t work together, Joe Weiss has provided the IACS cybersecurity industry with an example of hyperbole and fear mongering what needs to be stamped out rather than perpetuated. The advancement and maturity of this field will not evolve effectively when build on, or supported by, this biased and bigoted vernacular. It is difficult to call out all the issues in his meandering post. So, I will focus on three important topics where he needs to take a hard look at his beliefs and the approach he is bringing to the security and safety of industrial and automation control environments.

Architecting Safety Using Cybersecurity Requirements and Assessments

Sat, 18 May 2024 00:00:00 +0000

Originally posted at Claroty NexusConnect on May 9, 2024

The Cybersecurity Safety Challenge
#

I started thinking about the safety issues for security assessments when I was asked to attend a conference for amusement rides and parks. Safety has always been paramount in this industry and their teams are working hard to understand and improve how cybersecurity fits into the phases of a ride’s lifecycle.

Bashing Education and Certifications Reduces Safety of Industrial and Automation Control Environments

Fri, 08 Sep 2023 00:00:00 +0000

Recently, I have noticed people emphasizing the name of certifications and personally attacking the people who obtain them. This is unfortunate as it is shining light on the wrong subject. The value of a certification is not in the name. The value of the certification is that it is an indication that an individual has received a level of instruction and demonstrated the ability to retain, reference, and recall that information. It is this foundation of knowledge that the individual can be held accountable for using during decision making.

Conducting Gap Assessments to Secure Control Environments’ Cloud-based Solutions

Wed, 23 Aug 2023 00:00:00 +0000

Originally posted on the Claroty NexusConnect Blog.

The advancement of remote access technologies, machine learning, and artificial intelligence solutions is moving the industrial and automation industry toward cloud technologies faster and faster.

Achieving the ISA/IEC 62443 Cybersecurity Expert Certification

Tue, 11 Jul 2023 00:00:00 +0000

In February 2023 I was attending a conference for safety. I was introduced to many new people with roles that involved safe implementation of processes, equipment, and manual procedures that support the entertainment and safety of people all around the world. During one of my conversations, I was told that people purchasing services from large industrial control and automation vendors are not asking for people that have achieved the GIAC GICSP certification. They are specifically asking for people that have achieved the ISA/IEC 62443 Cybersecurity certifications. That was the moment I decided I was going to achieve the ISA/IEC 62443 Cybersecurity Expert certification before the end of 2023.

Radio Expert Staged the Flipper Zero Meter Attack?

Wed, 14 Jun 2023 00:00:00 +0000

Initially, I ignored the YouTube video, Flipper Zero attacking Smart Power Meters. I watched it. I thought it was “interesting.” But, I did not want to spend a lot of time on it. After all, it has been over ten years since my Black Hat / DEFCON 20 talk, Looking into the Eye of the Meter. I do not have the time, resources, or permission to do any more work on smart meters. So, I figured I would leave it to others to address the findings in this video and the person involved.

Overlook Physical Security Risks at Your Own Peril

Fri, 09 Jun 2023 00:00:00 +0000

Blog Post Originally Published on Claroty Nexus Blog

Illicit remote access to industrial control systems and devices provides threat actors with access to process information, user and service account credentials, and the ability to remotely interact with attack surfaces. These attack vectors are the current security focus of most organizations in critical infrastructure and production, distribution, and service industrial sectors.

ICS/OT Cybersecurity Self Analysis - Physical Security

Wed, 22 Mar 2023 00:00:00 +0000

Originally posted on the Cutaway Security Linked In on March 22, 2023.

Let’s consider some practical steps for a ICS/OT Cybersecurity Self Analysis. Today, let’s cover physical security at your substation, pumping station, or compressor station. We feel this checklist is a good start. Do you have items to add? Let us know in the comments on Linked In.

Managing Cyber Risk in Industrial, Automated Environments

Sun, 12 Mar 2023 00:00:00 +0000

Originally posted on the Claroty Nexus Community as “Managing Cyber Risk in Industrial, Automated Environments” on February 23, 2023.

Environments with industrial or automation control systems are built to ensure process availability and resilience. Availability is defined as “the quality of being able to be used or obtained” and resilience as “the capacity to recover quickly from difficulties; toughness.” These days, these definitions do not necessarily take into consideration the rampant connectivity happening today within automation environments.

Learning Ghidra Basics Analyzing Firmware

Fri, 06 Mar 2020 00:00:00 +0000

Introduction
#

It has been a while since I have analyzed any program or firmware. The majority of my previous experiences were mostly analyzing Capture The Flag (CTF) binaries with the help and instruction from my good friend Matt Carpenter of Grimm Security. While extremely helpful, I always knew I was looking for a vulnerability that should be easy to find since I mainly stuck with the easy to medium difficulty challenges. Analyzing actual firmware for a vulnerability is much different. While most programs “should” have vulnerabilities, there is no guarantee of a flag at the end, like in CTF binaries, that can be verified by submitting a string of bytes for points.

Questions from SANS Pen Test Hackfest 2019

Thu, 21 Nov 2019 00:00:00 +0000

This week I had the pleasure of speaking twice at the SANS Pen Test Hackfest Summit 2019. I had an excellent time and got to meet up with some old friends and make new acquittances. That is one of the most important things about these events. Attending pulls us from behind our virtual cubicles and gets us in front of human beings with common interests. It allows us to participate in conversations and, hopefully, have interactions where the communications include body language, facial expressions, and vocal inflections.

WWHF2019: Architecting Secure ICS Environments

Fri, 25 Oct 2019 00:00:00 +0000

Update: Architecting Secure ICS Environments Slide Deck

On October 24, 2019 I delivered a talk at the Wild West Hackin’ Fest in Deadwood, South Dakota. This conference is primarily attended by information security professionals and businesses with information security teams interested in a hands-on experience. I felt it was an excellent opportunity to provide information about the challenges they will face when implementing and testing security in environments that contain Industrial Control System (ICS) technologies.

Conducting Security Program Maturity Evaluations of ICS Environments

Thu, 29 Aug 2019 00:00:00 +0000

This article was originally published on Linked In on July 29, 2019.

ICS Security Programs
#

The implementation and security of Industrial Control Systems (ICS) in business environments is challenging. Most organizations start with legacy environments or build new solutions with process effectiveness as their priority. Once an organization realizes they need to secure the environment they quickly come to the conclusion that their enterprise security program does not easily fit into the primary goals and requirements of the ICS environment. Thus, they need a method to evaluate their current security posture and identify a path forward that is prioritized to the goals of the process(es).

Cutaway Security

Proxmox AI Development Lab

TL;DR #

Building a Local AI Development Server with Framework Desktop

TL;DR #

Starting Cybersecurity Program for Small ICS / OT Teams

Remote Access To Your BESS and You

Unrestricted Access to Your Critical Infrastructure - The U.S. Treasury

Accelerating IACS / OT Cybersecurity Improvements

Finger Wagging and Disrespecting Professionals Will Not Secure Critical Infrastructure

Architecting Safety Using Cybersecurity Requirements and Assessments

The Cybersecurity Safety Challenge #

Bashing Education and Certifications Reduces Safety of Industrial and Automation Control Environments

Conducting Gap Assessments to Secure Control Environments’ Cloud-based Solutions

Achieving the ISA/IEC 62443 Cybersecurity Expert Certification

Radio Expert Staged the Flipper Zero Meter Attack?

Overlook Physical Security Risks at Your Own Peril

ICS/OT Cybersecurity Self Analysis - Physical Security

Managing Cyber Risk in Industrial, Automated Environments

Learning Ghidra Basics Analyzing Firmware

Introduction #

Questions from SANS Pen Test Hackfest 2019

WWHF2019: Architecting Secure ICS Environments

Conducting Security Program Maturity Evaluations of ICS Environments

ICS Security Programs #

TL;DR
#

TL;DR
#

The Cybersecurity Safety Challenge
#

Introduction
#

ICS Security Programs
#