Projects

ICS Watch Dog

Ready-to-use Microsoft Sysinternals Sysmon configurations for enterprise IT and ICS/OT environments, mapped to the SANS ICS Five Critical Controls. Start with the IT baseline and progress through OT-specific configs as your monitoring program matures.

CHAPS

Configuration Hardening Assessment PowerShell Script. Collects system security settings on Windows systems where additional tools cannot be installed. Designed for hardened ICS environments where master and support servers cannot accept new software.

Cloud security documents and tools to assist with conducting risk assessments that conform to ISA/IEC 62443 guidelines. Supports the high-level risk assessment required when introducing cloud services into industrial control environments.

Hands-on cybersecurity lab simulating a natural gas distribution terminal. Practice ATG protocol enumeration, tank gauge manipulation, and historian database exploitation in a safe, isolated environment.

Scan AutomationDirect CLICK PLCs via Modbus TCP and EtherNet/IP CIP. Designed for ICS/OT cybersecurity students and assessment personnel conducting authorized testing.

Research project demonstrating a Command-and-Control channel that uses the CLICK PLC as a proxy over MQTT. Illustrates how industrial protocols can be abused for covert communications.

Collection of scripts and utilities used during security assessments to parse data, gather information, and streamline common tasks.

Stand-Alone Windows Hardening. PowerShell script that reduces the attack surface of Windows systems not attached to Active Directory, particularly HMI systems in process environments that only need local access.

NERC CIP Assessment Scripts. Generates the baseline outputs required for NERC CIP-010-3.R1 compliance across a variety of systems.

Remote / Onsite Security Assessment Jumpkit. Equipment loadout recommendations organized by assessment type, with cases selected to protect each tool and organize them by functionality.

System Testing and Assessment Rating methodology for estimating risk severity in IACS/OT environments. Adds consequence considerations to qualitative risk calculation. Includes a white paper and an online calculator.

Analyze and interact with Ethernet types associated with IEC 61850. Parses GOOSE network packets to understand IEC 61850 communications and interact with devices using these protocols.

Process PCAP files with pyshark and send traffic information to a Neo4j database. Visualize industrial network communications to identify shadow or rogue systems and devices.

Tools for interacting with DNP3 devices. Useful for understanding DNP3 communications during assessment engagements.

Distributed Network Protocol (DNP3) library for Scapy. Enables crafting and dissecting DNP3 packets within Python-based assessment tooling.

Scripts to program and interact with the CLICK PLC without vendor software. Predecessor to the newer CLICK PLC Scanner project.

Parser for JSON files produced by the sslyze TLS scanning tool. Outputs lists of servers with specific configuration issues for faster report generation.