Complete listing of public research

Malware Analysis

Here are malware analysis projects I’ve worked on as a reverse engineer at Dragos:

• Fuxnet Malware (whitepaper or strategic brief)
• APT Exploits for Rockwell Automation ControlLogix
• COSMICENERGY Analysis
• Deep Dive into PIPEDREAMs OPC UA Module, MOUSEHOLE
• Measuring the Potential Impact of MOUSEHOLE
• PIPEDREAM Webinar
• The Trojan Horse Malware & Password “Cracking” Ecosystem Targeting Industrial Operators

Vulnerability Research

For a full listing of CVEs I’ve discovered, please see my “CVEs Discovered” page.

• Suggested Practices to Defend Against DLL Hijacking
• Root Cause Analysis of Password “Cracking” Vulnerabilities Section, Dragos Year-in-Review 2022 (starts on p.37)

Conferences

I’ve presented at several in person conferences, including:

• BSides Twin Cities: History of ICS-Specific Malware
• Dragos:
  • DISC ‘24: Hunting for Future ICS Threats
  • DISC’23: When Pythons Attack: The Hunting and Analysis of ICS-related, Compiled Python Samples
  • DISC’23: PIPEDREAM Analysis
  • DISC’22: Malware, 0 Days, and PLCs, Oh Boy!
• BSides Zurich: PLC Password Cracking Malware

Unfortunately, some of these were private conferences with sensitive information, so I am unable to share the all slides.

I also am one of the organizers of BSides Twin Cities, an annual conference held in Minneapolis, MN in early October. Please check out the site for more information, it’s a great con!

Webinars

I’ve also participated in a variety of webinars:

• SANS ICS: The Story of KurtLar_SCADA - From Malware Discovery to Victim Notification [Slides, Recording]
• University of New Hampshire: ICS/OT Cybersecurity, Malware Threats Examined & Explained
• Dragos 2021: Examining ICS Vulnerabilities Webinar
• Dragos 2020: Examining ICS Vulnerabilities Webinar

Media Coverage

Some of my research has been covered in the media.

Trojan Horse Password Cracking Research

• Ars Technica: Hackers are targeting industrial systems with malware
• Bleeping Computer: Password recovery tool infects industrial systems with Sality malware
• The Hacker News: Hackers Distributing Password Cracking Tool for PLCs and HMIs to Target Industrial Systems
• Security Week: PLC and HMI Password Cracking Tools Deliver Malware
• Industrial Cyber: Dragos details Trojan Horse malware, password cracking ecosystem affecting industrial operators
• Secure Blink: Salty malware used to infect ICS through password cracking tool
• HelpNet Security: Beware of password-cracking software for PLCs and HMIs!
• The Tech Outlook: Hackers targeting industrial PLCs with a new password cracking tool by remaining undetected

Comments, Quotes, and Random Tidbits

• Ars Technica: Comment on Microsoft-disovered CoDeSys Vulnerabilities