Hello All. I wanted to thank the organizer for having me at the 2025 Atlantic Security Conference in Halifax, NS this past week. I would also like to thank all the attendees who came to hear me speak.
For those who are looking for the slides, they can be downloaded from the link below:
https://www.petermorin.com/wp-content/uploads/2025/04/AtlSecCon-Top-AD-Attacks-2025.pdf
Please fee free to contact me if you have any questions. See you at the next con!
Reposting a post from Manjunath Hiregange from GE Vernova (thanks Manjunath!).
Are you interested in learning more about industrial control system (ICS) security, but struggling to find practical training opportunities?
Look no further than GRFICS (Graphical Realism Framework for Industrial Control Simulations) – free and open-source framework.
๐๐ข๐ญ๐ก ๐๐๐ ๐๐๐, ๐ฒ๐จ๐ฎ ๐๐๐ง ๐ฏ๐ข๐ซ๐ญ๐ฎ๐๐ฅ๐ข๐ณ๐ ๐๐ง๐ญ๐ข๐ซ๐ ๐๐๐ ๐ง๐๐ญ๐ฐ๐จ๐ซ๐ค๐ฌ ๐๐ง๐ ๐ฉ๐ซ๐๐๐ญ๐ข๐๐ ๐๐ฑ๐ฉ๐ฅ๐จ๐ข๐ญ๐ข๐ง๐ ๐ฏ๐ฎ๐ฅ๐ง๐๐ซ๐๐๐ข๐ฅ๐ข๐ญ๐ข๐๐ฌ ๐ฐ๐ก๐ข๐ฅ๐ ๐ฌ๐๐๐ข๐ง๐ ๐ญ๐ก๐ ๐ฉ๐ก๐ฒ๐ฌ๐ข๐๐๐ฅ ๐ข๐ฆ๐ฉ๐๐๐ญ ๐ข๐ง ๐ 3๐ ๐ ๐๐ฆ๐ ๐๐ง๐ ๐ข๐ง๐.
The GRFICS framework is designed to virtualize entire ICS networks, including realistic ๐ฉ๐ก๐ฒ๐ฌ๐ข๐๐๐ฅ ๐ฉ๐ซ๐จ๐๐๐ฌ๐ฌ ๐ฌ๐ข๐ฆ๐ฎ๐ฅ๐๐ญ๐ข๐จ๐ง๐ฌ. While the initial version of GRFICS virtualizes a chemical process control network with a flat, un-segmented network architecture, the framework is modular and can be customized and expanded to include other types of ICS networks.
Here is a link to the 5 VMs: https://github.com/Fortiphyd/GRFICSv2
5 VirtualBox VMs (๐ 3๐ ๐ฌ๐ข๐ฆ๐ฎ๐ฅ๐๐ญ๐ข๐จ๐ง, ๐ ๐ฌ๐จ๐๐ญ ๐๐๐, ๐๐ง ๐๐๐, ๐ ๐ฉ๐๐ฌ๐๐ง๐ฌ๐ ๐๐ข๐ซ๐๐ฐ๐๐ฅ๐ฅ, ๐๐ง๐ ๐ ๐ฐ๐จ๐ซ๐ค๐ฌ๐ญ๐๐ญ๐ข๐จ๐ง) communicating with each other on host-only virtual networks.
A video series walking through VM setup and example attacks is available on the Fortiphyd YouTube channel at https://www.youtube.com/playlist?list=PL2RSrzaDx0R670yPlYPqM51guk3bQjFG5
No one wants to see a blue screen on a Friday morning!
Not sure if folks are following the news, but a major bug has been identified with CrowdStrike Falcon stemming from a bad update. It is causing blue screens in Windows. Here is a statement from George Kurtz, CEO:
CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website. We further recommend organizations ensure theyโre communicating with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers.
There is a manual workaround, which is scriptable:
Just when we thought this was bad enough… Microsoft had an Azure outage. Looks like Azure Central US was down for hours. But had global impacts. Airlines and other major customers all over the world we impacted. some in India reverted to checking in passengers manually in excel spreadsheets. Also affected M365.
“We experienced a Storage incident in Central US which had downstream impact to a number of Azure services. This is currently mitigated; however, we are still in the process of validating recovery to a small percentage of those downstream services. This was communicated to affected customers via the Service Health dashboard in the Azure portal. We are also aware of an issue impacting Virtual Machines running Windows, running the CrowdStrike Falcon agent, which may encounter a bug check (BSOD) and get stuck in a restarting state. While this is an external dependency, we are currently investigating potential options for Azure customers to mitigate and will be providing updates via the status page here: https://azure.status.microsoft/en-gb/status/ as well as our Azure portal, where possible.”
Good luck everyone!