As 2024 comes to a close, I’m proud to reflect on an incredible year filled with contributions to OT cybersecurity through my blog and ICS Arabia Podcast. This year marked the completion of four years for my blog, and I interviewed 18 guests, surpassing previous years. My guests, a mix of Arabic and English speakers, brought a wealth of knowledge to the community.
Additionally, I was deeply immersed in other projects, particularly ICSrank.com—a tool I’ve been developing to improve the discovery and security assessment of ICS/OT devices. Stay tuned, as ICSrank is almost ready for launch!
A heartfelt thank you to the ICS/OT cybersecurity community and my podcast guests for their support, knowledge, and willingness to share. Here’s a summary of this year’s articles and podcasts:
ICS Arabia Podcast (2024)
Total Episodes: 18
- Arabic: 11
- English: 7
Arabic Episodes
- Zero Trust in ICS/OT: A Comprehensive Deep Dive – with Shaker Hashlan
- Digital Twins in ICS/OT – with Nebras Alquarashi
- Conversation with a Kuwaiti Engineer on OT Cybersecurity and OWASP – with Faisal Albuloushi
- Hunting Down Threats: ICS/OT Edition – with Shaker Hashlan
- MITRE ATT&CK for ICS/OT – with Shaker Hashlan
- First-Time SCADA Penetration Testing – with Ali Dashti
- OT Cybersecurity Skills: Building Your Expertise – with Shaker Hashlan
- OT 101 – with Faisal Albuloushi
- Hacking Health: Unveiling Vulnerabilities in Wearable Medical Devices – with Mohammad Al-Hussan
- From OT Security to IIoT – with Shaker Hashlan
- ICS/OT Blue Team – with Shaker Hashlan
English Episodes
- Open Source Zero Trust – with Philip Griffiths
- PLC Scanning: Safe Practice or Security Risk? – with Raphael Arakelian
- Medical Devices Exposed – with Alessio Rosas
- Disaster Recovery in OT – with Saltanat Mashirova
- OT Penetration Testing – with Mike Holcomb
- My Interview with Mike Hoffman
- Interview with Sinclair Koelemij
Blog Posts (2024)
Total Articles: 14
- OT Hunt Series: 11
As usual, my routine involves searching for exposed ICS/OT devices, continuing my passion for research, and building a profile of dorks/filters—the backbone of my tool, ICSrank.com. Some dorks I share in articles, while others remain unpublished.
One of my standout articles this year was How to Find Water Systems on the Internet: A Guide to ICS/OT OSINT. It gained significant traction in the OT community, was published in Security Week Magazine, and referenced in a research article by Forescout.
Finding the responsible asset owner behind exposed ICS/OT devices has been a long-standing challenge, but I succeeded in identifying some of these critical systems. I urge everyone to read this article and share it with asset owners, companies, and countries managing critical infrastructure.
Topics include:
- Find ICS/OT Devices on the Internet with ICSrank
- Open Source Tools for OT Defenders
- ICS/OT OSINT: Using Gemini AI for PLC and HMI Image Analysis
OT Hunt Series
- How to Find Water Systems on the Internet: A Guide to ICS/OT OSINT
- OT Hunt: Finding HMIs with Shodan
- OT Hunt: Finding ICS/OT with Censys
- OT Hunt: Finding ICS/OT with ZoomEye
- OT Hunt: Finding ICS/OT with FOFA
- Unveiling Risks of Exposed T5 PLCs, Vulnerable Routers, and RTSP Misconfigurations
- How to Find and Probe ENCO PLCs on the Internet
- Finding WAGO 750-88x PLC Using Google
- OT Hunt: Analyzing CODESYS Security with MITRE T0886
- HTML5 in the Wild: Transforming OT Interfaces but Opening New Risks
- OT Hunt: clearSCADA
For previous summaries, visit:
Stay safe and inspired.
Sulaiman Alhasawi