Marcel Rick-CenSecurity Analysis of an IX2400 VPN Gateway: Root AccessA ten-byte-long piece of information, hidden deep in the device’s memory, allowed me to login as root.7 min read·2 days ago----
Marcel Rick-CenProtecting Siemens PLCs: Upgrading the FirmwareUnlike IT environments, where systems are frequently patched, updating firmware in OT devices can be daunting due to the potential for…4 min read·May 5, 2024----
Marcel Rick-CenSecurity Analysis of an IX2400 VPN Gateway: USB Port TamperingIn our last article, we accessed the bootloader shell of the IX2400 device but were unsuccessful in spawning a system shell using modified…4 min read·Apr 30, 2024----
Marcel Rick-CenSecurity Analysis of an IX2400 VPN Gateway: Bootloader AccessIn the previous article, we discovered that the IX2400 device has an UART interface, which is critical for debugging and administrative…5 min read·Apr 27, 2024----
Marcel Rick-CenSecurity Analysis of an IX2400 VPN Gateway: Reconnaissance Part IIIn the previous article, we revealed that the IX2400, operates on a MediaTek MT7621 System on Chip and utilizes the Linux-based OpenWRT as…5 min read·Apr 25, 2024----
Marcel Rick-CenSecurity Analysis of an IX2400 VPN Gateway: Reconnaissance Part IRemote access devices allow operators and engineers to manage, monitor, and troubleshoot equipment remotely, which is crucial for…5 min read·Apr 23, 2024----
Marcel Rick-CenICS/OT Penetration Testing of Schneider Modicon TM221: A Beginner’s GuideOccupy the Web (OTW) demonstrated how attackers could exploit vulnerabilities in Modicon devices by directly interfacing with them using…5 min read·Apr 16, 2024----
Marcel Rick-CenCreating Independent Community-Driven ICS/OT Security Courses: An Unveiling of Dual PerspectivesIn the landscape of industries and infrastructures, Industrial Control Systems (ICS) stand as the brain, orchestrating operations ranging…4 min read·Apr 11, 2024----
Marcel Rick-CenICS/OT Bad USB Attack On An Beckhoff CX9001In this guide, we arm a BadUSB to break down the defenses of a Beckhoff CX9001 embedded industrial controller. Other than the Hak5 Rubber…3 min read·Apr 9, 2024----
Marcel Rick-CenICS/OT Penetration Testing of Moxa NPort 5110: A Beginner’s GuideIn 2022, several hacktivist groups like GhostSec and Team OneFist compromised Moxa Ethernet to Serial communication devices and claimed5 min read·Apr 7, 2024----