Join us for the FREE Cyber Defense Forum | Live Online on October 9


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

Control System Security Researchers Adam Crain and Chris Sistrunk to Unveil New Aegis Fuzzing Framework at the SANS ICS Security Summit and Training Event in Orlando

  • Bethesda, MD
  • December 19, 2013

The SANS Institute announced today the addition of two presenters at the upcoming 9th Annual Industrial Control System (ICS) Security Summit and Training, ICS control system security researchers Adam Crain, founder of Automatak and Chris Sistrunk, independent researcher. Crain and Sistrunk will unveil the new Aegis fuzzing framework at the summit. Attendees will also hear firsthand the current status of Project Robus, an ongoing search for vulnerabilities in ICS protocols, including pre-recorded fuzzing demonstrations conducted by Crain and Sistrunk which now have patches.

"Cyber security threats continue to increase in both frequency and sophistication. To protect our country's critical infrastructure against these threats, the ICS industry needs to take responsibility for its own testing practices," said Crain. "Software security needs to be a continuous part of the development process, not just a check box during final quality assurance. Providing software engineers with open examples that they can modify and improve will enable the kind of white-box testing this industry sorely needs."

Summit speakers will discuss how system owners can address the vulnerabilities being uncovered as the industry takes greater steps to enhance the security of critical industrial technology. In addition to the unveiling of the Aegis framework and related discussions, Security Summit attendees can look forward to the following events:

Kyle Wilhoit, Threat Researcher at Trend Micro, will demonstrate attackers in progress as they infiltrate perceived sensitive data. Wilhoit will also discuss how he geo-located these individuals, and tracked their movements, operations, and attacks. He will also share, for the first time, new statistics and never seen before ICS attack details.

This year's summit will take a technical deep dive with hard-hitting program talks and hands-on ICS challenges and hacking stations. Included among the talks is the next installment of the highly popular "Exposure to Closure - Act I" presentation which debuted at last year's Summit, From Exposure to Closure/ACT III the Next Frontier, NERC.

Summit Details

The 9th Annual ICS Security Summit will be held in Orlando, Florida on March 17-18, 2014, with in-depth, hands-on technical courses on March 12-16. The Security Summit brings together program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security.

Attendees will learn about new tools and techniques, which they can put to work immediately when they return to their office. Security Summit attendees are also invited to attend technical courses led by the top ICS/SCADA experts that will provide a deep dive into how to combat advanced persistent threats. For a complete listing of summit presenters or to register for the event, please visit:

SANS Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions worldwide. Renowned SANS instructors teach more than 60 courses at In-Person and Live Online cyber security training events, and more than 50 courses are available anytime, anywhere with our OnDemand platform. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system – the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (