Recently, I’ve published a post in the form of Interview about Oil and Gas Cyber Security and it received a lot of attention.
It seems that nowadays researchers are really interested in learning more about industries they analyze. You know, some years ago it used to be much simpler. A company hired a specialist who has some pentesting skills and who can examine if their systems are vulnerable. Those specialists used some pentesting tools, then, if they are good specialists, they checked for vulnerabilities manually, escalated privileges and, as a result, wrote a report about vulnerabilities they discovered. It looked like “we found an X vulnerability on the server Y”. It was enough to know that hackers could penetrate into the system as pentesters could, and it was very impressive to provide just a list of vulnerabilities.