SCADA StrangeLove 2: We already know

Presented at 30C3 (2013), Dec. 28, 2013, 11 p.m. (60 minutes)

SCADA StrangeLove team will present their research on ICS systems for the second time on CCC. Last year we showed current situation with security of industrial world and disclosed a big number of vulnerabilities found in Siemens ICS solutions. Part of vulnerabilities, we can say most notable one, wasn’t disclosed due to Responsible Disclosure. This time we already know. We will speak about several industrial protocols and their weaknesses. During this year we played with new industrial hardware and software – this patitially brings new “We don’t know yet” vulnerability details. Moreover, we’ll mention creepiest bugs undisclosed from last year, tell you about new ones and build attack vectors from them. At last, we will share our experience in pentesting ICS enviroments. Speakers: Gleb Gritsai and Sergey Gordeychik 1. Introduction 1.a. About SCADA StrangLove 1.b. We were here before c. Why we eat what we eat 2. ICS in internet – piece of cake 2.a. Massscan, zmap, sonar, etc. 2.b. One time scan isn’t sexy today – Continuous monitoring 2.c. Pizza Owens on the internets now 3. More protocols – more fun 3.a. Profinet/DCP 3.b. IEC104 – the bad and the bad 3.c. MMS – from reflash to tag 3.d. S7 saga continued 3.e. Every self-respecting ICS vendor must have own buggy protocol 4. “Darwin” bugs in ICS 4.a. Statistic and detailed analysis of vulnerabilities discovered by SCADASL team 5. Don’t try it at home - Pentesting ICS environment 5.a. Listen to the turbines 5.b. Sit in hardened rooms 5.c. Remember the exit paths 6. What we already know. Fixes and releases in 2013 7. Things we don’t know yet 7.a. Old friends: Siemens 7.a.i. New S7-1500 PLC 7.a.ii. Cookie monster to own all PLC’s 7.b. New friends 7.b.i. Invensys vulnerabilities 7.b.ii. ABB vulnerabilities and exploit demo 7.b.iii. Emerson vulnerabilities 8. Special 30C3 releases

Presenters:

  • sgordey
    Sergey Gordeychik, security expert, Director and Scriptwriter of the Positive Hack Days (www.phdays.com) forum, captain of SCADAStrangeLove.org (www.scadasl.org) project. Sergey has developed a number of training courses, including "Wireless Networks Security" and "Analysis and Security Assessment of Web Applications," published several dozens of articles in various titles and a book called "Wireless Networks Security." He is a member of the Web Application Security Consortium (WASC) Board of Directors and the RISSPA Council of Experts. Speaker @ S4/29C3/POC/ZeroNights/PHDays... @scadasl
  • repdet

Links:

Similar Presentations: