Exploiting SCADA Systems

Presented at DEF CON 18 (2010), July 31, 2010, 10 a.m. (50 minutes)

SCADA systems are just as vulnerable to attack today than they were ten years ago. The lack of security awareness by SCADA software vendors, combined with the rush of hacking these systems, make them very attractive to hackers today. The focus of this presentation will be showing the disconnect between SCADA software and secure programming. There will be a live demonstration of Sploitware, a framework dedicated to vulnerability analysis of SCADA systems. This framework could be thought of as a proof of concept, although you will see it is more than mature enough to prove the point.

Presenters:

• Jeremy Brown - Security Researcher
  Jeremy Brown is a computer security researcher employed at Tenable Network Security as a Vulnerability Research Engineer. Jeremy enjoys vulnerability research and analysis, exploit development, programming, fuzzing, and reverse engineering. Twitter: @jeremybrownn

Links:

• https://defcon.org/html/defcon-18/dc-18-speakers.html#Brown
• https://infocon.org/cons/DEF CON/DEF CON 18/DEF CON 18 video and slides/DEF CON 18 - Jeremy Brown - Exploiting SCADA Systems - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=tIlCn9Nk6gM

Similar Presentations:

• ToorCon San Diego 12 (2010) / Exploiting SCADA Systems
• AppSec USA 2013 / Why is SCADA Security an Uphill Battle?
• AppSec USA 2015 / The State of Web Application Security in SCADA Web Human Machine Interfaces (HMIs) !