100 bugs in 100 days: An analysis of ICS (SCADA) software

Presented at DerbyCon 1.0 (2011), Oct. 1, 2011, 4 p.m. (50 minutes).

Please join us as we present the results of our research into vulnerabilities in Industrial Control System (SCADA) software. Our goal was to identify as many ICS software vulnerabilities as possible within 100 days. The results exceeded our expectations and include among other things: remote code execution, local privilege escalation, and web exploits. Using examples from our findings along with working PoC exploit code and a scanner capable of identifying Industrial Control Systems that we are releasing, we will teach you how to research and find ICS software vulnerabilities yourself.


Presenters:

Similar Presentations: