C3Subtitles: 30C3: SCADA StrangeLove 2
back

SCADA StrangeLove 2

We already know

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:41:41
Language
English
Abstract
SCADA StrangeLove team will present their research on ICS systems for the second time on CCC. Last year we showed current situation with security of industrial world and disclosed a big number of vulnerabilities found in Siemens ICS solutions. Part of vulnerabilities, we can say most notable one, wasn’t disclosed due to Responsible Disclosure. This time we already know. We will speak about several industrial protocols and their weaknesses. During this year we played with new industrial hardware and software – this patitially brings new “We don’t know yet” vulnerability details. Moreover, we’ll mention creepiest bugs undisclosed from last year, tell you about new ones and build attack vectors from them. At last, we will share our experience in pentesting ICS enviroments.

Speakers: Gleb Gritsai and Sergey Gordeychik


1. Introduction
1.a. About SCADA StrangLove
1.b. We were here before
c. Why we eat what we eat
2. ICS in internet – piece of cake
2.a. Massscan, zmap, sonar, etc.
2.b. One time scan isn’t sexy today – Continuous monitoring
2.c. Pizza Owens on the internets now
3. More protocols – more fun
3.a. Profinet/DCP
3.b. IEC104 – the bad and the bad
3.c. MMS – from reflash to tag
3.d. S7 saga continued
3.e. Every self-respecting ICS vendor must have own buggy protocol
4. “Darwin” bugs in ICS
4.a. Statistic and detailed analysis of vulnerabilities discovered by SCADASL team
5. Don’t try it at home - Pentesting ICS environment
5.a. Listen to the turbines
5.b. Sit in hardened rooms
5.c. Remember the exit paths
6. What we already know. Fixes and releases in 2013
7. Things we don’t know yet
7.a. Old friends: Siemens
7.a.i. New S7-1500 PLC
7.a.ii. Cookie monster to own all PLC’s
7.b. New friends
7.b.i. Invensys vulnerabilities
7.b.ii. ABB vulnerabilities and exploit demo
7.b.iii. Emerson vulnerabilities
8. Special 30C3 releases

Talk ID
5582
Event:
30C3
Day
2
Room
Saal 2
Start
11 p.m.
Duration
01:00:00
Track
Security & Safety
Type of
lecture
Speaker
repdet
Sergey Gordeychik