34C3 - SCADA - Gateway to (s)hell
https://media.ccc.de/v/34c3-8956-scada_-_gateway_to_s_hell
Hacking industrial control gateways
Small gateways connect all kinds of fieldbusses to IP systems. This talk will look at the (in)security of those gateways, starting with simple vulnerabilities, and then deep diving into reverse-engineering the firmware and breaking the encryption of firmware upgrades. The found vulnerabilities will then be demonstrated live on a portable SCADA system.
Companies often utilize small gateway devices to connect the different field-busses used in industrial control systems (such as Modbus, RS232 etc) to TCP/IP networks. Under the hood, these devices are mostly comprised of ARM-based mini computers, running either custom, tiny operating systems or uClinux/Linux. The talk will look at the security aspects of these gateways by examining known and unfixed vulnerabilities like unchangeable default credentials, protocols that do not support authentication, and reverse engineering and breaking the encryption of firmware upgrades of certain gateways.
The talk will consist of a theoretical part, an introduction on how to reverse-engineer and find vulnerabilities in a firmware-blob of unknown format, and a practical part, showcasing a live ICS environment that utilizes gateways, from both the IP and the field-bus side, to pivot through an industrial control system environment: Demonstrating how to potentially pivot from a station in the field up to the SCADA headquarters, permanently modifying the firmware of the gateways on the way.
Thomas Roth
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/8956.html
Видео 34C3 - SCADA - Gateway to (s)hell канала media.ccc.de
Hacking industrial control gateways
Small gateways connect all kinds of fieldbusses to IP systems. This talk will look at the (in)security of those gateways, starting with simple vulnerabilities, and then deep diving into reverse-engineering the firmware and breaking the encryption of firmware upgrades. The found vulnerabilities will then be demonstrated live on a portable SCADA system.
Companies often utilize small gateway devices to connect the different field-busses used in industrial control systems (such as Modbus, RS232 etc) to TCP/IP networks. Under the hood, these devices are mostly comprised of ARM-based mini computers, running either custom, tiny operating systems or uClinux/Linux. The talk will look at the security aspects of these gateways by examining known and unfixed vulnerabilities like unchangeable default credentials, protocols that do not support authentication, and reverse engineering and breaking the encryption of firmware upgrades of certain gateways.
The talk will consist of a theoretical part, an introduction on how to reverse-engineer and find vulnerabilities in a firmware-blob of unknown format, and a practical part, showcasing a live ICS environment that utilizes gateways, from both the IP and the field-bus side, to pivot through an industrial control system environment: Demonstrating how to potentially pivot from a station in the field up to the SCADA headquarters, permanently modifying the firmware of the gateways on the way.
Thomas Roth
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/8956.html
Видео 34C3 - SCADA - Gateway to (s)hell канала media.ccc.de
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![34C3 - Everything you want to know about x86 microcode, but might have been afraid to ask](https://i.ytimg.com/vi/lY5kucyhKFc/default.jpg)
![34C3 - SCADA - Gateway to (s)hell - deutsche Übersetzung](https://i.ytimg.com/vi/Kt109Gf37XE/default.jpg)
![Software Defined Emissions (33c3)](https://i.ytimg.com/vi/7t4paclIwuU/default.jpg)
![TryHackMe! Basic Penetration Testing](https://i.ytimg.com/vi/xl2Xx5YOKcI/default.jpg)
![](https://i.ytimg.com/vi/kMPwAGNqS6w/default.jpg)
![34C3 - Console Security - Switch](https://i.ytimg.com/vi/Ec4NgWRE8ik/default.jpg)
![25c3: The Ultimate Commodore 64 Talk](https://i.ytimg.com/vi/ZsRRCnque2E/default.jpg)
![SCADA Hacking | Operational Technology (OT) Attacks](https://i.ytimg.com/vi/Fd1RLWqIPls/default.jpg)
![34C3 - Mietshäusersyndikat: den Immobilienmarkt hacken](https://i.ytimg.com/vi/cFAHSRvgI9M/default.jpg)
![Cyber Security Demo for Industrial Control Systems](https://i.ytimg.com/vi/hh4fPUXYm5A/default.jpg)
![34C3 - MQA - A clever stealth DRM-Trojan](https://i.ytimg.com/vi/tGJ5eW-gBxA/default.jpg)
![Hack All The Things: 20 Devices in 45 Minutes](https://i.ytimg.com/vi/h5PRvBpLuJs/default.jpg)
![Using ALMD Instruction | HMI Scada Alarms in Studio 5000 V32 | FactoryTalk Site Edition Version 10](https://i.ytimg.com/vi/8pWjcjB13JA/default.jpg)
![I'm leaving Firefox, and this is the browser I picked...](https://i.ytimg.com/vi/DgFS1Do_1As/default.jpg)
![#HITBCyberWeek D2 LAB - Red Team Vs. Blue Team Exercises For ICS/SCADA Security](https://i.ytimg.com/vi/gS6OafiK0I0/default.jpg)
![35C3 - wallet.fail](https://i.ytimg.com/vi/Y1OBIGslgGM/default.jpg)
![30C3: Hacker Jeopardy (DE)](https://i.ytimg.com/vi/KnpK6vGaLuY/default.jpg)
![PLC Basics | Programmable Logic Controller](https://i.ytimg.com/vi/PbAGl_mv5XI/default.jpg)
![RustFest Barcelona - Florian Gilcher: async/await with async-std](https://i.ytimg.com/vi/L7X0vpAU-sU/default.jpg)
![Set up and configure a Moxa UC8100 Gateway to run an InTouch Edge HMI IIoT project](https://i.ytimg.com/vi/fTidYISEAEw/default.jpg)