SlideShare uma empresa Scribd logo

A Stuxnet for Mainframes

Cheryl Biswas
Cheryl Biswas

You say SCADA, I say … mainframes. There are some remarkable - and scary - parallels between the worlds of SCADA ICS and mainframes. Each system is critical to our lives. Their worlds are insular, proprietary, and seemingly shut-off to everyone else. Except for when they aren’t. Extrapolate the future of security for mainframes based on the challenges and failures of SCADA ICS as it has evolved from sequestered to connected. SCADA serves as a cautionary tale for securing mainframes against acts of God, nature and man in this scenario of a Stuxnet for Mainframes.

Tecnologia
1 de 83
Baixar para ler offline
A STUXNET FOR MAINFRAMES
Cheryl Biswas • Security researcher/analyst Threat Intel • APTs, Mainframes, ICS SCADA, Shadow IT, StarTrek • BSidesLV, Circle City, BSidesT0, SecTor, Hackfest, TiaraCon • https://whitehatcheryl.wordpress.com • Twitter: @3ncr1pt3d DISCLAIMER: The views represented here are solely her own and not those of her employers, past or present. 11/4/2016@3ncr1pt3d A Stuxnet For Mainframes
HEAD IN THE SAND DEFENCE
YOU SAY SCADA WE SAY … MAINFRAMES
MOM!! THE INTERNET IS BROKEN
INTRO In the beginning There were mainframes And it was good.
Then came Scada. And it was good too.
CONGRATULATIONS! IT’S A ... PLC
BUT THEN CAME ...
WHAT IS SCADA
I CAN’T LIVE ... IF LIVING IS WITHOUT YOU
DOES NOT PLAY WELL WITH OTHERS
WHAT ARE MAINFRAMES?
MAINFRAMES … RIGHT?
THESE ARE NOT THE MAINFRAMES YOU’RE LOOKING FOR
THIS AIN’T YOUR GRANDMA’S MAINFRAME
MAINFRAMES - BUILT TO LAST • High Availability • Longevity • Virtualization • The ability to offload to separate engines • Backward compatibility with older software • Massive Throughput https://en.wikipedia.org/wiki/Mainframe_computer
@3ncr1pt3d A Stuxnet For Mainframes 11/4/2016
SCADA MAINFRAME ❏ Culture ❏ Security Approach ❏ Perceptions ❏ Built to Last ❏ Closed off ❏ Does not play well with others ❏ Culture ❏ Security Approach ❏ Perceptions ❏ Built to Last ❏ Closed off ❏ Does not play well with others
Innovation Disruption Would you like some security with that?
SECURITY BASICS WE KEEP GETTING WRONG ❏ Passwords ❏ Encryption ❏ Access ❏ Patching http://blog.senr.io/blog/unique-snowfla kes-or-ubiquitous-tech-the-truth-behind -the-industrial-internet-of-things-iiot
ICS / SCADA - WHAT HAVE WE LEARNED?
"NONE OF OUR SCADA OR ICS EQUIPMENT IS ACCESSIBLE FROM THE INTERNET." O RLY?
PROJECT SHINE 1,000,000 SCADA ICS DEVICES FOUND ONLINE
SCADA ATTACK VECTORS
SCADA ATTACKS Malicious Trojan http://www.risidata.com/Database
SCADA ATTACKS Stolen equipment http://www.risidata.com/Database
SCADA ATTACKS Social Engineering http://www.risidata.com/Database
SCADA - JUMPING AIR GAPS • Designed for underwater communication • Near ultrasonic frequency • Remote key logging for multiple hops http://www.jocm.us/index.php?m=content&c=index&a=show&c atid=124&id=600
MAINFRAMES & SCADA - THE LINKS • Similar in Culture • Lack of security • Perceived as secure • “Air Gapped” • “See no evil” – cuz you don’t see it if you aren’t looking
BUT IT’S AIR GAPPED “Mainframe modernization or exposing the classic system of record data to new services means that the data is no longer isolated on the mainframe – the world is now “unknown, unknown.” We have lost sight and control of where the data is going the minute we try to harness mainframe data for other purposes than batch or transaction applications.” zOS Expert
MAINFRAME - LACK OF ATTACK DATA Because … What you don’t see won’t hurt you
CULTURE http://mainframed767.tumblr.com/post/79167015212/please-dont -post-on-mainframe-forums?is_related_post=1
MAINFRAME EXPLOIT RESEARCH
MAINFRAME - EXPLOIT RESEARCH Bigendiansmalls https://www.bigendiansmalls.com/category/security/exploit-develop ment/
MAINFRAME - NMAP Can now detect Mainframe ports Mainframe banners are not static More accessible to others for hacking http://mainframed767.tumblr.com/post/132669411918/mainframes-a nd-nmap-together-at-last http://mainframed767.tumblr.com/post/47105571997/nmap-script-to -grab-mainframe-screens
MAINFRAMES - BIND SHELLCODE Mainframe assembler EBCDIC to ASCII converter Connect with NetCat https://www.bigendiansmalls.com/mainframe-bind-shell-source-code / ASCII TO EBCDIC ASCII TO EBCDIC EBCDIC TO ASCII
LETS GET TECHNICAL
MAINFRAMES - STACK BUT DIFFERENT ▪Mainframe prologue creates Dynamic Storage Area ▪Points to next free byte on the stack used ▪Does not subtract from ESP to allocate space ▪Register used as a stack pointer ▪Not forced to do so. https://www.bigendiansmalls.com/smashing-the-zos-le-daisy-chain-for-fun-and cease-and-desist-letters-guest-post-2/
ALLOCATION OF MEMORY - FUNCTION PROLOGUE 0x8012343 0x8012344 Function Called 0x8012345 - SFP IP EBP MAIN()ESP EBP SFPESP +
ALLOCATION MEMORY - FUNCTION PROLOGUE 0x8012345 0x8012344 Function Called IP Allocated Memory EBP -28ESPMAIN() FUNCTIO N() SFPESP +
ALLOCATION MEMORY - FUNCTION EPILOGUIE IP EBP MAIN()ESP EBP SFP ESP + SFP
ALLOCATION MEMORY - DSA PROLOGUE 0x8012345 0x8012344 Function “Called” IP Dynamic Storage Area MAIN() Pointer to original DS DSA NOT STACK Save Area
Not gonna happen HOW TO EXPLOIT - STRING EXPLOITATION != WINAlways aware of length StringStringStringStrin gString Length StringStringStrin gStri Length https://www.bigendiansmalls.com/smashing-the-zos-le-daisy-chain-for-fun-an d-cease-and-desist-letters-guest-post-2/ AAAAAAAAAA
MAINFRAMES - UNIQUE TO EXPLOIT S0C1 Exception http://mainframed767.tumblr.com/post/136886215917/guest-post-jan-cannaerts-smashing-the-zo s-le AAAAAAAAAAAAAAA AAAAAA Memory containing Data OPCODES OPCODE does not exist No size checking AAAAA AAA Overflow causes execution to branch to another memory location
MAINFRAMES - UNIQUE TO EXPLOIT S0C1 Exception http://mainframed767.tumblr.com/post/136886215917/guest-post-jan-cannaerts-smashing-the-zo s-le DSA Level 0 DSA 1 Returns to DS 0 DSA Level 0 DSA 2 DSA Level 1 Register 14 = RP
MAINFRAMES - UNIQUE TO EXPLOIT Globally addressed arrays S0C1 Exception http://mainframed767.tumblr.com/post/136886215917/guest-post-jan-cannaerts-smashing-the-zo s-le DSA Level 0 DSA 2DSA Level 1 Register 14 = RP DSA 2DSA 1 DSA 3 Procedure returns to Level 1 Actually executes code in DSA2
MAINFRAMES - INSECURITY OF MEMORY Memory not more secure than Windows or Unix. No “DEP” No strict ASLR http://mainframed767.tumblr.com/post/136886215917/guest-post-jan-cannaerts-smashing-the-zo s-le
ACCESSIBLE TO YOU!
FTP EXPLOIT EXPLOIT/MAINFRAME/FTP/FTP_JCL_CREDS
MAINFRAME - FIRST METASPLOIT MODULE Poorly configured FTP server. FTP -> Shell https://www.bigendiansmalls.com/a-logical-first-step/
FTP METASPLOIT MODULE ARCH_CMD Executes a command, or uses a command to give a shell Platform: Mainframe Uses the Mainframe payloads of metasploit Target Automatic Only works with IBM FTP CS V.R. Requires Credentials Credentials allow a file to be uploaded Debugging enabled Can enable Verbose and FTPdebug https://www.bigendiansmalls.com/a-logical-first-step/ https://www.rapid7.com/db/modules/exploit/mainframe/ftp/
FTP METASPLOIT MODULE Checks Banner If banner correct, logs in and uploads file File is uploaded as JOB & executes https://www.bigendiansmalls.com/a-logical-first-step/@3ncr1pt3d A Stuxnet For Mainframes 11/4/2016
GENERIC JCL TEST FOR MAINFRAME EXPLOITS This can be used as a template for other JCL based payloads https://www.rapid7.com/db/modules/payload/cmd/mainframe/generic_j clhttps://www.bigendiansmalls.com/a-logical-first-step/
Z/OS (MVS) COMMAND SHELL, REVERSE TCP Creates a reverse shell.This implementation does not include ebcdic character translation, so a client with translation capabilities is required. MSF handles this automatically. https://www.rapid7.com/db/modules/exploit/mainframe/ftp/ft p_jcl_creds https://www.bigendiansmalls.com/mainframe-bind-shell-sourc
GENERIC COMMAND SHELL Connect back to attacker and spawn a command shell
HOW THE MIGHTY FALL
BIGENDIAN POC 11/4/2016@3ncr1pt3d A Stuxnet For Mainframes
STUXNET - SCADA
SCADA - STUXNET • Air Gap bypass • APT • C2 • Self erasing • Specific to system it wants • Nation State
SCADA -THE THREAT IS REAL • Dec 2015 Powergrid attack in Ukraine • March 2016 Ransomware hits US power company in Michigan • June 2016 Irongate Targetted ICS malware in testing stage
CRYSTAL BALL GAZING
We’re here to say history doesn’t need to repeat itself. Especially not when we know how dire the outcome could be. Scada gives us the lessons we need to learn from and apply to mainframe security. The question now is - will we do it?
THE KEYS TO THE KINGDOM ▪ Obtain Domain admin level creds ▪ Gain a copy of NTDS.dit for Kerberos golden tickets to move freely ▪ Identify the back up and recovery systems, including DRP ▪ Identify the critical data and services. Mission critical ▪ Identify messaging servers ▪ Find and compromise application distribution platforms
HOW TO GET YOUR FEET WET Researchers to Research • https://www.bigendiansmalls.com/ • http://mainframed767.tumblr.com/ • Mainframe Assembly • locallyhttp://www.cbttape.org/ftp/asmbook/alnv200.pdf
HOW TO GET YOUR FEET WET • Virtualization software to play • http://www.bsp-gmbh.com/turnkey/ • http://mvs380.sourceforge.net/ • https://www.tripwire.com/state-of-security/security-data-protection/cyber-secur ity/mainframe-insecuritites-or-hack-the-gibson-no-really/

Recomendados

Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1Byres Security Inc.
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackAjinkya Nikam
 
Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723Iftach Ian Amit
 
I Heart Stuxnet
I Heart StuxnetI Heart Stuxnet
I Heart StuxnetGil Megidish
 
Stuxnet - Case Study
Stuxnet - Case StudyStuxnet - Case Study
Stuxnet - Case StudyAmr Thabet
 
Stuxnet
StuxnetStuxnet
Stuxnetbueno buono good
 
Stuxnet worm
Stuxnet wormStuxnet worm
Stuxnet wormsommerville-videos
 
Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Byres Security Inc.
 

Recomendados

Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1Byres Security Inc.
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackAjinkya Nikam
 
Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723Iftach Ian Amit
 
I Heart Stuxnet
I Heart StuxnetI Heart Stuxnet
I Heart StuxnetGil Megidish
 
Stuxnet - Case Study
Stuxnet - Case StudyStuxnet - Case Study
Stuxnet - Case StudyAmr Thabet
 
Stuxnet
StuxnetStuxnet
Stuxnetbueno buono good
 
Stuxnet worm
Stuxnet wormStuxnet worm
Stuxnet wormsommerville-videos
 
Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Byres Security Inc.
 
The World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetThe World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetSean Xie
 
Stuxnet - More then a virus.
Stuxnet - More then a virus.Stuxnet - More then a virus.
Stuxnet - More then a virus.Hardeep Bhurji
 
Stuxnet flame
Stuxnet flameStuxnet flame
Stuxnet flameSantosh Khadsare
 
Stuxnet
StuxnetStuxnet
StuxnetSymantec
 
How stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systemsHow stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systemsYury Chemerkin
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)INSIGHT FORENSIC
 
Hacker bootcamp
Hacker bootcampHacker bootcamp
Hacker bootcampGregory Hanis
 
Building HMI with VB Tutorial [1998]
Building HMI with VB Tutorial [1998]Building HMI with VB Tutorial [1998]
Building HMI with VB Tutorial [1998]Sarod Paichayonrittha
 
Malware freak show
Malware freak showMalware freak show
Malware freak showsr1nu
 
Troopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUFTroopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUFTamas K Lengyel
 
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)BlueHat Security Conference
 
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...CanSecWest
 
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, IntelXPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, IntelThe Linux Foundation
 
Cloud Security with LibVMI
Cloud Security with LibVMICloud Security with LibVMI
Cloud Security with LibVMITamas K Lengyel
 
Integrated Tools in OSSIM
Integrated Tools in OSSIMIntegrated Tools in OSSIM
Integrated Tools in OSSIMAlienVault
 
Offline attacks-and-hard-disk-encription
Offline attacks-and-hard-disk-encriptionOffline attacks-and-hard-disk-encription
Offline attacks-and-hard-disk-encriptionmalvvv
 
Malware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware VirtualizationMalware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware VirtualizationTamas K Lengyel
 
Linux Security
Linux SecurityLinux Security
Linux Securitynayakslideshare
 
31c3 Presentation - Virtual Machine Introspection
31c3 Presentation - Virtual Machine Introspection31c3 Presentation - Virtual Machine Introspection
31c3 Presentation - Virtual Machine IntrospectionTamas K Lengyel
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar Santhosh Kumar
 
Duqu: il nuovo Stuxnet?
Duqu: il nuovo Stuxnet?Duqu: il nuovo Stuxnet?
Duqu: il nuovo Stuxnet?Symantec Italia
 
The Stuxnet Virus FINAL
The Stuxnet Virus FINALThe Stuxnet Virus FINAL
The Stuxnet Virus FINALNicholas Poole
 

Mais conteúdo relacionado

Mais procurados

The World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetThe World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetSean Xie
 
Stuxnet - More then a virus.
Stuxnet - More then a virus.Stuxnet - More then a virus.
Stuxnet - More then a virus.Hardeep Bhurji
 
How stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systemsHow stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systemsYury Chemerkin
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)INSIGHT FORENSIC
 
Building HMI with VB Tutorial [1998]
Building HMI with VB Tutorial [1998]Building HMI with VB Tutorial [1998]
Building HMI with VB Tutorial [1998]Sarod Paichayonrittha
 
Malware freak show
Malware freak showMalware freak show
Malware freak showsr1nu
 
Troopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUFTroopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUFTamas K Lengyel
 
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)BlueHat Security Conference
 
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...CanSecWest
 
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, IntelXPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, IntelThe Linux Foundation
 
Cloud Security with LibVMI
Cloud Security with LibVMICloud Security with LibVMI
Cloud Security with LibVMITamas K Lengyel
 
Integrated Tools in OSSIM
Integrated Tools in OSSIMIntegrated Tools in OSSIM
Integrated Tools in OSSIMAlienVault
 
Offline attacks-and-hard-disk-encription
Offline attacks-and-hard-disk-encriptionOffline attacks-and-hard-disk-encription
Offline attacks-and-hard-disk-encriptionmalvvv
 
Malware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware VirtualizationMalware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware VirtualizationTamas K Lengyel
 
31c3 Presentation - Virtual Machine Introspection
31c3 Presentation - Virtual Machine Introspection31c3 Presentation - Virtual Machine Introspection
31c3 Presentation - Virtual Machine IntrospectionTamas K Lengyel
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar Santhosh Kumar
 

Mais procurados (20)

The World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetThe World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - Stuxnet
 
Stuxnet - More then a virus.
Stuxnet - More then a virus.Stuxnet - More then a virus.
Stuxnet - More then a virus.
 
Stuxnet flame
Stuxnet flameStuxnet flame
Stuxnet flame
 
Stuxnet
StuxnetStuxnet
Stuxnet
 
How stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systemsHow stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systems
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
 
Hacker bootcamp
Hacker bootcampHacker bootcamp
Hacker bootcamp
 
Building HMI with VB Tutorial [1998]
Building HMI with VB Tutorial [1998]Building HMI with VB Tutorial [1998]
Building HMI with VB Tutorial [1998]
 
Malware freak show
Malware freak showMalware freak show
Malware freak show
 
Troopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUFTroopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUF
 
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
 
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
 
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, IntelXPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
 
Cloud Security with LibVMI
Cloud Security with LibVMICloud Security with LibVMI
Cloud Security with LibVMI
 
Integrated Tools in OSSIM
Integrated Tools in OSSIMIntegrated Tools in OSSIM
Integrated Tools in OSSIM
 
Offline attacks-and-hard-disk-encription
Offline attacks-and-hard-disk-encriptionOffline attacks-and-hard-disk-encription
Offline attacks-and-hard-disk-encription
 
Malware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware VirtualizationMalware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware Virtualization
 
Linux Security
Linux SecurityLinux Security
Linux Security
 
31c3 Presentation - Virtual Machine Introspection
31c3 Presentation - Virtual Machine Introspection31c3 Presentation - Virtual Machine Introspection
31c3 Presentation - Virtual Machine Introspection
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
 

Destaque

The Stuxnet Virus FINAL
The Stuxnet Virus FINALThe Stuxnet Virus FINAL
The Stuxnet Virus FINALNicholas Poole
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)INSIGHT FORENSIC
 
Cours CyberSécurité - Concepts Clés
Cours CyberSécurité - Concepts ClésCours CyberSécurité - Concepts Clés
Cours CyberSécurité - Concepts ClésFranck Franchin
 
Sécurité des systèmes d'information
Sécurité des systèmes d'informationSécurité des systèmes d'information
Sécurité des systèmes d'informationFranck Franchin
 
La securité informatique - Etat des Lieux - Nov. 2016
La securité informatique - Etat des Lieux - Nov. 2016La securité informatique - Etat des Lieux - Nov. 2016
La securité informatique - Etat des Lieux - Nov. 2016Olivier DUPONT
 
Sécurité informatique
Sécurité informatiqueSécurité informatique
Sécurité informatiqueoussama Hafid
 

Destaque (9)

Duqu: il nuovo Stuxnet?
Duqu: il nuovo Stuxnet?Duqu: il nuovo Stuxnet?
Duqu: il nuovo Stuxnet?
 
The Stuxnet Virus FINAL
The Stuxnet Virus FINALThe Stuxnet Virus FINAL
The Stuxnet Virus FINAL
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
 
Cours CyberSécurité - Concepts Clés
Cours CyberSécurité - Concepts ClésCours CyberSécurité - Concepts Clés
Cours CyberSécurité - Concepts Clés
 
Sécurité des systèmes d'information
Sécurité des systèmes d'informationSécurité des systèmes d'information
Sécurité des systèmes d'information
 
Cyber Sécurité : Connaître son adversaire pour mieux parer les attaques
Cyber Sécurité : Connaître son adversaire pour mieux parer les attaquesCyber Sécurité : Connaître son adversaire pour mieux parer les attaques
Cyber Sécurité : Connaître son adversaire pour mieux parer les attaques
 
Principes de bon sens pour une gouvernance cyber sécurité efficiente
Principes de bon sens pour une gouvernance cyber sécurité efficientePrincipes de bon sens pour une gouvernance cyber sécurité efficiente
Principes de bon sens pour une gouvernance cyber sécurité efficiente
 
La securité informatique - Etat des Lieux - Nov. 2016
La securité informatique - Etat des Lieux - Nov. 2016La securité informatique - Etat des Lieux - Nov. 2016
La securité informatique - Etat des Lieux - Nov. 2016
 
Sécurité informatique
Sécurité informatiqueSécurité informatique
Sécurité informatique
 

Semelhante a A Stuxnet for Mainframes

Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...arnaudsoullie
 
OT Security - h-c0n 2020
OT Security - h-c0n 2020OT Security - h-c0n 2020
OT Security - h-c0n 2020Jose Palanco
 
IoT exploitation: from memory corruption to code execution by Marco Romano
IoT exploitation: from memory corruption to code execution by Marco RomanoIoT exploitation: from memory corruption to code execution by Marco Romano
IoT exploitation: from memory corruption to code execution by Marco RomanoCodemotion
 
IoT exploitation: from memory corruption to code execution - Marco Romano - C...
IoT exploitation: from memory corruption to code execution - Marco Romano - C...IoT exploitation: from memory corruption to code execution - Marco Romano - C...
IoT exploitation: from memory corruption to code execution - Marco Romano - C...Codemotion
 
SCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имяSCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имяEkaterina Melnik
 
SCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the NameSCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the NamePositive Hack Days
 
Stop expecting magic fairy dust: Make apps secure by design
Stop expecting magic fairy dust: Make apps secure by designStop expecting magic fairy dust: Make apps secure by design
Stop expecting magic fairy dust: Make apps secure by designPatrick Walsh
 
Drupal Camp Atlanta 2011 - Drupal Security
Drupal Camp Atlanta 2011 - Drupal SecurityDrupal Camp Atlanta 2011 - Drupal Security
Drupal Camp Atlanta 2011 - Drupal SecurityMediacurrent
 
How We Learned To Love The Data Center Operating System
How We Learned To Love The Data Center Operating SystemHow We Learned To Love The Data Center Operating System
How We Learned To Love The Data Center Operating Systemsaulius_vl
 
Attacking SCADA systems: Story Of SCADASTRANGELOVE
Attacking SCADA systems: Story Of SCADASTRANGELOVEAttacking SCADA systems: Story Of SCADASTRANGELOVE
Attacking SCADA systems: Story Of SCADASTRANGELOVEAleksandr Timorin
 
Drupal Camp Bristol 2017 - Website insecurity
Drupal Camp Bristol 2017 - Website insecurityDrupal Camp Bristol 2017 - Website insecurity
Drupal Camp Bristol 2017 - Website insecurityGeorge Boobyer
 
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey GordeychikCODE BLUE
 
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summerDEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summerFelipe Prado
 
D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsD1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsqqlan
 
Fire & Ice: Making and Breaking macOS Firewalls
Fire & Ice: Making and Breaking macOS FirewallsFire & Ice: Making and Breaking macOS Firewalls
Fire & Ice: Making and Breaking macOS FirewallsPriyanka Aash
 
Deep submicron-backdoors-ortega-syscan-2014-slides
Deep submicron-backdoors-ortega-syscan-2014-slidesDeep submicron-backdoors-ortega-syscan-2014-slides
Deep submicron-backdoors-ortega-syscan-2014-slidesortegaalfredo
 
Black ops of tcp2005 japan
Black ops of tcp2005 japanBlack ops of tcp2005 japan
Black ops of tcp2005 japanDan Kaminsky
 
Order vs. Mad Science: Analyzing Black Hat Swarm Intelligence
Order vs. Mad Science: Analyzing Black Hat Swarm IntelligenceOrder vs. Mad Science: Analyzing Black Hat Swarm Intelligence
Order vs. Mad Science: Analyzing Black Hat Swarm IntelligencePriyanka Aash
 
Securing Rails
Securing RailsSecuring Rails
Securing RailsAlex Payne
 
Rv defcon25 keeping an eye on mobile applications - mikhail sosonkin
Rv defcon25 keeping an eye on mobile applications - mikhail sosonkinRv defcon25 keeping an eye on mobile applications - mikhail sosonkin
Rv defcon25 keeping an eye on mobile applications - mikhail sosonkinreconvillage
 

Semelhante a A Stuxnet for Mainframes (20)

Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
 
OT Security - h-c0n 2020
OT Security - h-c0n 2020OT Security - h-c0n 2020
OT Security - h-c0n 2020
 
IoT exploitation: from memory corruption to code execution by Marco Romano
IoT exploitation: from memory corruption to code execution by Marco RomanoIoT exploitation: from memory corruption to code execution by Marco Romano
IoT exploitation: from memory corruption to code execution by Marco Romano
 
IoT exploitation: from memory corruption to code execution - Marco Romano - C...
IoT exploitation: from memory corruption to code execution - Marco Romano - C...IoT exploitation: from memory corruption to code execution - Marco Romano - C...
IoT exploitation: from memory corruption to code execution - Marco Romano - C...
 
SCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имяSCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имя
 
SCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the NameSCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the Name
 
Stop expecting magic fairy dust: Make apps secure by design
Stop expecting magic fairy dust: Make apps secure by designStop expecting magic fairy dust: Make apps secure by design
Stop expecting magic fairy dust: Make apps secure by design
 
Drupal Camp Atlanta 2011 - Drupal Security
Drupal Camp Atlanta 2011 - Drupal SecurityDrupal Camp Atlanta 2011 - Drupal Security
Drupal Camp Atlanta 2011 - Drupal Security
 
How We Learned To Love The Data Center Operating System
How We Learned To Love The Data Center Operating SystemHow We Learned To Love The Data Center Operating System
How We Learned To Love The Data Center Operating System
 
Attacking SCADA systems: Story Of SCADASTRANGELOVE
Attacking SCADA systems: Story Of SCADASTRANGELOVEAttacking SCADA systems: Story Of SCADASTRANGELOVE
Attacking SCADA systems: Story Of SCADASTRANGELOVE
 
Drupal Camp Bristol 2017 - Website insecurity
Drupal Camp Bristol 2017 - Website insecurityDrupal Camp Bristol 2017 - Website insecurity
Drupal Camp Bristol 2017 - Website insecurity
 
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
 
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summerDEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
 
D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsD1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via sms
 
Fire & Ice: Making and Breaking macOS Firewalls
Fire & Ice: Making and Breaking macOS FirewallsFire & Ice: Making and Breaking macOS Firewalls
Fire & Ice: Making and Breaking macOS Firewalls
 
Deep submicron-backdoors-ortega-syscan-2014-slides
Deep submicron-backdoors-ortega-syscan-2014-slidesDeep submicron-backdoors-ortega-syscan-2014-slides
Deep submicron-backdoors-ortega-syscan-2014-slides
 
Black ops of tcp2005 japan
Black ops of tcp2005 japanBlack ops of tcp2005 japan
Black ops of tcp2005 japan
 
Order vs. Mad Science: Analyzing Black Hat Swarm Intelligence
Order vs. Mad Science: Analyzing Black Hat Swarm IntelligenceOrder vs. Mad Science: Analyzing Black Hat Swarm Intelligence
Order vs. Mad Science: Analyzing Black Hat Swarm Intelligence
 
Securing Rails
Securing RailsSecuring Rails
Securing Rails
 
Rv defcon25 keeping an eye on mobile applications - mikhail sosonkin
Rv defcon25 keeping an eye on mobile applications - mikhail sosonkinRv defcon25 keeping an eye on mobile applications - mikhail sosonkin
Rv defcon25 keeping an eye on mobile applications - mikhail sosonkin
 

Último

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 

Último (20)

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 

A Stuxnet for Mainframes

  • 1. A STUXNET FOR MAINFRAMES
  • 2. Cheryl Biswas • Security researcher/analyst Threat Intel • APTs, Mainframes, ICS SCADA, Shadow IT, StarTrek • BSidesLV, Circle City, BSidesT0, SecTor, Hackfest, TiaraCon • https://whitehatcheryl.wordpress.com • Twitter: @3ncr1pt3d DISCLAIMER: The views represented here are solely her own and not those of her employers, past or present. 11/4/2016@3ncr1pt3d A Stuxnet For Mainframes
  • 3. HEAD IN THE SAND DEFENCE
  • 4. YOU SAY SCADA WE SAY … MAINFRAMES
  • 5. MOM!! THE INTERNET IS BROKEN
  • 6. INTRO In the beginning There were mainframes And it was good.
  • 7. Then came Scada. And it was good too.
  • 11. I CAN’T LIVE ... IF LIVING IS WITHOUT YOU
  • 12.
  • 16. THESE ARE NOT THE MAINFRAMES YOU’RE LOOKING FOR
  • 17. THIS AIN’T YOUR GRANDMA’S MAINFRAME
  • 18. MAINFRAMES - BUILT TO LAST • High Availability • Longevity • Virtualization • The ability to offload to separate engines • Backward compatibility with older software • Massive Throughput https://en.wikipedia.org/wiki/Mainframe_computer
  • 19. @3ncr1pt3d A Stuxnet For Mainframes 11/4/2016
  • 20.
  • 21. SCADA MAINFRAME ❏ Culture ❏ Security Approach ❏ Perceptions ❏ Built to Last ❏ Closed off ❏ Does not play well with others ❏ Culture ❏ Security Approach ❏ Perceptions ❏ Built to Last ❏ Closed off ❏ Does not play well with others
  • 22.
  • 23.
  • 24. Innovation Disruption Would you like some security with that?
  • 25. SECURITY BASICS WE KEEP GETTING WRONG ❏ Passwords ❏ Encryption ❏ Access ❏ Patching http://blog.senr.io/blog/unique-snowfla kes-or-ubiquitous-tech-the-truth-behind -the-industrial-internet-of-things-iiot
  • 26. ICS / SCADA - WHAT HAVE WE LEARNED?
  • 27. "NONE OF OUR SCADA OR ICS EQUIPMENT IS ACCESSIBLE FROM THE INTERNET." O RLY?
  • 29.
  • 30.
  • 31.
  • 36. SCADA - JUMPING AIR GAPS • Designed for underwater communication • Near ultrasonic frequency • Remote key logging for multiple hops http://www.jocm.us/index.php?m=content&c=index&a=show&c atid=124&id=600
  • 37.
  • 38. MAINFRAMES & SCADA - THE LINKS • Similar in Culture • Lack of security • Perceived as secure • “Air Gapped” • “See no evil” – cuz you don’t see it if you aren’t looking
  • 39.
  • 40. BUT IT’S AIR GAPPED “Mainframe modernization or exposing the classic system of record data to new services means that the data is no longer isolated on the mainframe – the world is now “unknown, unknown.” We have lost sight and control of where the data is going the minute we try to harness mainframe data for other purposes than batch or transaction applications.” zOS Expert
  • 41. MAINFRAME - LACK OF ATTACK DATA Because … What you don’t see won’t hurt you
  • 43.
  • 45. MAINFRAME - EXPLOIT RESEARCH Bigendiansmalls https://www.bigendiansmalls.com/category/security/exploit-develop ment/
  • 46. MAINFRAME - NMAP Can now detect Mainframe ports Mainframe banners are not static More accessible to others for hacking http://mainframed767.tumblr.com/post/132669411918/mainframes-a nd-nmap-together-at-last http://mainframed767.tumblr.com/post/47105571997/nmap-script-to -grab-mainframe-screens
  • 47. MAINFRAMES - BIND SHELLCODE Mainframe assembler EBCDIC to ASCII converter Connect with NetCat https://www.bigendiansmalls.com/mainframe-bind-shell-source-code / ASCII TO EBCDIC ASCII TO EBCDIC EBCDIC TO ASCII
  • 49. MAINFRAMES - STACK BUT DIFFERENT ▪Mainframe prologue creates Dynamic Storage Area ▪Points to next free byte on the stack used ▪Does not subtract from ESP to allocate space ▪Register used as a stack pointer ▪Not forced to do so. https://www.bigendiansmalls.com/smashing-the-zos-le-daisy-chain-for-fun-and cease-and-desist-letters-guest-post-2/
  • 50. ALLOCATION OF MEMORY - FUNCTION PROLOGUE 0x8012343 0x8012344 Function Called 0x8012345 - SFP IP EBP MAIN()ESP EBP SFPESP +
  • 51. ALLOCATION MEMORY - FUNCTION PROLOGUE 0x8012345 0x8012344 Function Called IP Allocated Memory EBP -28ESPMAIN() FUNCTIO N() SFPESP +
  • 52. ALLOCATION MEMORY - FUNCTION EPILOGUIE IP EBP MAIN()ESP EBP SFP ESP + SFP
  • 53. ALLOCATION MEMORY - DSA PROLOGUE 0x8012345 0x8012344 Function “Called” IP Dynamic Storage Area MAIN() Pointer to original DS DSA NOT STACK Save Area
  • 54. Not gonna happen HOW TO EXPLOIT - STRING EXPLOITATION != WINAlways aware of length StringStringStringStrin gString Length StringStringStrin gStri Length https://www.bigendiansmalls.com/smashing-the-zos-le-daisy-chain-for-fun-an d-cease-and-desist-letters-guest-post-2/ AAAAAAAAAA
  • 55. MAINFRAMES - UNIQUE TO EXPLOIT S0C1 Exception http://mainframed767.tumblr.com/post/136886215917/guest-post-jan-cannaerts-smashing-the-zo s-le AAAAAAAAAAAAAAA AAAAAA Memory containing Data OPCODES OPCODE does not exist No size checking AAAAA AAA Overflow causes execution to branch to another memory location
  • 56. MAINFRAMES - UNIQUE TO EXPLOIT S0C1 Exception http://mainframed767.tumblr.com/post/136886215917/guest-post-jan-cannaerts-smashing-the-zo s-le DSA Level 0 DSA 1 Returns to DS 0 DSA Level 0 DSA 2 DSA Level 1 Register 14 = RP
  • 57. MAINFRAMES - UNIQUE TO EXPLOIT Globally addressed arrays S0C1 Exception http://mainframed767.tumblr.com/post/136886215917/guest-post-jan-cannaerts-smashing-the-zo s-le DSA Level 0 DSA 2DSA Level 1 Register 14 = RP DSA 2DSA 1 DSA 3 Procedure returns to Level 1 Actually executes code in DSA2
  • 58. MAINFRAMES - INSECURITY OF MEMORY Memory not more secure than Windows or Unix. No “DEP” No strict ASLR http://mainframed767.tumblr.com/post/136886215917/guest-post-jan-cannaerts-smashing-the-zo s-le
  • 61. MAINFRAME - FIRST METASPLOIT MODULE Poorly configured FTP server. FTP -> Shell https://www.bigendiansmalls.com/a-logical-first-step/
  • 62. FTP METASPLOIT MODULE ARCH_CMD Executes a command, or uses a command to give a shell Platform: Mainframe Uses the Mainframe payloads of metasploit Target Automatic Only works with IBM FTP CS V.R. Requires Credentials Credentials allow a file to be uploaded Debugging enabled Can enable Verbose and FTPdebug https://www.bigendiansmalls.com/a-logical-first-step/ https://www.rapid7.com/db/modules/exploit/mainframe/ftp/
  • 63. FTP METASPLOIT MODULE Checks Banner If banner correct, logs in and uploads file File is uploaded as JOB & executes https://www.bigendiansmalls.com/a-logical-first-step/@3ncr1pt3d A Stuxnet For Mainframes 11/4/2016
  • 64. GENERIC JCL TEST FOR MAINFRAME EXPLOITS This can be used as a template for other JCL based payloads https://www.rapid7.com/db/modules/payload/cmd/mainframe/generic_j clhttps://www.bigendiansmalls.com/a-logical-first-step/
  • 65. Z/OS (MVS) COMMAND SHELL, REVERSE TCP Creates a reverse shell.This implementation does not include ebcdic character translation, so a client with translation capabilities is required. MSF handles this automatically. https://www.rapid7.com/db/modules/exploit/mainframe/ftp/ft p_jcl_creds https://www.bigendiansmalls.com/mainframe-bind-shell-sourc
  • 66. GENERIC COMMAND SHELL Connect back to attacker and spawn a command shell
  • 68. BIGENDIAN POC 11/4/2016@3ncr1pt3d A Stuxnet For Mainframes
  • 70.
  • 71.
  • 72. SCADA - STUXNET • Air Gap bypass • APT • C2 • Self erasing • Specific to system it wants • Nation State
  • 73. SCADA -THE THREAT IS REAL • Dec 2015 Powergrid attack in Ukraine • March 2016 Ransomware hits US power company in Michigan • June 2016 Irongate Targetted ICS malware in testing stage
  • 75. We’re here to say history doesn’t need to repeat itself. Especially not when we know how dire the outcome could be. Scada gives us the lessons we need to learn from and apply to mainframe security. The question now is - will we do it?
  • 76.
  • 77.
  • 78.
  • 79. THE KEYS TO THE KINGDOM ▪ Obtain Domain admin level creds ▪ Gain a copy of NTDS.dit for Kerberos golden tickets to move freely ▪ Identify the back up and recovery systems, including DRP ▪ Identify the critical data and services. Mission critical ▪ Identify messaging servers ▪ Find and compromise application distribution platforms
  • 80.
  • 81.
  • 82. HOW TO GET YOUR FEET WET Researchers to Research • https://www.bigendiansmalls.com/ • http://mainframed767.tumblr.com/ • Mainframe Assembly • locallyhttp://www.cbttape.org/ftp/asmbook/alnv200.pdf
  • 83. HOW TO GET YOUR FEET WET • Virtualization software to play • http://www.bsp-gmbh.com/turnkey/ • http://mvs380.sourceforge.net/ • https://www.tripwire.com/state-of-security/security-data-protection/cyber-secur ity/mainframe-insecuritites-or-hack-the-gibson-no-really/