Submit Search
Upload
DEF CON 24 - Gorenc Sands - hacker machine interface
•
0 likes
•
32 views
Felipe Prado
Follow
DEF CON 24 - Gorenc Sands - hacker machine interface
Read less
Read more
Technology
Report
Share
Report
Share
1 of 62
Download now
Download to read offline
Recommended
Targeted attacks on major industry sectores in south korea 20170927 cha minse...
Targeted attacks on major industry sectores in south korea 20170927 cha minse...
Minseok(Jacky) Cha
From stealing confidential data to revenue-generating attacks
From stealing confidential data to revenue-generating attacks
Minseok(Jacky) Cha
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
Hacks in Taiwan (HITCON)
Mitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo Nixu
Nixu Corporation
【HITCON Hackathon 2017】 TrendMicro Datasets
【HITCON Hackathon 2017】 TrendMicro Datasets
Hacks in Taiwan (HITCON)
Fighting malware - keeping your Intellectual Property safe
Fighting malware - keeping your Intellectual Property safe
Prayukth K V
Architecting cybersecurity to future proof smart cities against emerging cybe...
Architecting cybersecurity to future proof smart cities against emerging cybe...
NUS-ISS
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
PROIDEA
Recommended
Targeted attacks on major industry sectores in south korea 20170927 cha minse...
Targeted attacks on major industry sectores in south korea 20170927 cha minse...
Minseok(Jacky) Cha
From stealing confidential data to revenue-generating attacks
From stealing confidential data to revenue-generating attacks
Minseok(Jacky) Cha
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
Hacks in Taiwan (HITCON)
Mitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo Nixu
Nixu Corporation
【HITCON Hackathon 2017】 TrendMicro Datasets
【HITCON Hackathon 2017】 TrendMicro Datasets
Hacks in Taiwan (HITCON)
Fighting malware - keeping your Intellectual Property safe
Fighting malware - keeping your Intellectual Property safe
Prayukth K V
Architecting cybersecurity to future proof smart cities against emerging cybe...
Architecting cybersecurity to future proof smart cities against emerging cybe...
NUS-ISS
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
PROIDEA
Scaling ML-Based Threat Detection For Production Cyber Attacks
Scaling ML-Based Threat Detection For Production Cyber Attacks
Databricks
From Strategy To Tactics - Targeting And Protecting Privileged Accounts
From Strategy To Tactics - Targeting And Protecting Privileged Accounts
Lavi Lazarovitz
2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW
Sylvain Martinez
Threat detection-report-backoff-pos
Threat detection-report-backoff-pos
EMC
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic Menace
NowSecure
Evolución de la Ciber Seguridad
Evolución de la Ciber Seguridad
Cristian Garcia G.
Ransomware in targeted attacks
Ransomware in targeted attacks
Kaspersky
Q1 2016 Open Source Security Report: Glibc and Beyond
Q1 2016 Open Source Security Report: Glibc and Beyond
Black Duck by Synopsys
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
Suwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
How to assign a CVE to yourself?
How to assign a CVE to yourself?
Ramin Farajpour Cami
Global Cyber Threat Intelligence
Global Cyber Threat Intelligence
NTT Innovation Institute Inc.
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Raffael Marty
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response
Adrian Guthrie
Malware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response Technology
Adrian Guthrie
Case study cybersecurity industry birth and growth
Case study cybersecurity industry birth and growth
Mamoon Ismail Khalid
Insecure magazine - 52
Insecure magazine - 52
Felipe Prado
IRJET- Ethical Hacking Techniques and its Preventive Measures for Newbies
IRJET- Ethical Hacking Techniques and its Preventive Measures for Newbies
IRJET Journal
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Black Duck by Synopsys
Generación V de ciberataques
Generación V de ciberataques
Cristian Garcia G.
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
Cyber Security Alliance
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat Security Conference
GreyNoise - Mass Exploitation
GreyNoise - Mass Exploitation
Andrew Morris
More Related Content
What's hot
Scaling ML-Based Threat Detection For Production Cyber Attacks
Scaling ML-Based Threat Detection For Production Cyber Attacks
Databricks
From Strategy To Tactics - Targeting And Protecting Privileged Accounts
From Strategy To Tactics - Targeting And Protecting Privileged Accounts
Lavi Lazarovitz
2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW
Sylvain Martinez
Threat detection-report-backoff-pos
Threat detection-report-backoff-pos
EMC
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic Menace
NowSecure
Evolución de la Ciber Seguridad
Evolución de la Ciber Seguridad
Cristian Garcia G.
Ransomware in targeted attacks
Ransomware in targeted attacks
Kaspersky
Q1 2016 Open Source Security Report: Glibc and Beyond
Q1 2016 Open Source Security Report: Glibc and Beyond
Black Duck by Synopsys
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
Suwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
How to assign a CVE to yourself?
How to assign a CVE to yourself?
Ramin Farajpour Cami
What's hot
(10)
Scaling ML-Based Threat Detection For Production Cyber Attacks
Scaling ML-Based Threat Detection For Production Cyber Attacks
From Strategy To Tactics - Targeting And Protecting Privileged Accounts
From Strategy To Tactics - Targeting And Protecting Privileged Accounts
2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW
Threat detection-report-backoff-pos
Threat detection-report-backoff-pos
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Evolución de la Ciber Seguridad
Evolución de la Ciber Seguridad
Ransomware in targeted attacks
Ransomware in targeted attacks
Q1 2016 Open Source Security Report: Glibc and Beyond
Q1 2016 Open Source Security Report: Glibc and Beyond
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
How to assign a CVE to yourself?
How to assign a CVE to yourself?
Similar to DEF CON 24 - Gorenc Sands - hacker machine interface
Global Cyber Threat Intelligence
Global Cyber Threat Intelligence
NTT Innovation Institute Inc.
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Raffael Marty
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response
Adrian Guthrie
Malware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response Technology
Adrian Guthrie
Case study cybersecurity industry birth and growth
Case study cybersecurity industry birth and growth
Mamoon Ismail Khalid
Insecure magazine - 52
Insecure magazine - 52
Felipe Prado
IRJET- Ethical Hacking Techniques and its Preventive Measures for Newbies
IRJET- Ethical Hacking Techniques and its Preventive Measures for Newbies
IRJET Journal
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Black Duck by Synopsys
Generación V de ciberataques
Generación V de ciberataques
Cristian Garcia G.
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
Cyber Security Alliance
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat Security Conference
GreyNoise - Mass Exploitation
GreyNoise - Mass Exploitation
Andrew Morris
ifda financial attacks - Conférence ECW 2018 Rennes
ifda financial attacks - Conférence ECW 2018 Rennes
OPcyberland
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC Perspective
Positive Hack Days
Malware Analysis
Malware Analysis
Ramin Farajpour Cami
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Minseok(Jacky) Cha
Cyber security and attack analysis : how Cisco uses graph analytics
Cyber security and attack analysis : how Cisco uses graph analytics
Linkurious
Corporate threat vector and landscape
Corporate threat vector and landscape
yohansurya2
Level Up Your Security with Threat Intelligence
Level Up Your Security with Threat Intelligence
IBM Security
TrendMicro: 從雲到端,打造安全的物聯網
TrendMicro: 從雲到端,打造安全的物聯網
Amazon Web Services
Similar to DEF CON 24 - Gorenc Sands - hacker machine interface
(20)
Global Cyber Threat Intelligence
Global Cyber Threat Intelligence
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response Technology
Case study cybersecurity industry birth and growth
Case study cybersecurity industry birth and growth
Insecure magazine - 52
Insecure magazine - 52
IRJET- Ethical Hacking Techniques and its Preventive Measures for Newbies
IRJET- Ethical Hacking Techniques and its Preventive Measures for Newbies
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Generación V de ciberataques
Generación V de ciberataques
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
GreyNoise - Mass Exploitation
GreyNoise - Mass Exploitation
ifda financial attacks - Conférence ECW 2018 Rennes
ifda financial attacks - Conférence ECW 2018 Rennes
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC Perspective
Malware Analysis
Malware Analysis
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Cyber security and attack analysis : how Cisco uses graph analytics
Cyber security and attack analysis : how Cisco uses graph analytics
Corporate threat vector and landscape
Corporate threat vector and landscape
Level Up Your Security with Threat Intelligence
Level Up Your Security with Threat Intelligence
TrendMicro: 從雲到端,打造安全的物聯網
TrendMicro: 從雲到端,打造安全的物聯網
More from Felipe Prado
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
Felipe Prado
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
Felipe Prado
DEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got ants
Felipe Prado
DEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryption
Felipe Prado
DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101
Felipe Prado
DEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a government
Felipe Prado
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
Felipe Prado
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
Felipe Prado
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
Felipe Prado
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
Felipe Prado
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
Felipe Prado
DEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud security
Felipe Prado
DEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portals
Felipe Prado
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitch
Felipe Prado
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
Felipe Prado
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
Felipe Prado
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
Felipe Prado
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
Felipe Prado
DEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devices
Felipe Prado
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
Felipe Prado
More from Felipe Prado
(20)
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
Recently uploaded
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Hervé Boutemy
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Safe Software
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
Padma Pradeep
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Florian Wilhelm
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
SeasiaInfotech2
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
null - The Open Security Community
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Dubai Multi Commodity Centre
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
RankYa
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
Fwdays
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Lorenzo Miniero
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
ScyllaDB
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Mark Billinghurst
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Slibray Presentation
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Fwdays
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Kalema Edgar
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Rizwan Syed
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
Alex Barbosa Coqueiro
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Fwdays
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
hariprasad279825
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Stephanie Beckett
Recently uploaded
(20)
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
DEF CON 24 - Gorenc Sands - hacker machine interface
1.
Hacker'Machine,Interface, State,of,the,Union,for,SCADA,HMI,Vulnerabili:es,
2.
Copyright,2016,Trend,Micro,Inc.,2, Introduc:on,
3.
Copyright,2016,Trend,Micro,Inc.,3, Trend,Micro,Zero,Day,Ini:a:ve, • Fritz,Sands,',@FritzSands, – Security)Researcher)–)Zero)Day)Ini4a4ve) –
Root)cause)analysis)and)vulnerability)discovery) – Focused)on)SCADA)HMI)vulnerability)analysis) • Brian,Gorenc,',@maliciousinput, – Senior)Manager)?)Zero)Day)Ini4a4ve) – Root)cause)analysis)and)vulnerability)discovery) – Organizer)of)Pwn2Own)hacking)compe44ons)
4.
Copyright,2016,Trend,Micro,Inc.,4, SCADA,Industry,
5.
Copyright,2016,Trend,Micro,Inc.,5, Marketplace,Overview,, • Focused,on,ICS,equipment,sales,over,soTware,sales, • Ac:ve,merger,and,acquisi:on,ac:vity,, •
Highly,regionalized,,
6.
Copyright,2016,Trend,Micro,Inc.,6, What,is,the,Human,Machine,Interface?, • Main,hub,for,managing,and,opera:ng,control,systems, • Collects,data,from,the,control,systems, •
Presents,visualiza:on,of,the,system,architecture, • Alarms,operator/sends,no:fica:ons, • Should,be,operated,on,isolated,and,trusted,networks,
7.
Copyright,2016,Trend,Micro,Inc.,7, Why,target,the,Human,Machine,Interface?, • Control,the,targeted,cri:cal,infrastructure, • Harvest,informa:on,about,architecture, •
Disable,alarming,and,no:fica:on,systems, • Physically,damage,SCADA,equipment,
8.
Copyright,2016,Trend,Micro,Inc.,8, Malware,Targe:ng,HMI,Solu:ons, • Stuxnet, – First,malware,created,to,target,ICS,environments, –
Abused,HMI,vulnerabili:es, • Siemems,SIMATIC,STEP,7,DLL,Hijacking,Vulnerability,(ICSA'12'205'02), • Siemens,WinCC,Insecure,SQL,Server,Authen:ca:on,(ICSA'12'205'01), • ,BlackEnergy, – Ongoing,sophis:cated,malware,campaign,compromising,ICS,environments, – Abused,HMI,vulnerabili:es, • GE,CIMIPCITY,Path,Traversal,Vulnerabili:es,(ICSA'14'023'01), • Siemens,WinCC,Remote,Code,Execu:on,Vulnerabili:es,(ICSA'14'329'02D), • Advantech,WebAccess,(ICS'ALERT'14'281'01B),
9.
Copyright,2016,Trend,Micro,Inc.,9, ICS'CERT, • Organiza:on,within,Department,of,Homeland,Security, • Focuses,on:, –
Responding,to,and,analyzing,control,systems'related,incidents, – Conduc:ng,vulnerability,and,malware,analysis, – Providing,onsite,incident,response,services, – Coordina:ng,the,responsible,disclosure,of,vulnerabili:es,and, associated,mi:ga:ons, • For,2015,,ICS'CERT,responded,to,295,incidents,and,handled, 486,vulnerability,disclosures,
10.
Copyright,2016,Trend,Micro,Inc.,10, Cri:cal,Infrastructure,Ahacks,
11.
Copyright,2016,Trend,Micro,Inc.,11, Targe:ng,Water,U:li:es, • Compromised,internet'facing,AS/400,system,responsible,for:, – Network,rou:ng, –
Manipula:on,of,Programmable,Logic,Controllers,(PLC), – Management,of,customer,PII,and,billing,informa:on, • Altered,sejngs,related,to,water,flow,and,amount,of, chemicals,that,went,into,the,water,supply, • Four,separate,connec:ons,to,the,AS/400,over,a,60'day, period, • Actors,IP,:ed,to,previous,hack:vist,ac:vi:es,
12.
Copyright,2016,Trend,Micro,Inc.,12, Targe:ng,Power,Plants, • On,December,24,,2015,,Ukrainian,companies,experienced, unscheduled,power,outages,impac:ng,225,000+,customers., – Caused,by,external,malicious,actors, –
Mul:ple,coordinated,ahacks,within,30,minutes,of,each,other, • Used,remote,administra:on,tools,and/or,remote,industrial, control,system,(ICS),client,soTware,to,control,breakers., • Used,KillDisk,to,overwrite,Windows'based,human'machine, interface,system., – Disrupt,restora:on,efforts,
13.
Copyright,2016,Trend,Micro,Inc.,13, Targe:ng,Railway,and,Mining,Industry, • Malware,similar,to,the,power,incident,found,in,the,ahacks, against,a,Ukrainian,rail,and,a,Ukrainian,mining,company, – November,–,December,2015, •
Overlap,between,the,samples,found,in,the,Ukrainian,power, incident,and,those,apparently,used,against,the,Ukrainian, mining,company, – Malware,leveraged,(BlackEnergy/KillDisk), – Infrastructure, – Naming,Conven:ons,
14.
Copyright,2016,Trend,Micro,Inc.,14, Prevalent,Vulnerability,Types,
15.
Copyright,2016,Trend,Micro,Inc.,15, Current,State,of,HMI,Solu:ons, • Not,built,with,security,in,mind,, • Seen,no,benefit,of,the,evolu:on,of,the,secure,SDL, •
Mi:ga:ons,against,advanced,ahacks,are,disabled, • Poor,design/developer,assump:ons, • Lack,of,understanding,of,real,opera:ng,environment, – Not,on,isolated,or,trusted,networks, – Con:nually,being,interconnected,
16.
Copyright,2016,Trend,Micro,Inc.,16, Common,Problems,with,HMI, Memory,Corrup:on, Creden:al,Management, Insecure,Default, Authen:ca:on/Authoriza:on, Injec:on, Other, Source:,2015'2016,ICS'CERT,Advisories,,
17.
Copyright,2016,Trend,Micro,Inc.,17, Memory,Corrup:on, • 20%,of,iden:fied,vulnerabili:es, • Common,vulnerability,types, –
Stack'based,Buffer,Overflow, – Heap'based,Buffer,Overflow, – Out'of'bounds,Read/Write, • Zero,Day,Ini:a:ve,case,study, – Advantech,WebAccess,webvrpcs,Service, BwOpcSvc.dll,WindowName,, sprinq,Stack'Based,Buffer,Overflow, Remote,Code,Execu:on,Vulnerability,
18.
Copyright,2016,Trend,Micro,Inc.,18, , Advantech,WebAccess,Case,Study, • ICS'CERT,states:, – “There,are,many,instances,where,the,buffer,on,the,stack,can,be, overwrihen”, •
Iden:fiers, – CVE'2016'0856, – ZDI'16'048, – ICSA'16'014'01, • CVSS, – 9.3, • Disclosure,Timeline,, – 2015–09–17,',Reported,to,vendor,, 2016–02–05,–,Coordinated,release, • Credit, – Discovered,by:,Anonymous, – Disclosed,by:,Zero,Day,Ini:a:ve,
19.
Copyright,2016,Trend,Micro,Inc.,19, , Advantech,WebAccess,HMI,Solu:on,
20.
Copyright,2016,Trend,Micro,Inc.,20, Remotely,Accessible,Services,, • Launches,a,service,,webvrpcs.exe,,in,the,context,of,a,local, administra:ve,users, • Services,listens,on,TCP,port,4592,,by,default,,and,may,be, accessed,over,an,RPC'based,protocol, •
Applica:on,interface,is,structured,to,resemble,the,Windows, Device,IoControl,func:on, – Each,func:on,contains,a,field,similar,to,an,IOCTL,
21.
Copyright,2016,Trend,Micro,Inc.,21, Prototype,of,RPC,func:on,
22.
Copyright,2016,Trend,Micro,Inc.,22, IOCTL,0x0001388B, • Inside,BwOpcSvc.dll,(which,is,loaded,into,webvrpc.exe),, rou:ne,with,an,exported,entry,name,of,BwSvcFunc:on, which,processes,a,number,of,entry,points,,using,a,jump, table., • Flaw,exists,within,the,implementa:on,of,IOCTL,0x0001388B,, •
Stack'based,buffer,overflow,exists,in,a,call,to,sprinq,using, WindowsName,parameter,
23.
Copyright,2016,Trend,Micro,Inc.,23, Vulnerable,Code,
24.
Copyright,2016,Trend,Micro,Inc.,24, Stack,Layout,
25.
Copyright,2016,Trend,Micro,Inc.,25, Applica:on,Crash,
26.
Copyright,2016,Trend,Micro,Inc.,26, Exploita:on,Demo,
27.
Copyright,2016,Trend,Micro,Inc.,27, Patch,Analysis, • _sprinq,is,in,the,list,of,MicrosoT,banned,APIs,list, – First,published,in,2007, –
hhps://msdn.microsoT.com/en'us/library/bb288454.aspx,,,, • Advantech,should,implement,MicrosoT,banned,APIs,and, remove,all,of,them,from,shipping,code, • What,did,they,do…,
28.
Copyright,2016,Trend,Micro,Inc.,28, Patch,Analysis, • WindowName,field,in,the,stack,buffer,is,0x80,bytes, • _snprinq,Length,parameter,is,0x7f,bytes,
29.
Copyright,2016,Trend,Micro,Inc.,29, Variant,Analysis, 1. ZDI'16'049,',Advantech,WebAccess,webvrpcs,Service,BwOpcSvc.dll,WindowName,sprinq,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 2. ZDI'16'050,',Advantech,WebAccess,webvrpcs,Service,BwOpcSvc.dll,WindowName,sprinq,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 3.
ZDI'16'051,',Advantech,WebAccess,webvrpcs,Service,BwOpcSvc.dll,WindowName,sprinq,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 4. ZDI'16'052,',Advantech,WebAccess,webvrpcs,Service,BwOpcSvc.dll,sprinq,Uncontrolled,Format,String,Remote,Code,Execu:on,Vulnerability, 5. ZDI'16'053,',Advantech,WebAccess,webvrpcs,Service,BwBASScdDl.dll,TargetHost,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 6. ZDI'16'054,',Advantech,WebAccess,webvrpcs,Service,WaDBS.dll,TagName,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 7. ZDI'16'055,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,sprinq,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 8. ZDI'16'056,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,sprinq,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 9. ZDI'16'057,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,ProjectName,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 10. ZDI'16'058,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,ProjectName,strcpy,Globals,Overflow,Remote,Code,Execu:on,Vulnerability, 11. ZDI'16'059,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,ProjectName,strcat,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 12. ZDI'16'060,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,HostName/ProjectName/NodeName,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 13. ZDI'16'061,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,sprinq,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 14. ZDI'16'062,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,ProjectName/NodeName,sprinq,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 15. ZDI'16'063,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 16. ZDI'16'064,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,strcpy,Heap'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 17. ZDI'16'065,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,strcpy,Heap'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 18. ZDI'16'066,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,strcpy,Heap'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 19. ZDI'16'067,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,Backup,RPC,Hostname,strcpy,Heap'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 20. ZDI'16'068,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,strcpy,Heap'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 21. ZDI'16'069,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,NewPointValue,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 22. ZDI'16'070,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,Primary,RPC,Hostname,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 23. ZDI'16'071,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 24. ZDI'16'072,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,Backup,RPC,Hostname,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability,
30.
Copyright,2016,Trend,Micro,Inc.,30, Variant,Analysis, 25. ZDI'16'073,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,memcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 26. ZDI'16'074,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,memcpy,Globals,Overflow,Remote,Code,Execu:on,Vulnerability, 27.
ZDI'16'075,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,memcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 28. ZDI'16'076,',Advantech,WebAccess,webvrpcs,Service,ViewSrv.dll,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 29. ZDI'16'077,',Advantech,WebAccess,webvrpcs,Service,ViewSrv.dll,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 30. ZDI'16'078,',Advantech,WebAccess,webvrpcs,Service,ViewSrv.dll,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 31. ZDI'16'079,',Advantech,WebAccess,webvrpcs,Service,ViewSrv.dll,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 32. ZDI'16'080,',Advantech,WebAccess,webvrpcs,Service,ViewSrv.dll,TagName,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 33. ZDI'16'081,',Advantech,WebAccess,webvrpcs,Service,BwKrlApi.dll,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 34. ZDI'16'082,',Advantech,WebAccess,webvrpcs,Service,ViewSrv.dll,Path,BwBuildPath,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 35. ZDI'16'083,',Advantech,WebAccess,webvrpcs,Service,ViewSrv.dll,Path,BwBuildPath,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 36. ZDI'16'084,',Advantech,WebAccess,webvrpcs,Service,ViewSrv.dll,Path,BwBuildPath,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 37. ZDI'16'085,',Advantech,WebAccess,webvrpcs,Service,ViewSrv.dll,Path,BwBuildPath,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 38. ZDI'16'086,',Advantech,WebAccess,webvrpcs,Service,BwKrlApi.dll,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 39. ZDI'16'087,',Advantech,WebAccess,webvrpcs,Service,BwKrlApi.dll,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 40. ZDI'16'088,',Advantech,WebAccess,webvrpcs,Service,BwKrlApi.dll,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 41. ZDI'16'089,',Advantech,WebAccess,webvrpcs,Service,BwKrlApi.dll,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 42. ZDI'16'090,',Advantech,WebAccess,webvrpcs,Service,BwKrlApi.dll,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 43. ZDI'16'091,',Advantech,WebAccess,webvrpcs,Service,BwKrlApi.dll,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 44. ZDI'16'092,',Advantech,WebAccess,webvrpcs,Service,BwKrlApi.dll,Path,BwBuildPath,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 45. ZDI'16'093,',Advantech,WebAccess,webvrpcs,Service,DrawSrv.dll,Path,BwBuildPath,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 46. ZDI'16'094,',Advantech,WebAccess,webvrpcs,Service,DrawSrv.dll,Path,BwBuildPath,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 47. ZDI'16'095,',Advantech,WebAccess,webvrpcs,Service,DrawSrv.dll,TagGroup,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 48. ZDI'16'096,',Advantech,WebAccess,webvrpcs,Service,ViewDll.dll,TagGroup,strcat,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability,
31.
Copyright,2016,Trend,Micro,Inc.,31, Variant,Analysis, 49. ZDI'16'097,',Advantech,WebAccess,webvrpcs,Service,ViewDll.dll,TagGroup,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 50. ZDI'16'099,',Advantech,WebAccess,webvrpcs,Service,DrawSrv.dll,TagGroup,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 51.
ZDI'16'100,',Advantech,WebAccess,webvrpcs,Service,DrawSrv.dll,TagGroup,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 52. ZDI'16'101,',Advantech,WebAccess,datacore,Service,datacore.exe,Path,strcat,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 53. ZDI'16'102,',Advantech,WebAccess,datacore,Service,datacore.exe,Path,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 54. ZDI'16'103,',Advantech,WebAccess,datacore,Service,datacore.exe,Path,strcat,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 55. ZDI'16'104,',Advantech,WebAccess,datacore,Service,datacore.exe,ExtDataSize,Integer,Overflow,Remote,Code,Execu:on,Vulnerability, 56. ZDI'16'105,',Advantech,WebAccess,datacore,Service,datacore.exe,strcpy,Shared,Virtual,Memory,Overflow,Remote,Code,Execu:on,Vulnerability, 57. ZDI'16'106,',Advantech,WebAccess,datacore,Service,datacore.exe,sprinq,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 58. ZDI'16'107,',Advantech,WebAccess,datacore,Service,datacore.exe,strcpy,Heap'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 59. ZDI'16'108,',Advantech,WebAccess,datacore,Service,datacore.exe,Username,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 60. ZDI'16'109,',Advantech,WebAccess,datacore,Service,datacore.exe,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 61. ZDI'16'110,',Advantech,WebAccess,datacore,Service,datacore.exe,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 62. ZDI'16'111,',Advantech,WebAccess,datacore,Service,datacore.exe,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 63. ZDI'16'112,',Advantech,WebAccess,datacore,Service,datacore.exe,Username,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 64. ZDI'16'113,',Advantech,WebAccess,datacore,Service,datacore.exe,Username,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 65. ZDI'16'114,',Advantech,WebAccess,datacore,Service,datacore.exe,Username,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 66. ZDI'16'115,',Advantech,WebAccess,datacore,Service,datacore.exe,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 67. ZDI'16'116,',Advantech,WebAccess,datacore,Service,datacore.exe,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 68. ZDI'16'117,',Advantech,WebAccess,datacore,Service,datacore.exe,Username,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 69. ZDI'16'118,',Advantech,WebAccess,datacore,Service,datacore.exe,strncpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 70. ZDI'16'119,',Advantech,WebAccess,datacore,Service,datacore.exe,AlarmMessage,strcpy,Heap'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 71. ZDI'16'120,',Advantech,WebAccess,datacore,Service,datacore.exe,AlarmMessage,sprinq,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 72. ZDI'16'121,',Advantech,WebAccess,datacore,Service,datacore.exe,AlarmMessage,strcpy,Heap'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability,
32.
Copyright,2016,Trend,Micro,Inc.,32, Creden:al,Management, • 19%,of,iden:fied,vulnerabili:es, • Common,vulnerability,types, –
Use,of,Hard'coded,Creden:als, – Storing,Passwords,in,a,Recoverable, Format, – Insufficiently,Protected,Creden:als, • Zero,Day,Ini:a:ve,case,study, – GE,MDS,PulseNET,Hidden,Support,Account, Remote,Code,Execu:on,Vulnerability, ,
33.
Copyright,2016,Trend,Micro,Inc.,33, , GE,MDS,PulseNET,Case,Study, • ICS'CERT,states:, – “The,affected,products,contain,a,hard'coded,support,account,with, full,privileges.”, •
Iden:fiers, – CVE'2015'6456, – ZDI'15'440, – ICSA'15'258'03, • CVSS, – 9.0, • Disclosure,Timeline,, – 2015–05–14,',Reported,to,vendor,, 2015–09–16,–,Coordinated,release, • Credit, – Discovered,by:,Andrea,Micalizzi,(rgod), Disclosed,by:,Zero,Day,Ini:a:ve,
34.
Copyright,2016,Trend,Micro,Inc.,34, User,Management,Panel,
35.
Copyright,2016,Trend,Micro,Inc.,35, Actual,User,Database,
36.
Copyright,2016,Trend,Micro,Inc.,36, Undocumented,ge_support,Account, • Exists,in,the,sec_user,table)by)default) • Password,for,this,account:, –
<![HDATA[MD5$8af7e0cd2c76d2faa98b71f8ca7923f9, – “Pu1seNET”, • Account,offers,full,privileges,
37.
Copyright,2016,Trend,Micro,Inc.,37, Insecure,Default, • 12%,of,iden:fied,vulnerabili:es, • Common,vulnerability,types, –
Cleartext,Transmission,of,Sensi:ve,, Informa:on, – Missing,Encryp:on,of,Sensi:ve, – Unsafe,Ac:veX,Control,Marked, Safe,For,Scrip:ng, • Zero,Day,Ini:a:ve,case,study, – Seimens,Case,Study,
38.
Copyright,2016,Trend,Micro,Inc.,38, 0'day,Vulnerability,Case,Study, • Vulnerability,details,will,be,disclosed,during,the,talk,at,the, DEF,CON,conference, • Expected,to,patch,the,week,before,the,conference, •
If,it,is,not,patched,,we,will,release,the,details,publically,in, accordance,with,the,Zero,Day,Ini:a:ve,Vulnerability, Disclosure,Policy,
39.
Copyright,2016,Trend,Micro,Inc.,39, Authen:ca:on/Authoriza:on, • 12%,of,iden:fied,vulnerabili:es, • Common,vulnerability,types, –
Authen:ca:on,Bypass,Issues, – Improper,Access,Control, – Improper,Privilege,Management, – Improper,Authen:ca:on, • Zero,Day,Ini:a:ve,case,study, – Advantech,WebAccess,Case,Study,
40.
Copyright,2016,Trend,Micro,Inc.,40, 0'day,Vulnerability,Case,Study, • Vulnerability,details,will,be,disclosed,during,the,talk,at,the, DEF,CON,conference, • Expected,to,patch,before,the,conference, •
If,it,is,not,patched,,we,will,release,the,details,publically,in, accordance,with,the,Zero,Day,Ini:a:ve,Vulnerability, Disclosure,Policy,
41.
Copyright,2016,Trend,Micro,Inc.,41, Injec:ons, • 9%,of,iden:fied,vulnerabili:es, • Common,vulnerability,types, –
SQL,Injec:on, – Code,Injec:on,, – OS,Command,Injec:on, – Command,Injec:on, • Zero,Day,Ini:a:ve,case,study, – Cogent,DataHub,Gamma, Command,Injec:on, Remote,Code,Execu:on,Vulnerability,
42.
Copyright,2016,Trend,Micro,Inc.,42, , Cogent,DataHub,Case,Study, • ICS'CERT,states:, – “allow,an,ahacker,to,turn,on,an,insecure,processing,mode,in,the, web,server,,which,subsequently,allows,the,ahacker,to,send, arbitrary,script,commands,to,the,server”, •
Iden:fiers, – CVE'2015'3789, – ZDI'15'438, – ICSA–15–246–01, • CVSS, – 7.5, • Disclosure,Timeline,, – 2015–06–02,',Reported,to,vendor,, 2015–09–08,–,Coordinated,release, • Credit, – Discovered,by:,Anonymous, – Disclosed,by:,Zero,Day,Ini:a:ve,
43.
Copyright,2016,Trend,Micro,Inc.,43, , Cogent,DataHub,Overview,
44.
Copyright,2016,Trend,Micro,Inc.,44, Gamma,Script,Overview, • Gamma,is,DataHub’s,scrip:ng,language, • Dynamically'typed,interpreted,programming,language, specifically,designed,to,allow,rapid,development,of,control, and,user,interface,applica:ons, •
Gamma,has,a,syntax,similar,to,C,and,C++,,but,has,a,range,of, built'in,features,that,make,it,a,far,beher,language,for, developing,sophis:cated,real':me,systems,
45.
Copyright,2016,Trend,Micro,Inc.,45, Ahacker'Supplied,Script,Evalua:on, • Flaw,exists,within,the,EvalExpresssion,method, – Allows,for,execu:on,of,ahacker,controlled,code, •
Remotely,accessible,through,the,AJAX,facility, – Listening,on,TCP,port,80,, • Supplying,a,specially,formahed,Gamma,script,allows,for,the, execu:on,of,arbitrary,OS,commands,
46.
Copyright,2016,Trend,Micro,Inc.,46, Vulnerable,Code,
47.
Copyright,2016,Trend,Micro,Inc.,47, Exploita:on,Steps, 1. Send,a,request,to,any,Gamma,script,to,load,necessary, libraries, 2. Call,AJAXSupport.AllowExpressions,and,set, allow_any_expression,to,True,, 3.
Call,AJAXSupport.EvalExpression,method,and,pass,in,the, script,that,you,want,executed,
48.
Copyright,2016,Trend,Micro,Inc.,48, Exploita:on,Demo,
49.
Copyright,2016,Trend,Micro,Inc.,49, Patch,Analysis,
50.
Copyright,2016,Trend,Micro,Inc.,50, Researcher,Guidance,,
51.
Copyright,2016,Trend,Micro,Inc.,51, Basic,Fuzzing, • Simple,bit'flipping,fuzzing,is,highly,effec:ve,against,HMI, – Look,for,new,file,associa:ons,during,installa:ons, •
Don’t,forget,to,enable,page,heap,to,find,heap,corrup:on, – gflags.exe,/i,hmi.exe,+hpa,+ust, • Leverage,exis:ng,tools,and,frameworks, – radamsa, – sqlmap,
52.
Copyright,2016,Trend,Micro,Inc.,52, MicrosoT’s,Ahack,Surface,Analyzer, • Released,in,2012, • Creates,snapshots,before,and,aTer,installa:on, •
Highlights,security,misconfigura:ons, – Registry,sejngs,and,file,permissions, • Provides,a,list,of,auditable,system,modifica:ons, – COM,objects, – Ac:veX,controls, – File,associa:ons, – RPC,endpoints,
53.
Copyright,2016,Trend,Micro,Inc.,53, Ahack,Surface,Analyzer,Report,
54.
Copyright,2016,Trend,Micro,Inc.,54, Ahack,Surface,Analyzer,Report,
55.
Copyright,2016,Trend,Micro,Inc.,55, Audit,for,Banned,APIs, • C,run:me,has,many,APIs,with,serious,security,programs, • MicrosoT,banned,use,of,problema:c,C,library,func:ons, –
“The,Security,Development,Lifecycle”,(MicrosoT,,2006), – Security,Development,Lifecycle,Banned,Func:on,Calls,, hhps://msdn.microsoT.com/en'us/library/bb288454.aspx, • Depressingly,common,in,HMI,code,,with,predictable, nega:ve,impacts, • IDA,is,extremely,valuable,tool,for,audi:ng,for,inappropriate, uses,,
56.
Copyright,2016,Trend,Micro,Inc.,56, Disclosure,Sta:s:cs,
57.
Copyright,2016,Trend,Micro,Inc.,57, Vulnerability,Exposure,Windows, 0, 20, 40, 60, 80, 100, 120, 140, 160, 180, 2013, 2014, 2015,
2016,
58.
Copyright,2016,Trend,Micro,Inc.,58, Vendor,Response,Times, 0, 50, 100, 150, 200, 250, ABB, Advantech, Codesys,
Cogent, Real'Time, Systems, Ecava, GE, Honeywell, IndusoT, MICROSYS, PTC, Rockwell, Automa:on, Schneider, Electric, Tibbo, Trihedral, Engineering, Ltd, Unitronics, WellinTech,
59.
Copyright,2016,Trend,Micro,Inc.,59, Industry,by,Industry,Comparison, 0, 20, 40, 60, 80, 100, 120, 140, 160, 180, 200, Business, Highly'Deployed, SCADA,
Security,
60.
Copyright,2016,Trend,Micro,Inc.,60, Conclusions,
61.
Copyright,2016,Trend,Micro,Inc.,61, Go,find,bugs!, • ICS'focused,malware,ac:vely,exploi:ng,HMI,vulnerabili:es, • HMI,codebases,plagued,with,cri:cal,vulnerabili:es, •
Simple,techniques,can,be,used,to,find,vulnerabili:es, • Exposure,windows,is,~150,days,leaving,cri:cal, infrastructure,vulnerable,
62.
Copyright,2016,Trend,Micro,Inc.,62, Ques:ons?, , , , , , www.zerodayini:a:ve.com, @thezdi,
Download now