SlideShare a Scribd company logo

nullcon 2011 - Exploiting SCADA Systems

Download as PPT, PDF
n|u - The Open Security Community
n|u - The Open Security Community

Exploiting SCADA Systems by Jeremy Brown

Technology
1 of 65
Exploiting SCADA Systems http://null.co.in/ http://nullcon.net/
http://null.co.in/ http://nullcon.net/
http://null.co.in/ http://nullcon.net/ Traditional SCADA Network Topology “ Control Systems Cyber Security: Defense in Depth Strategies”
http://null.co.in/ http://nullcon.net/
http://null.co.in/ http://nullcon.net/ As newer products compete to make SCADA systems intuitive and modern, you can see the number of attack vectors rise. Say hello to ScadaMobile.
http://null.co.in/ http://nullcon.net/
http://null.co.in/ http://nullcon.net/ Available at the App Store for only $2.99 (lite) and $74.99 for the full version
http://null.co.in/ http://nullcon.net/ So.. whats wrong?
http://null.co.in/ http://nullcon.net/ Security has been implemented as an add-on instead of being build around the product from the ground up
http://null.co.in/ http://nullcon.net/ http://www.matrikonopc.com/products/opc-data-management/opc-tunneller.aspx
http://null.co.in/ http://nullcon.net/ http://www.indusoft.com/blog/?p=159
http://null.co.in/ http://nullcon.net/ http://www.wateronline.com/product.mvc/ClearSCADA-SCADA-Management-Software-0002
http://null.co.in/ http://nullcon.net/ http://www.isagraf.com/pages/news/0905PR-KingfisherDNP3.htm
http://null.co.in/ http://nullcon.net/ Systems are typically installed for long term, and software upgrades may require new hardware
http://null.co.in/ http://nullcon.net/ Not to mention downtime, and nobody likes downtime. Depending on the product and the environment, just planning the patch process can be frustrating.
http://null.co.in/ http://nullcon.net/ Something somewhere is connected to something that is connected to the Internet
http://null.co.in/ http://nullcon.net/ And some things just are connected to the Internet...
http://null.co.in/ http://nullcon.net/ Courtesy of Shodan (www.shodanhq.com)
http://null.co.in/ http://nullcon.net/
http://null.co.in/ http://nullcon.net/
http://null.co.in/ http://nullcon.net/
http://null.co.in/ http://nullcon.net/ “ What really has to be done is better security around these systems and better, enforced security policies so the lack of patching does not matter.”
http://null.co.in/ http://nullcon.net/ Quoted from someone in the Control Systems Industry. This is the wrong way to view security. If this is what some people in the industry believe, it is no wonder why so many vulnerabilities still exist...
http://null.co.in/ http://nullcon.net/ No authentication? You've got problems.
http://null.co.in/ http://nullcon.net/
http://null.co.in/ http://nullcon.net/ What would you like to do?
http://null.co.in/ http://nullcon.net/ An exception has occurred. Server is entering safe mode...
http://null.co.in/ http://nullcon.net/ Oh, by the way, you no longer need credentials.
http://null.co.in/ http://nullcon.net/
http://null.co.in/ http://nullcon.net/ Vendors are not always “receptive” to vulnerability reports
http://null.co.in/ http://nullcon.net/ Favorite Quotes “ I'm not sure what this perl script is trying to do?” “ If the CSV file is edited manually then it may not parse correctly when it gets loaded.” “ From what I can see there is no security vulnerability in our product, if the CSV file is invalid then the application will not run correctly.” “ Hi Jeremy, thanks but please don't waste my time.” “ That sounds like a threat Jeremy, are you expecting me to pay you something?”
http://null.co.in/ http://nullcon.net/ Possible “Security Unaware” Vendor Q&A
http://null.co.in/ http://nullcon.net/ I found several security vulnerabilities in your products.....information..... .....time passes..... What are your plans regarding a patch?
http://null.co.in/ http://nullcon.net/ “ Product A isn't accessible from the Internet, so it's not vulnerable to attacks.” So if someone owns a workstation on the same subnet with an IE exploit, how vulnerable do you consider it now?
http://null.co.in/ http://nullcon.net/
http://null.co.in/ http://nullcon.net/ “ As long as you don't open untrusted files with Product AB, then the exploits can't harm the system.” “ Do you really want to risk the organization's security by trusting that someone won't open a file that could be found on the web, emailed, or dropped in a trusted location?”
http://null.co.in/ http://nullcon.net/
http://null.co.in/ http://nullcon.net/ “ Product ABC uses a complex, proprietary protocol to which it's documentation is only circulated internally.” What is to stop someone from using a packet sniffer and disassembler to analyze the protocol, figure out how it works, and spend some time researching how to exploit it?
http://null.co.in/ http://nullcon.net/
http://null.co.in/ http://nullcon.net/ Why is it important to audit SCADA software?
http://null.co.in/ http://nullcon.net/ Stuxnet used a Siemens WinCC Hard-coded Database Credentials Vulnerability How many other vendors do this?
http://null.co.in/ http://nullcon.net/ Kevin Finisterre
http://null.co.in/ http://nullcon.net/ “ If you outlaw SCADA exploits, only outlaws will have SCADA exploits.” KF in 2008 after releasing CitectSCADA vulnerability information http://www.exploit-db.com/papers/13028/
http://null.co.in/ http://nullcon.net/ If you find vulnerabilities in SCADA products, I suggest you work with ICS-CERT. They will contact vendors, help coordinate disclosure, and generally help the process go smoothly.
http://null.co.in/ http://nullcon.net/ MODBUS Fuzzing
http://null.co.in/ http://nullcon.net/
http://null.co.in/ http://nullcon.net/ Wait a few seconds...
http://null.co.in/ http://nullcon.net/
http://null.co.in/ http://nullcon.net/ “ Tunneller” Protocol
http://null.co.in/ http://nullcon.net/ Header Signature Length Trailer Body Client -> Server Connect Handshake Msg ID
http://null.co.in/ http://nullcon.net/ Session Handshake Server -> Client
http://null.co.in/ http://nullcon.net/ Continued Client -> Server Server -> Client
http://null.co.in/ http://nullcon.net/ Session Handshake Complete Client -> Server
http://null.co.in/ http://nullcon.net/
http://null.co.in/ http://nullcon.net/ Playing with lengths can be fun! Or not fun, or useful. Often time consuming and irritating actually. Literally be prepared to spend a lot of time chasing possibilities that aren't there. Just to, in the end, when you end up with another denial of service bug, wondering why you're still inside when its 8 in the evening. Maybe I should have listened to Dad and became a doctor, or a lawyer. Not only in SCADA protocols, but others too!
http://null.co.in/ http://nullcon.net/ Sploitware
http://null.co.in/ http://nullcon.net/ Just a small project of mine focused on SCADA and related software
http://null.co.in/ http://nullcon.net/ Can check systems for potentially vulnerable software, exploit vulnerabilities, lots of fun stuff
http://null.co.in/ http://nullcon.net/ DEMO!
http://null.co.in/ http://nullcon.net/ Recommendations
http://null.co.in/ http://nullcon.net/ Vendors... Try to break it before you ship it!
http://null.co.in/ http://nullcon.net/ (And check out TAOSSA)
http://null.co.in/ http://nullcon.net/ Clients... Do a security evaluation before you make the purchase.
http://null.co.in/ http://nullcon.net/ Because other people will.
http://null.co.in/ http://nullcon.net/ Thank you! jbrown at patchtuesday.org

Recommended

Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016bugcrowd
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuRob Ragan
 
sts-scanner_tutorial
sts-scanner_tutorialsts-scanner_tutorial
sts-scanner_tutorialtutorialsruby
 
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)Rob Fuller
 
Make profit with UI-Redressing attacks.
Make profit with UI-Redressing attacks.Make profit with UI-Redressing attacks.
Make profit with UI-Redressing attacks.n|u - The Open Security Community
 
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRFBe Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRFMark Stanton
 
Securing AEM webapps by hacking them
Securing AEM webapps by hacking themSecuring AEM webapps by hacking them
Securing AEM webapps by hacking themMikhail Egorov
 
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programsAEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programsMikhail Egorov
 

Recommended

Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016bugcrowd
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuRob Ragan
 
sts-scanner_tutorial
sts-scanner_tutorialsts-scanner_tutorial
sts-scanner_tutorialtutorialsruby
 
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)Rob Fuller
 
Make profit with UI-Redressing attacks.
Make profit with UI-Redressing attacks.Make profit with UI-Redressing attacks.
Make profit with UI-Redressing attacks.n|u - The Open Security Community
 
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRFBe Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRFMark Stanton
 
Securing AEM webapps by hacking them
Securing AEM webapps by hacking themSecuring AEM webapps by hacking them
Securing AEM webapps by hacking themMikhail Egorov
 
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programsAEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programsMikhail Egorov
 
What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.
What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.
What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.Mikhail Egorov
 
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...Garage4hackers.com
 
Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Rob Fuller
 
Building a social network in under 4 weeks with Serverless and GraphQL
Building a social network in under 4 weeks with Serverless and GraphQLBuilding a social network in under 4 weeks with Serverless and GraphQL
Building a social network in under 4 weeks with Serverless and GraphQLYan Cui
 
A Hacker's perspective on AEM applications security
A Hacker's perspective on AEM applications securityA Hacker's perspective on AEM applications security
A Hacker's perspective on AEM applications securityMikhail Egorov
 
Macdoored
MacdooredMacdoored
MacdooredShakacon
 
How to fix 504 Gateway Timeout Error on your WordPress Website?
How to fix 504 Gateway Timeout Error on your WordPress Website?How to fix 504 Gateway Timeout Error on your WordPress Website?
How to fix 504 Gateway Timeout Error on your WordPress Website?Anny Rathore
 
Owasp Wasc App Sec2007 San Jose Finding Vulnsin Flash Apps
Owasp Wasc App Sec2007 San Jose Finding Vulnsin Flash AppsOwasp Wasc App Sec2007 San Jose Finding Vulnsin Flash Apps
Owasp Wasc App Sec2007 San Jose Finding Vulnsin Flash Appsguestb0af15
 
Validating forms (and more) with the HTML5 pattern attribute
Validating forms (and more) with the HTML5 pattern attributeValidating forms (and more) with the HTML5 pattern attribute
Validating forms (and more) with the HTML5 pattern attributecliener
 
nullcon 2011 - Penetration Testing a Biometric System
nullcon 2011 - Penetration Testing a Biometric Systemnullcon 2011 - Penetration Testing a Biometric System
nullcon 2011 - Penetration Testing a Biometric Systemn|u - The Open Security Community
 
nullcon 2011 - Vulnerabilities and Malware: Statistics and Research for Malwa...
nullcon 2011 - Vulnerabilities and Malware: Statistics and Research for Malwa...nullcon 2011 - Vulnerabilities and Malware: Statistics and Research for Malwa...
nullcon 2011 - Vulnerabilities and Malware: Statistics and Research for Malwa...n|u - The Open Security Community
 
Teflon - Anti Stick for the browser attack surface
Teflon - Anti Stick for the browser attack surfaceTeflon - Anti Stick for the browser attack surface
Teflon - Anti Stick for the browser attack surfaceSaumil Shah
 
2600 av evasion_deuce
2600 av evasion_deuce2600 av evasion_deuce
2600 av evasion_deuceDb Cooper
 
Using wikto
Using wiktoUsing wikto
Using wiktoChandan Bagai, GWAPT, CEHv8, CCNA
 
sts-scanner_tutorial
sts-scanner_tutorialsts-scanner_tutorial
sts-scanner_tutorialtutorialsruby
 
Asynchronyin net
Asynchronyin netAsynchronyin net
Asynchronyin netSoacat Blogspot
 
Let's pwn a chinese web browser!
Let's pwn a chinese web browser!Let's pwn a chinese web browser!
Let's pwn a chinese web browser!Juho Nurminen
 
Modern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxModern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxC4Media
 
Kioptrix 2014 5
Kioptrix 2014 5Kioptrix 2014 5
Kioptrix 2014 5Jayesh Patel
 
Malware Analysis For The Enterprise
Malware Analysis For The EnterpriseMalware Analysis For The Enterprise
Malware Analysis For The EnterpriseJason Ross
 
Blockchain Hyperledger Lab
Blockchain Hyperledger LabBlockchain Hyperledger Lab
Blockchain Hyperledger LabDev_Events
 
Final ProjectFinal Project Details Description Given a spec.docx
Final ProjectFinal Project Details Description Given a spec.docxFinal ProjectFinal Project Details Description Given a spec.docx
Final ProjectFinal Project Details Description Given a spec.docxAKHIL969626
 

More Related Content

What's hot

What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.
What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.
What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.Mikhail Egorov
 
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...Garage4hackers.com
 
Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Rob Fuller
 
Building a social network in under 4 weeks with Serverless and GraphQL
Building a social network in under 4 weeks with Serverless and GraphQLBuilding a social network in under 4 weeks with Serverless and GraphQL
Building a social network in under 4 weeks with Serverless and GraphQLYan Cui
 
A Hacker's perspective on AEM applications security
A Hacker's perspective on AEM applications securityA Hacker's perspective on AEM applications security
A Hacker's perspective on AEM applications securityMikhail Egorov
 
How to fix 504 Gateway Timeout Error on your WordPress Website?
How to fix 504 Gateway Timeout Error on your WordPress Website?How to fix 504 Gateway Timeout Error on your WordPress Website?
How to fix 504 Gateway Timeout Error on your WordPress Website?Anny Rathore
 
Owasp Wasc App Sec2007 San Jose Finding Vulnsin Flash Apps
Owasp Wasc App Sec2007 San Jose Finding Vulnsin Flash AppsOwasp Wasc App Sec2007 San Jose Finding Vulnsin Flash Apps
Owasp Wasc App Sec2007 San Jose Finding Vulnsin Flash Appsguestb0af15
 
Validating forms (and more) with the HTML5 pattern attribute
Validating forms (and more) with the HTML5 pattern attributeValidating forms (and more) with the HTML5 pattern attribute
Validating forms (and more) with the HTML5 pattern attributecliener
 

What's hot (9)

What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.
What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.
What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.
 
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
 
Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014
 
Building a social network in under 4 weeks with Serverless and GraphQL
Building a social network in under 4 weeks with Serverless and GraphQLBuilding a social network in under 4 weeks with Serverless and GraphQL
Building a social network in under 4 weeks with Serverless and GraphQL
 
A Hacker's perspective on AEM applications security
A Hacker's perspective on AEM applications securityA Hacker's perspective on AEM applications security
A Hacker's perspective on AEM applications security
 
Macdoored
MacdooredMacdoored
Macdoored
 
How to fix 504 Gateway Timeout Error on your WordPress Website?
How to fix 504 Gateway Timeout Error on your WordPress Website?How to fix 504 Gateway Timeout Error on your WordPress Website?
How to fix 504 Gateway Timeout Error on your WordPress Website?
 
Owasp Wasc App Sec2007 San Jose Finding Vulnsin Flash Apps
Owasp Wasc App Sec2007 San Jose Finding Vulnsin Flash AppsOwasp Wasc App Sec2007 San Jose Finding Vulnsin Flash Apps
Owasp Wasc App Sec2007 San Jose Finding Vulnsin Flash Apps
 
Validating forms (and more) with the HTML5 pattern attribute
Validating forms (and more) with the HTML5 pattern attributeValidating forms (and more) with the HTML5 pattern attribute
Validating forms (and more) with the HTML5 pattern attribute
 

Similar to nullcon 2011 - Exploiting SCADA Systems

nullcon 2011 - Vulnerabilities and Malware: Statistics and Research for Malwa...
nullcon 2011 - Vulnerabilities and Malware: Statistics and Research for Malwa...nullcon 2011 - Vulnerabilities and Malware: Statistics and Research for Malwa...
nullcon 2011 - Vulnerabilities and Malware: Statistics and Research for Malwa...n|u - The Open Security Community
 
Teflon - Anti Stick for the browser attack surface
Teflon - Anti Stick for the browser attack surfaceTeflon - Anti Stick for the browser attack surface
Teflon - Anti Stick for the browser attack surfaceSaumil Shah
 
2600 av evasion_deuce
2600 av evasion_deuce2600 av evasion_deuce
2600 av evasion_deuceDb Cooper
 
sts-scanner_tutorial
sts-scanner_tutorialsts-scanner_tutorial
sts-scanner_tutorialtutorialsruby
 
Let's pwn a chinese web browser!
Let's pwn a chinese web browser!Let's pwn a chinese web browser!
Let's pwn a chinese web browser!Juho Nurminen
 
Modern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxModern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxC4Media
 
Malware Analysis For The Enterprise
Malware Analysis For The EnterpriseMalware Analysis For The Enterprise
Malware Analysis For The EnterpriseJason Ross
 
Blockchain Hyperledger Lab
Blockchain Hyperledger LabBlockchain Hyperledger Lab
Blockchain Hyperledger LabDev_Events
 
Final ProjectFinal Project Details Description Given a spec.docx
Final ProjectFinal Project Details Description Given a spec.docxFinal ProjectFinal Project Details Description Given a spec.docx
Final ProjectFinal Project Details Description Given a spec.docxAKHIL969626
 
Advanced security - Seccom Global
Advanced security - Seccom Global Advanced security - Seccom Global
Advanced security - Seccom Global Kim Tu
 
Spring Boot & Spring Cloud on PAS- Nate Schutta (2/2)
Spring Boot & Spring Cloud on PAS- Nate Schutta (2/2)Spring Boot & Spring Cloud on PAS- Nate Schutta (2/2)
Spring Boot & Spring Cloud on PAS- Nate Schutta (2/2)VMware Tanzu
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7Rapid7
 
Bounty bout 0x01 - WebRTC edition
Bounty bout 0x01 - WebRTC editionBounty bout 0x01 - WebRTC edition
Bounty bout 0x01 - WebRTC editionSandro Gauci
 
HTTP Security Headers - Devoxx UA 18
HTTP Security Headers - Devoxx UA 18HTTP Security Headers - Devoxx UA 18
HTTP Security Headers - Devoxx UA 18Tim De Grande
 
nullcon 2011 - No bullshit on underground crime: traces, trends, attribution,...
nullcon 2011 - No bullshit on underground crime: traces, trends, attribution,...nullcon 2011 - No bullshit on underground crime: traces, trends, attribution,...
nullcon 2011 - No bullshit on underground crime: traces, trends, attribution,...n|u - The Open Security Community
 

Similar to nullcon 2011 - Exploiting SCADA Systems (20)

nullcon 2011 - Penetration Testing a Biometric System
nullcon 2011 - Penetration Testing a Biometric Systemnullcon 2011 - Penetration Testing a Biometric System
nullcon 2011 - Penetration Testing a Biometric System
 
nullcon 2011 - Vulnerabilities and Malware: Statistics and Research for Malwa...
nullcon 2011 - Vulnerabilities and Malware: Statistics and Research for Malwa...nullcon 2011 - Vulnerabilities and Malware: Statistics and Research for Malwa...
nullcon 2011 - Vulnerabilities and Malware: Statistics and Research for Malwa...
 
Teflon - Anti Stick for the browser attack surface
Teflon - Anti Stick for the browser attack surfaceTeflon - Anti Stick for the browser attack surface
Teflon - Anti Stick for the browser attack surface
 
2600 av evasion_deuce
2600 av evasion_deuce2600 av evasion_deuce
2600 av evasion_deuce
 
Using wikto
Using wiktoUsing wikto
Using wikto
 
sts-scanner_tutorial
sts-scanner_tutorialsts-scanner_tutorial
sts-scanner_tutorial
 
Asynchronyin net
Asynchronyin netAsynchronyin net
Asynchronyin net
 
Let's pwn a chinese web browser!
Let's pwn a chinese web browser!Let's pwn a chinese web browser!
Let's pwn a chinese web browser!
 
Modern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxModern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a Fox
 
Kioptrix 2014 5
Kioptrix 2014 5Kioptrix 2014 5
Kioptrix 2014 5
 
Malware Analysis For The Enterprise
Malware Analysis For The EnterpriseMalware Analysis For The Enterprise
Malware Analysis For The Enterprise
 
Blockchain Hyperledger Lab
Blockchain Hyperledger LabBlockchain Hyperledger Lab
Blockchain Hyperledger Lab
 
Final ProjectFinal Project Details Description Given a spec.docx
Final ProjectFinal Project Details Description Given a spec.docxFinal ProjectFinal Project Details Description Given a spec.docx
Final ProjectFinal Project Details Description Given a spec.docx
 
Advanced security - Seccom Global
Advanced security - Seccom Global Advanced security - Seccom Global
Advanced security - Seccom Global
 
Spring Boot & Spring Cloud on PAS- Nate Schutta (2/2)
Spring Boot & Spring Cloud on PAS- Nate Schutta (2/2)Spring Boot & Spring Cloud on PAS- Nate Schutta (2/2)
Spring Boot & Spring Cloud on PAS- Nate Schutta (2/2)
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
 
Bounty bout 0x01 - WebRTC edition
Bounty bout 0x01 - WebRTC editionBounty bout 0x01 - WebRTC edition
Bounty bout 0x01 - WebRTC edition
 
News Bytes - May by corrupt
News Bytes - May by corruptNews Bytes - May by corrupt
News Bytes - May by corrupt
 
HTTP Security Headers - Devoxx UA 18
HTTP Security Headers - Devoxx UA 18HTTP Security Headers - Devoxx UA 18
HTTP Security Headers - Devoxx UA 18
 
nullcon 2011 - No bullshit on underground crime: traces, trends, attribution,...
nullcon 2011 - No bullshit on underground crime: traces, trends, attribution,...nullcon 2011 - No bullshit on underground crime: traces, trends, attribution,...
nullcon 2011 - No bullshit on underground crime: traces, trends, attribution,...
 

More from n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

More from n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Recently uploaded

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 

Recently uploaded (20)

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 

nullcon 2011 - Exploiting SCADA Systems

Editor's Notes

  1. http://nullcon.net/