Hacking Critical Infrastructure Like You’re Not a N00b

•

0 likes•670 views

This presentation is targeted towards an audience that already understands how to compromise the embedded systems that run a process and now is looking at manipulating the physics of the process itself. In as much as time allows, it will cover all the things necessary to accomplish more than exercising the automatic shutdown logic of a process. (Source: RSA USA 2016-San Francisco)

Technology

#RSAC
Jason Larsen
Hacking Critical Infrastructure
Like You’re Not a N00b
HT-F03
CyberSecurity Researcher
IOActive

#RSAC
I just got a shell on the control system, now what?

#RSAC
Hazard Mitigations
Nearly every hazard will have some mitigation
Just because there is a mitigation, doesn’t mean that mitigation
is effective
There is always a strong pressure to declare a problem solved

#RSAC
Let’s Make Some Moonshine
Moonshine tastes awful! Burn it instead!

#RSAC
Easy Button Attacks
• At S4 Reid Wightman described one such attack…..
• Variable frequency drives have skip frequencies to
stop the VFD from operating at a resonant
frequency
• The engineer has already calculated the exact
VFD frequency that is a problem
• Easy button attacks are great if they happen to line
up with what you want to achieve
What if there is no easy button?

#RSAC
Possible Weaponization Strategies
Flaming pool of death
Flaming inferno of death
Steam Collapse

#RSAC
Point Database
• The attacker will need to extract the point database
• This is a toy process so it only has 22 points

#RSAC
Processes aren’t vulnerable all the time

#RSAC
Learning phase
Extracted
“runs”
Believable noise
Spoofed sensor signal

#RSAC
Vacuum Breaker - Move Along
Steam Transfer
Temperature/Pressure
Builds

#RSAC
Just letting go is like ringing a bell

#RSAC
Mapping TSD to Devices
Alarm Pathways and Sanity Checks as well as Data Flows

#RSAC
Distributed Checks
Sending messages between devices is messy
The process doesn’t stop to wait on your message
This causes lots and lots of edge cases
Autonomous agents in each control “zone” works better
Each agent will need it’s own independent TSD logic
Mapping Devices to Implants

#RSAC
Best-Fit Monotonic Line Approximation

#RSAC
Relaxing a graph matches points based on artifacts just like a
human would
Force Relaxing

#RSAC
For every pair of time series, we can calculate
Scale – 5.25
Offset - 52.64
Slope – 2.28
Delay – 9 seconds
Fitness – 88.06%
In general, the greater the disturbance in the loop, the better the
correlation matrix will work
Model Outputs

#RSAC
Let’s overlay the correlation matrix on top of our existing TSD diagram

#RSAC
Uncertainty Tables
An exploit chain can always be built, but how confident are you it will work?

Feedback with Topology
How do you know when something has gone horribly wrong on
the far side?
There is no “Pipe Roundness” sensor

#RSAC
Topology Invariance
Topologies are generally static in a process operating in the same
mode
Individual characteristics of a topology may be conserved

#RSAC
Flow A
Flow B
Flow C
(Integration under the flow curve yields volume)
Level A
Level B
Level C
(Level A * Volume A) = (Level B * Volume B) + (Level C * Volume C)
(Flow A) = (Flow B) + (Flow C)
(Level A * Volume A) = (Flow B) + (Flow C)
Topology Characteristic Invariance
Mostly true, but stuff happens

#RSAC
Feedback Till Topology Changes
Success can often be registered as a topology change
Often some values that are conserved are no longer conserved
during the damage phase

#RSAC
Why don’t we see more “Cyber Weapons”?
Given the amount of work, there is also a high degree of
uncertainty that the weapon will actually work
You’re not always at war with someone so you need a kindler-
gentler way of testing
Economic disruption can be used to validate future cyber
weapons against real targets
Expect to see an increase in economic disruptions in high-value
targets

#RSAC
Ukraine Attack
This is more of an easy-button attack
with some force multipliers
• Attackers only had to turn off the
power
• No great knowledge of the process
required
• Typical DoS against the call center

#RSAC
Questions?
Jason Larsen
Jason.larsen@ioactive.com

Viewers also liked

Industrial Cybersecurity and Critical Infrastructure Protection in Europe

Positive Hack Days

Symantec 2010 Critical Information Infrastructure Protection (CIP) Survey found, among other things, that 53 percent of critical infrastructure providers report that their networks have experienced what they perceived as politically motivated cyber attacks. Participants claimed to have experienced such an attack on an average of 10 times in the past five years, incurring an average cost of $850,000 during a period of five years to their businesses.

Symantec 2010 Critical Infrastructure Protection Study

Symantec

Cybersecurity Critical Infrastructure Framework Course Textbook and the class...

AVEVA

Critical infrastructure

Prof. David E. Alexander (UCL)

Bio Daniel Donatelli

Daniel Donatelli

Network security and policies

wardjo

U.S. Approach to Cybersecurity Governance

Gwanhoo Lee

chile-2015 (2)

Massimiliano Falcinelli

Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership Presentation: How do we Protect our Systems and Meet Compliance in a Rapidly Changing Environment Presenter: Sean McCloskey, Program Manager, Cyber Security Evaluations Program, DHS Description: With all the constant innovation in cyber, what is “cutting edge”? What constraints hinder innovation? How is technology being used to address the Executive Orders, comply to standards, and other meet other mandates? What areas still need resources, ideas and innovation? Join us to hear advances in cyber security technology and ways to protect and monitor systems that will provide for resilient infrastructures and incorporate new solutions.

Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...

Government Technology and Services Coalition

Cybersecurity: Connectivity, Collaboration and Security Controls

Kristian Alisasis Pura

2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...

Eran Goldstein

Potential Impact of Cyber Attacks on Critical Infrastructure

Unisys Corporation

Viewers also liked (12)

Industrial Cybersecurity and Critical Infrastructure Protection in Europe

Symantec 2010 Critical Infrastructure Protection Study

Cybersecurity Critical Infrastructure Framework Course Textbook and the class...

Critical infrastructure

Bio Daniel Donatelli

Network security and policies

U.S. Approach to Cybersecurity Governance

chile-2015 (2)

Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...

Cybersecurity: Connectivity, Collaboration and Security Controls

2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...

Potential Impact of Cyber Attacks on Critical Infrastructure

Similar to Hacking Critical Infrastructure Like You’re Not a N00b

Vulnerability analysis has largely been a process that requires substantial human expertise. However, very recently there has been a push for completely autonomous hacking systems, which can find flaws, exploit them and even provide patches, all without any human intervention. This talk presents recent advances in autonomous hacking and provides lessons learned from participating in the DARPA CGC. (Source: RSA USA 2016-San Francisco)

Autonomous Hacking: The New Frontiers of Attack and Defense

Priyanka Aash

This session will explore how we can leverage containers, network/endpoint virtualization technologies and virtualized security instrumentation, concurrently, to transformationally improve security visibility, security analytics, system resilience and actionable context, greatly increasing our ability to attest that systems will be secure and compliant in any state into which they may be driven. (Source: RSA USA 2016-San Francisco)

Transforming Security: Containers, Virtualization and Softwarization

Priyanka Aash

How to Measure the Security of Your Network Protection Devices with Analogue ...

Winn Schwartau

Security precognition chaos engineering in incident response

Priyanka Aash

Serverless Attack Vectors

Teri Radichel

CheapSCAte: Attacking IoT with less than $60

Riscure

As seen with the IoT-based MIRAI botnet, security vulnerabilities can have their root cause several layers down in the supply chain. The session will corroborate this with concrete vulnerability results of over 5,000 IoT software packages. It also will show how, to stop this bug passing, developers, integrators and regulating bodies need to work together to build a trustworthy IoT software supply chain.

Stop Passing the Bug: IoT Supply Chain Security

Synopsys Software Integrity Group

Moving critical workloads into the cloud can be unnerving for security professionals. In reality, though, the cloud offers a whole new set of opportunities for the security team to do things even better than in their on-premises environment. Two seasoned cloud experts will explore the latest real-world, practical tools and techniques for becoming demonstrably more secure as you move to the cloud. (Source: RSA USA 2016-San Francisco)

Aspirin as a Service: Using the Cloud to Cure Security Headaches

Priyanka Aash

Black ops 2012

Dan Kaminsky

Exploring the Real-World Application Security Top 10

Priyanka Aash

During the past year IR teams and security researchers around the world witnessed a rise in the use of legitimate tools and common scripts in malware and APT attacks. This talk will explore the presenters’ research that focused on automating the analysis of PowerShell and Macro/VBA/VBS attacks by building a heuristic-based compiler engine that determines whether a script is malicious or not. (Source: RSA Conference USA 2017)

Isolating the Ghost in the Machine: Unveiling Post Exploitation Threatsrsac

Priyanka Aash

Practical Approaches to Cloud Native Security

Karthik Gaekwad

They always taught us that the only thing it can be pulled out from a SSL/TLS session using strong authentication and latest state-of-art (Perfect Forward Secrecy) ciphersuites is the public key of the certificate exchanged during the TLS handshake, an insufficient condition to place a MiTM attack without to generate alarms on the validity of the TLS connection and certificate itself. Anyway, this is not always true. In certain circumstances it is possible to derive the private key of server regardless the size of modulus used. Even RSA keys of 4096 bits can be factored at the cost of a few CPU cycles and computational resources. All that needed is the generation of a faulty digital signature from server, an event that can be observed when occuring error conditions such as CPU overheating and/or hardware faults. Because of these premises devices like firewall, switch, router and other embedded appliances are more exposed than traditional IT servers or clients. During the talk, the author will explain the theory behind the attack, how common are the factors that make it possible, and his customized implementation of the technique. At the end a proof-of-concept able to work both in passive mode (i.e. only sniffing the network traffic) and in active mode (namely, partecipating directly in the establishment of TLS handshakes) will be released.

[CONFidence 2016] Marco Ortisi - Recover a RSA private key from a TLS session...

PROIDEA

Professional drones are now actively used across various industries to perform daily critical operations. In this awareness session, Nils Rodday will perform a live hack which exploits vulnerabilities of the professional drone and effectively compromises the security of the system to take over control. His session will also discuss practical fixes and approaches for remediating these issues. (Source: RSA USA 2016-San Francisco)

Hacking a Professional Drone

Priyanka Aash

A Pragmatic Union: Security and SRE

James Wickett

RSA 2015 Realities of Private Cloud Security

Scott Carlson

Serverless Security: Are you ready for the Future?

James Wickett

The SDLC has been the model for web application security over the last decade. However, the SDLC was originally designed in a Waterfall world and often causes more problems than it solves in the shift to agile, DevOps and CI/CD. This talk will share actionable tips on the most effective application security techniques in today’s increasingly rapid environment of application creation and delivery. (Source : RSA Conference USA 2017)

Practical appsec lessons learned in the age of agile and DevOps

Priyanka Aash

Serverless applications offer a number of advantages, the biggest one being freedom from a number of standard operational tasks. And while you may not need to do basic ops tasks, you still have a responsibility to keep your data safe and secure. Serverless designs require a completely new approach to development, and securing these applications also requires new concepts, processes and tools. (Source : RSA Conference USA 2017)

Securing serverless applications in the cloud

Priyanka Aash

Isaac stream cipher

Anoop Betigeri

Similar to Hacking Critical Infrastructure Like You’re Not a N00b (20)

Autonomous Hacking: The New Frontiers of Attack and Defense

Transforming Security: Containers, Virtualization and Softwarization

How to Measure the Security of Your Network Protection Devices with Analogue ...

Security precognition chaos engineering in incident response

Serverless Attack Vectors

CheapSCAte: Attacking IoT with less than $60

Stop Passing the Bug: IoT Supply Chain Security

Aspirin as a Service: Using the Cloud to Cure Security Headaches

Black ops 2012

Exploring the Real-World Application Security Top 10

Isolating the Ghost in the Machine: Unveiling Post Exploitation Threatsrsac

Practical Approaches to Cloud Native Security

[CONFidence 2016] Marco Ortisi - Recover a RSA private key from a TLS session...

Hacking a Professional Drone

A Pragmatic Union: Security and SRE

RSA 2015 Realities of Private Cloud Security

Serverless Security: Are you ready for the Future?

Practical appsec lessons learned in the age of agile and DevOps

Securing serverless applications in the cloud

Isaac stream cipher

More from Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs

Priyanka Aash

Verizon Breach Investigation Report (VBIR).pdf

Priyanka Aash

Top 10 Security Risks .pptx.pdf

Priyanka Aash

Simplifying data privacy and protection.pdf

Priyanka Aash

Generative AI and Security (1).pptx.pdf

Priyanka Aash

EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf

Priyanka Aash

DPDP Act 2023.pdf

Priyanka Aash

Cyber Truths_Are you Prepared version 1.1.pptx.pdf

Priyanka Aash

Cyber Crisis Management.pdf

Priyanka Aash

CISOPlatform journey.pptx.pdf

Priyanka Aash

Chennai Chapter.pptx.pdf

Priyanka Aash

Cloud attack vectors_Moshe.pdf

Priyanka Aash

Stories From The Web 3 Battlefield

Priyanka Aash

Lessons Learned From Ransomware Attacks

Priyanka Aash

Emerging New Threats And Top CISO Priorities In 2022 (Chennai)

Priyanka Aash

Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)

Priyanka Aash

Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)

Priyanka Aash

Cloud Security Groups are the firewalls of the cloud. They are built-in and provide basic access control functionality as part of the shared responsibility model. However, Cloud Security Groups do not provide the same protection or functionality that enterprises have come to expect with on-premises deployments. In this talk we will discuss the top cloud risks in 2020, why perimeters are a concept of the past and how in the world of no perimitiers do Cloud Security groups, the "Cloud FIrewalls", fit it. We will practically explore Cloud Security Group limitations across different cloud setups from a single vNet to multi-cloud

Cloud Security: Limitations of Cloud Security Groups and Flow Logs

Priyanka Aash

Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.

Cyber Security Governance

Priyanka Aash

The Internet is home to seemingly infinite amounts of confidential and personal information. As a result of this mass storage of information, the system needs to be constantly updated and enforced to prevent hackers from retrieving such valuable and sensitive data. This increasing number of cyber-attacks has led to an increasing importance of Ethical Hacking. So Ethical hackers' job is to scan vulnerabilities and to find potential threats on a computer or networks. An ethical hacker finds the weakness or loopholes in a computer, web applications or network and reports them to the organization. It requires a thorough knowledge of Networks, web servers, computer viruses, SQL (Structured Query Language), cryptography, penetration testing, Attacks etc. In this session, you will learn all about ethical hacking. You will understand the what ethical hacking, Cyber- attacks, Tools and some hands-on demos. This session will also guide you with the various ethical hacking certifications available today.

Ethical Hacking

Priyanka Aash

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs

Verizon Breach Investigation Report (VBIR).pdf

Top 10 Security Risks .pptx.pdf

Simplifying data privacy and protection.pdf

Generative AI and Security (1).pptx.pdf

EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf

DPDP Act 2023.pdf

Cyber Truths_Are you Prepared version 1.1.pptx.pdf

Cyber Crisis Management.pdf

CISOPlatform journey.pptx.pdf

Chennai Chapter.pptx.pdf

Cloud attack vectors_Moshe.pdf

Stories From The Web 3 Battlefield

Lessons Learned From Ransomware Attacks

Emerging New Threats And Top CISO Priorities In 2022 (Chennai)

Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)

Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)

Cloud Security: Limitations of Cloud Security Groups and Flow Logs

Cyber Security Governance

Ethical Hacking

Recently uploaded

Following the popularity of “Cloud Revolution: Exploring the New Wave of Serverless Spatial Data,” we’re thrilled to announce this much-anticipated encore webinar. In this sequel, we’ll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you’re building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

ICT role in 21st century education and its challenges

rafiqahmad00786416

CNIC Information System with Pakdata Cf In Pakistan

danishmna97

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

Six Myths about Ontologies: The Basics of Formal Ontology

johnbeverley2021

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

[BuildWithAI] Introduction to Gemini.pdf

Sandro Moreira

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Architecting Cloud Native Applications

WSO2

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

apidays

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

When you’re building (micro)services, you have lots of framework options. Spring Boot is no doubt a popular choice. But there’s more! Take Quarkus, a framework that’s considered the rising star for Kubernetes-native Java. It always depends on what's best for your situation, but how to choose the best solution if you're comparing 2 frameworks? Both Spring Boot and Quarkus have their positives and negatives. Let us compare the two by live coding a couple of common use cases in Spring Boot and Quarkus. After this talk, you’ll be ready to get started with Quarkus yourself, and know when to select Quarkus or Spring Boot.

Spring Boot vs Quarkus the ultimate battle - DevoxxUK

Jago de Vreede

The presentation was made in “Web3 Fusion: Embracing AI and Beyond” is more than a conference; it's a journey into the heart of digital transformation. The conference a provided a platform where the future of technology meets practical application. This three-day hybrid event, set in the heart of innovation, served as a gateway to the latest trends and transformative discussions in AI, Blockchain, IoT, AR/VR, and their collective impact on the information space.

AI in Action: Real World Use Cases by Anitaraj

AnitaRaj43

Recently uploaded (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

ICT role in 21st century education and its challenges

CNIC Information System with Pakdata Cf In Pakistan

presentation ICT roal in 21st century education

Six Myths about Ontologies: The Basics of Formal Ontology

Corporate and higher education May webinar.pptx

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

[BuildWithAI] Introduction to Gemini.pdf

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

Artificial Intelligence Chap.5 : Uncertainty

Architecting Cloud Native Applications

AWS Community Day CPH - Three problems of Terraform

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Why Teams call analytics are critical to your entire business

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Spring Boot vs Quarkus the ultimate battle - DevoxxUK

AI in Action: Real World Use Cases by Anitaraj

Hacking Critical Infrastructure Like You’re Not a N00b

1. #RSAC Jason Larsen Hacking Critical Infrastructure Like You’re Not a N00b HT-F03 CyberSecurity Researcher IOActive

2. #RSAC I just got a shell on the control system, now what?

3. #RSAC Inherent Dangers

4. #RSAC Researching Hazards

5. #RSAC Hazard Mitigations Nearly every hazard will have some mitigation Just because there is a mitigation, doesn’t mean that mitigation is effective There is always a strong pressure to declare a problem solved

6. #RSAC Typical HMI Screen

7. #RSAC Let’s Make Some Moonshine

8. #RSAC Let’s Make Some Moonshine

9. #RSAC Let’s Make Some Moonshine Moonshine tastes awful! Burn it instead!

10. #RSAC Easy Button Attacks • At S4 Reid Wightman described one such attack….. • Variable frequency drives have skip frequencies to stop the VFD from operating at a resonant frequency • The engineer has already calculated the exact VFD frequency that is a problem • Easy button attacks are great if they happen to line up with what you want to achieve What if there is no easy button?

11. #RSAC Possible Weaponization Strategies Flaming pool of death Flaming inferno of death Steam Collapse

12. #RSAC Flaming Pool of Death

13. #RSAC Flaming Inferno of Death

14. #RSAC Steam Collapse 14

15. #RSAC Point Database • The attacker will need to extract the point database • This is a toy process so it only has 22 points

16. #RSAC Timing And State Diagrams (TSD)

17. #RSAC Processes aren’t vulnerable all the time

18. #RSAC

19. #RSAC

20. #RSAC Learning phase Extracted “runs” Believable noise Spoofed sensor signal

21. #RSAC We’re winning!!

22. #RSAC That’s not right!

23. #RSAC Vacuum Breaker - Move Along Steam Transfer Temperature/Pressure Builds

24. #RSAC Just letting go is like ringing a bell

25. #RSAC

26. #RSAC Mapping TSD to Devices Alarm Pathways and Sanity Checks as well as Data Flows

27. #RSAC Distributed Checks Sending messages between devices is messy The process doesn’t stop to wait on your message This causes lots and lots of edge cases Autonomous agents in each control “zone” works better Each agent will need it’s own independent TSD logic Mapping Devices to Implants

28. #RSAC Creating and Validating TSD

29. #RSAC Creating and Validating TSD

30. #RSAC Methane vs CO2

31. #RSAC Simple Scaling

32. #RSAC Best-Fit Monotonic Line Approximation

33. #RSAC Relaxing a graph matches points based on artifacts just like a human would Force Relaxing

34. #RSAC For every pair of time series, we can calculate Scale – 5.25 Offset - 52.64 Slope – 2.28 Delay – 9 seconds Fitness – 88.06% In general, the greater the disturbance in the loop, the better the correlation matrix will work Model Outputs

35. #RSAC Let’s overlay the correlation matrix on top of our existing TSD diagram

36. #RSAC Uncertainty Tables An exploit chain can always be built, but how confident are you it will work?

37. #RSAC Comparing Attack Strategies

38. Feedback with Topology How do you know when something has gone horribly wrong on the far side? There is no “Pipe Roundness” sensor

39. #RSAC Topology Invariance Topologies are generally static in a process operating in the same mode Individual characteristics of a topology may be conserved

40. #RSAC Topology Invariance

41. #RSAC Flow A Flow B Flow C (Integration under the flow curve yields volume) Level A Level B Level C (Level A * Volume A) = (Level B * Volume B) + (Level C * Volume C) (Flow A) = (Flow B) + (Flow C) (Level A * Volume A) = (Flow B) + (Flow C) Topology Characteristic Invariance Mostly true, but stuff happens

42. #RSAC Change in Physics 42

43. #RSAC Feedback Till Topology Changes Success can often be registered as a topology change Often some values that are conserved are no longer conserved during the damage phase

44. #RSAC Why don’t we see more “Cyber Weapons”? Given the amount of work, there is also a high degree of uncertainty that the weapon will actually work You’re not always at war with someone so you need a kindler- gentler way of testing Economic disruption can be used to validate future cyber weapons against real targets Expect to see an increase in economic disruptions in high-value targets

45. #RSAC Ukraine Attack This is more of an easy-button attack with some force multipliers • Attackers only had to turn off the power • No great knowledge of the process required • Typical DoS against the call center

46. #RSAC Questions? Jason Larsen Jason.larsen@ioactive.com

Hacking Critical Infrastructure Like You’re Not a N00b

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (12)

Similar to Hacking Critical Infrastructure Like You’re Not a N00b

Similar to Hacking Critical Infrastructure Like You’re Not a N00b (20)

More from Priyanka Aash

More from Priyanka Aash (20)

Recently uploaded

Recently uploaded (20)

Hacking Critical Infrastructure Like You’re Not a N00b