Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
SCADA security Positive Hack Days.  Industrial systems.  Threats GLEG ltd -  SCADA+  Pack for CANVAS developer [email_addr...
SCADA security Plan <ul><ul><li>Attacks against SCADA: how could it look like ? </li></ul></ul><ul><ul><li>Intro — are SCA...
SCADA security SCADA — events timeline  <ul><li><  June 2010 — seems like there were NO (?) real world examples of SCADA t...
SCADA security SCADA ON THE WEB THERE ARE HUNDREDS OF SCADA SYSTEMS ALREADY EXPOSED TO INTERNET! Let us show «banners» for...
SCADa SCX SCADa e.g. SCX SCADA: SCX ADVANCED INDUSTRIAL AUTOMATION SOFTWARE ...the integrated SCX Web server is a standard...
SCADA SCX SCADA banner 1) “SCXWebServer” **************************** HTTP/1.1 200 OK Content-Encoding: deflate Date: Tue,...
 
SCADA security Codesys ENI server exploit CoDeSys Eni server: In this case the banner looks like:  «ENIServer» (though the...
 
SCADA SCADA Video of exploitation: http://pentesting.ru/eniserver.rar
SCADA security Postexploitation: <ul><ul><ul><li>Typical postexploitation: </li></ul></ul></ul><ul><ul><ul><li>Troyan </li...
SCADA security SCADA vulns <ul><li>Of course there could be other vulns types... other explore and exploitation tools and ...
 
SCADA SCADA attack This could be helpfull for hacker... you could exloit some buffer overfow,  enable Rdesktop and have fu...
SCADA security SCADA Current tools has limited Functionality for SCADA... e.g.  Shodan — searches only 80, 21, 22, 161, 50...
Безопасность АСУ Measures: <ul><ul><ul><li>What you should know and do: </li></ul></ul></ul><ul><ul><ul><li>SCADA systems ...
SCADA security CounterMeasures: <ul><li>Of course SCADA should be properly designed (hope it is so :) with redundancy , po...
SCADA security Resume: We have shown that SCADA systems ARE ALREADY AVAILABLE FROM THE INTERNET... and some could be explo...
SCADA Positive Hack Days.  Thanks for your attention [email_address] http:// www.gleg.net
Upcoming SlideShare
Loading in …5
×

Positive Hack Days. Gurkin. Zero Day for SCADA (0-day)

3,294 views

Published on

Vulnerabilities in SCADA systems, after the mass propagation of the Stuxnet worm, have become journalists' favorite bugbear and a nightmare for all who has something to do with industry and national security.

How difficult is it to detect a vulnerability in SCADA systems? Which attack vectors are the most dangerous for such systems? How many unfixed vulnerabilities in SCADA are known as yet?

The reporter will practically demonstrate 0-day vulnerabilities in some popular systems of production process management.

Published in: Technology, Business
  • Hello, We are a group of hackers called principal tech and we offer hacking services for everyone. Some of our services are: - Get any password from any Email Address. - Get any password from any Facebook, Twitter or Instagram account. - Cell phone hacking (whatsapp, viber, line, wechat, etc) - Websites hacking, pentesting. - IP addresses and people tracking. - Hacking courses and classes…. Our services are the best on the market and 100% secure and discreet guaranteed. Just write us and ask for your desired service: OUR EMAIL ADDRESS: principalhacker@gmail.com, 209 724-739
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Positive Hack Days. Gurkin. Zero Day for SCADA (0-day)

  1. 1. SCADA security Positive Hack Days. Industrial systems. Threats GLEG ltd - SCADA+ Pack for CANVAS developer [email_address] http:// www.gleg.net
  2. 2. SCADA security Plan <ul><ul><li>Attacks against SCADA: how could it look like ? </li></ul></ul><ul><ul><li>Intro — are SCADAs accessible from Internet... </li></ul></ul><ul><ul><li>Exploration — Searching the vulnerable systems available from the web </li></ul></ul><ul><ul><li>Exploitation </li></ul></ul><ul><ul><li>Post exploitation </li></ul></ul><ul><ul><li>Summary </li></ul></ul>
  3. 3. SCADA security SCADA — events timeline <ul><li>< June 2010 — seems like there were NO (?) real world examples of SCADA targeted attacks (just worm infections ...) </li></ul><ul><li>June 2010 — Stuxnet! The milestone in SCADA security... </li></ul><ul><li>> June 2010 — Hackers realized that there are accessible SCADA systems with vulns … </li></ul><ul><ul><li>Dozens of new vulnerabilities uncovered </li></ul></ul><ul><ul><li>Potential risk has greatly increased </li></ul></ul>
  4. 4. SCADA security SCADA ON THE WEB THERE ARE HUNDREDS OF SCADA SYSTEMS ALREADY EXPOSED TO INTERNET! Let us show «banners» for two SCADA systems, And SHODAN search results for them....
  5. 5. SCADa SCX SCADa e.g. SCX SCADA: SCX ADVANCED INDUSTRIAL AUTOMATION SOFTWARE ...the integrated SCX Web server is a standard component of the SCX product. Web Clients have access to all SCADA system functions...
  6. 6. SCADA SCX SCADA banner 1) “SCXWebServer” **************************** HTTP/1.1 200 OK Content-Encoding: deflate Date: Tue, 14 Dec 2010 19:09:52 GMT Expires: Tue, 14 Dec 2010 19:09:52 GMT Cache-Control: no-cache Server: SCXWebServer/6.0 — here is banner Content-Type: text/xml Content-Length: 1504 *********************** Search results for this:
  7. 8. SCADA security Codesys ENI server exploit CoDeSys Eni server: In this case the banner looks like: «ENIServer» (though there are many same kind servers available from different SCADA developers... all seems to be based on codesys...?) Again, let's search it on the web ...and show how it could be exploited using SCADA+ Pack 0day exploit for CoDeSys Eni Server.
  8. 10. SCADA SCADA Video of exploitation: http://pentesting.ru/eniserver.rar
  9. 11. SCADA security Postexploitation: <ul><ul><ul><li>Typical postexploitation: </li></ul></ul></ul><ul><ul><ul><li>Troyan </li></ul></ul></ul><ul><ul><ul><li>Keylogger </li></ul></ul></ul><ul><ul><ul><li>Hiding activities... and waiting </li></ul></ul></ul><ul><ul><ul><li>for login+pwd... </li></ul></ul></ul>
  10. 12. SCADA security SCADA vulns <ul><li>Of course there could be other vulns types... other explore and exploitation tools and techniques... </li></ul><ul><li>Example 2: </li></ul><ul><li>Some common situation for SCADA is … that local access is granted without auth by def. </li></ul><ul><li>e.g. in IGSS scada we have the following default project settings.... ( disable access control is checked !) </li></ul>
  11. 14. SCADA SCADA attack This could be helpfull for hacker... you could exloit some buffer overfow, enable Rdesktop and have fun with SCADA devices
  12. 15. SCADA security SCADA Current tools has limited Functionality for SCADA... e.g. Shodan — searches only 80, 21, 22, 161, 5060 ports... But, e.g. Realwin has vuln services on 910, 912 port In that case you will need to search yourself... but as long as there are dozens of scanners — this is not a problem. Also you could write your own.
  13. 16. Безопасность АСУ Measures: <ul><ul><ul><li>What you should know and do: </li></ul></ul></ul><ul><ul><ul><li>SCADA systems are already on the Internet... </li></ul></ul></ul><ul><ul><ul><li>One should be ready for situation when SCADA «suddenly» becomes accessible ( e.g. it is very convenient for engineers to have remote access ) </li></ul></ul></ul><ul><ul><ul><li>Should minimize internal threats - end-point security + IDS </li></ul></ul></ul><ul><ul><ul><li>Keep an eye on news for scada vulns, especially those leading to possible remote access to scada functions (eg login pwd steal)! </li></ul></ul></ul><ul><ul><ul><li>For scada it is not good to rely on local auth, database auth, has unauth local access! </li></ul></ul></ul>
  14. 17. SCADA security CounterMeasures: <ul><li>Of course SCADA should be properly designed (hope it is so :) with redundancy , possibly involving different manufacturers equipment etc... </li></ul><ul><li>Some typical measures could also be helpfull: </li></ul><ul><li>Security policies and culture of personel (resistance to social eng.), </li></ul><ul><li>good pwds, </li></ul><ul><li>Penetration tests </li></ul>
  15. 18. SCADA security Resume: We have shown that SCADA systems ARE ALREADY AVAILABLE FROM THE INTERNET... and some could be exploited right now...
  16. 19. SCADA Positive Hack Days. Thanks for your attention [email_address] http:// www.gleg.net

×