SlideShare a Scribd company logo

BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Client (Penetration Testing)

Aditya K Sood
Aditya K Sood

C-SCAD is an information gathering and penetration testing tool written to assess the security issues present in the Web-X (Internet Explorer-based web interface) client used to interact with the ClearSCADA server. WebX client is hosted on the embedded web server which is shipped as a part of complete ClearSCADA architecture. Primarily, the WebX client is restricted to perform any configuration changes but it can reveal potential information about the ClearSCADA server and associated components. Insecure deployments of WebX client can reveal potential information about the various functions such as alarm pages, SQL lists, and diagnostic checks including various reports.

Engineering
1 of 27
Download to read offline
C-SCAD: ASSESSING SECURITY FLAWS IN ClearSCADA WebX CLIENT! Diary of the Penetration Tester ! Aditya K Sood, Senior Security Researcher and Engineer SecNiche Security Labs (http://www.secniche.org )
Whoami ! • Dr. Aditya K Sood – Senior Threat Researcher and Engineer • Others • Worked previously for IOActive, Armorize, Coseinc and KPMG • Active Speaker at Security conferences • Written Content – IEEE Magazine/Virus Bulletin/ ISSA/ISACA/CrossTalk/HITB Ezine /Elsevier NESE|CFS • Personal Website: – LinkedIn : http://www.linkedin.com/in/adityaks – Website: http://www.secniche.org – Blog: http://secniche.blogspot.com • Authored “ Targeted Cyber Attacks” Book • Email : contact {at no spam} secniche {dot} org!
What is ClearSCADA ? • Open source platform designed for managing remote SCADA systems • Optimizes the SCADA functionality • Object-oriented Architecture (OOA) representing assets and information • Multiple remote management interfaces • Considers as one-software package • More Information – http://plcsystems.ru/catalog/SCADAPack/doc/ClearSCADA_spec_eng.pdf
ClearSCADA – Architecture • ClearSCADA – Network View – Refer : http://www.999automation.com/blog/?p=4465
ClearSCADA Components! • ClearSCADA Server – Runs as a server under Windows operating system • ClearSCADA ViewX Client – Windows thick client application providing user interface for managing ClearSCADA – ViewX does not store SCADA data on the underlined system • ClearSCADA WebX Client – Web client (browser-based) designed for providing user interface to ClearSCADA
ClearSCADA – WebX Client! • WebX Client
ClearSCADA – WebX Client! • WebX Client Information – Designed for Internet Explorer browser and: • Served as an ActiveX Plugin from the ClearSCADA server • Integrated as a part of ClearSCADA server • Majority of the SCADA data can be queried • Web-X displays graphics, alarm page, trend viewer, SQL lists and diagnostics. • Operators can view, control, acknowledge alarms, execute reports etc. • WebX Client – Design Security or Constraints – Cannot be used to configure SCADA database – Cannot be used to alter SCADA settings – Cannot be used to edit graphic displays
WebX Client Design • Other browsers might not display the information and raise notification • If you want to display information in any browser in XML or other format, simply remove the “applet” word from the URL • Example:- – http://<truncated-host>/db/OPCGROUP.Default?applet – http://<truncated-host>/db/OPCGROUP.Default
WebX Client Design With Applet Keyword ! Without Applet Keyword !
ClearSCADA – WebX Client! • Configuration • Refer : http://www.opssys.com/InstantKB/Article.aspx?id=13592
ClearSCADA – WebX Client!
What WebX Client Reveals ! • Objects Revealing Information
What WebX Client Reveals ! • Server Status Information
ClearSCADA – WebX Client! • C-SCAD Tool
Why C-SCAD ? • Efforts towards building more dedicated SCADA penetration testing tools • Web-X client interfaces are not well secured and can reveal ample amount of information about SCADA deployment • In certain deployments, direct access to Web-X client can give access to specific web pages revealing information – If not, C-SCAD does the testing and information mining for the penetration testers
What this Tool does ? • Enumerates active users configured for the Web-X access • Enumerates configured databases and SQL lists for the ClearSCADA • Performs complete configuration check for exposed components • Verifies access to diagnostic page and dumps required information • Executes dictionary attacks for checking weak credentials • Triggers Shodan search queries for exposed ClearSCADA Web-X client on the Internet
ClearSCADA – WebX Client! • Enumerating the list of active users !
ClearSCADA – WebX Client! • Enumerating the Databases !
ClearSCADA – WebX Client! • Available Reports Information !
ClearSCADA – WebX Client! • Available SQL Commands !
ClearSCADA – WebX Client! • Diagnostic Page Check !
ClearSCADA – WebX Client! • Dictionary Attack: – No CAPTCH – Tool uses a slow mode for this attack – It open source, so alter as per your convenience
ClearSCADA – WebX Client! • Shodan Search – ClearSCADA Deployments
What Else …. ? • Integrated check for released vulnerabilities with details • Known security advisories: – http://resourcecenter.controlmicrosystems.com/download/attachments/28311675/Te chnical+Support+Bulletin+-+ClearSCADA+Security_V010.pdf – http://resourcecenter.controlmicrosystems.com/download/attachments/29426140/Te chnical+Support+Bulletin+-+ClearSCADA+Security+V5.pdf – http://ics-cert.us-cert.gov/advisories/ICSA-10-314-01A • A few vulnerabilities have been reported to ICS-CERT while working on this tool. Details will be released once these are patched.
ClearSCADA Demo Version • ClearSCADA free demo request for evaluation purposes • http://resourcecenter.controlmicrosystems.com/display/public/CS/SCA DA+Expert+ClearSCADA+Free+Trial+Download+Request
Conclusion ! • More dedicated tools are required for testing SCADA software • Security assessment depends heavily on the design of software and its working • Standard tools might not work on the target software because of their inability to understand the context
Thanks ! • BlackHat Arsenal Team – http://www.blackhat.com • ToolsWatch - http://www.toolswatch.org/ • Jeremy Brown (@dwordj) for providing his vulnerability PoC to be added in the tool • Tool will be available at : http://cscad.secniche.org

Recommended

SANS @Night Talk: SQL Injection Exploited
SANS @Night Talk: SQL Injection ExploitedSANS @Night Talk: SQL Injection Exploited
SANS @Night Talk: SQL Injection Exploited
Micah Hoffman
 
Big problems with big data – Hadoop interfaces security
Big problems with big data – Hadoop interfaces securityBig problems with big data – Hadoop interfaces security
Big problems with big data – Hadoop interfaces security
SecuRing
 
All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015
NetSPI
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
n|u - The Open Security Community
 
Extracting Credentials From Windows
Extracting Credentials From WindowsExtracting Credentials From Windows
Extracting Credentials From Windows
NetSPI
 
Attacker's Perspective of Active Directory
Attacker's Perspective of Active DirectoryAttacker's Perspective of Active Directory
Attacker's Perspective of Active Directory
Sunny Neo
 
[OWASP Poland Day] Web App Security Architectures
[OWASP Poland Day] Web App Security Architectures[OWASP Poland Day] Web App Security Architectures
[OWASP Poland Day] Web App Security Architectures
OWASP
 
Attack All the Layers: What's Working during Pentests (OWASP NYC)
Attack All the Layers: What's Working during Pentests (OWASP NYC)Attack All the Layers: What's Working during Pentests (OWASP NYC)
Attack All the Layers: What's Working during Pentests (OWASP NYC)
Scott Sutherland
 

Recommended

SANS @Night Talk: SQL Injection Exploited
SANS @Night Talk: SQL Injection ExploitedSANS @Night Talk: SQL Injection Exploited
SANS @Night Talk: SQL Injection Exploited
Micah Hoffman
 
Big problems with big data – Hadoop interfaces security
Big problems with big data – Hadoop interfaces securityBig problems with big data – Hadoop interfaces security
Big problems with big data – Hadoop interfaces security
SecuRing
 
All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015
NetSPI
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
n|u - The Open Security Community
 
Extracting Credentials From Windows
Extracting Credentials From WindowsExtracting Credentials From Windows
Extracting Credentials From Windows
NetSPI
 
Attacker's Perspective of Active Directory
Attacker's Perspective of Active DirectoryAttacker's Perspective of Active Directory
Attacker's Perspective of Active Directory
Sunny Neo
 
[OWASP Poland Day] Web App Security Architectures
[OWASP Poland Day] Web App Security Architectures[OWASP Poland Day] Web App Security Architectures
[OWASP Poland Day] Web App Security Architectures
OWASP
 
Attack All the Layers: What's Working during Pentests (OWASP NYC)
Attack All the Layers: What's Working during Pentests (OWASP NYC)Attack All the Layers: What's Working during Pentests (OWASP NYC)
Attack All the Layers: What's Working during Pentests (OWASP NYC)
Scott Sutherland
 
Securing Docker Containers
Securing Docker ContainersSecuring Docker Containers
Securing Docker Containers
Black Duck by Synopsys
 
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
BlueHat Security Conference
 
Integrating Black Duck into Your Environment with Hub APIs
Integrating Black Duck into Your Environment with Hub APIsIntegrating Black Duck into Your Environment with Hub APIs
Integrating Black Duck into Your Environment with Hub APIs
Black Duck by Synopsys
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
Black Duck by Synopsys
 
Thick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseThick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash Course
Scott Sutherland
 
Attack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration TestingAttack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration Testing
NetSPI
 
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout SuiteCloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
OWASP Kyiv
 
aclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHoundaclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHound
DirkjanMollema
 
2014 04-03 xyratex event
2014 04-03 xyratex event2014 04-03 xyratex event
2014 04-03 xyratex event
Shawn Wells
 
[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilities[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilities
OWASP
 
Asec r01-resting-on-your-laurels-will-get-you-pwned
Asec r01-resting-on-your-laurels-will-get-you-pwnedAsec r01-resting-on-your-laurels-will-get-you-pwned
Asec r01-resting-on-your-laurels-will-get-you-pwned
Dinis Cruz
 
Web Server Hardening
Web Server HardeningWeb Server Hardening
Web Server Hardening
n|u - The Open Security Community
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Application
edavid2685
 
[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security Headers[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security Headers
OWASP
 
Do not disturb my circles! Secure Application Isolation with OSGi - Mirko Jah...
Do not disturb my circles! Secure Application Isolation with OSGi - Mirko Jah...Do not disturb my circles! Secure Application Isolation with OSGi - Mirko Jah...
Do not disturb my circles! Secure Application Isolation with OSGi - Mirko Jah...
mfrancis
 
Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers 
Jeff Suratt
 
Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)
Nagaraju Repala
 
Web security and OWASP
Web security and OWASPWeb security and OWASP
Web security and OWASP
Isuru Samaraweera
 
Rapid Android Application Security Testing
Rapid Android Application Security TestingRapid Android Application Security Testing
Rapid Android Application Security Testing
Nutan Kumar Panda
 
CNIT 128: Android Implementation Issues (Part 2)
CNIT 128: Android Implementation Issues (Part 2)CNIT 128: Android Implementation Issues (Part 2)
CNIT 128: Android Implementation Issues (Part 2)
Sam Bowne
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
Alert Logic
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 

More Related Content

What's hot

Securing Docker Containers
Securing Docker ContainersSecuring Docker Containers
Securing Docker Containers
Black Duck by Synopsys
 
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
BlueHat Security Conference
 
Integrating Black Duck into Your Environment with Hub APIs
Integrating Black Duck into Your Environment with Hub APIsIntegrating Black Duck into Your Environment with Hub APIs
Integrating Black Duck into Your Environment with Hub APIs
Black Duck by Synopsys
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
Black Duck by Synopsys
 
Thick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseThick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash Course
Scott Sutherland
 
Attack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration TestingAttack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration Testing
NetSPI
 
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout SuiteCloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
OWASP Kyiv
 
aclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHoundaclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHound
DirkjanMollema
 
2014 04-03 xyratex event
2014 04-03 xyratex event2014 04-03 xyratex event
2014 04-03 xyratex event
Shawn Wells
 
[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilities[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilities
OWASP
 
Asec r01-resting-on-your-laurels-will-get-you-pwned
Asec r01-resting-on-your-laurels-will-get-you-pwnedAsec r01-resting-on-your-laurels-will-get-you-pwned
Asec r01-resting-on-your-laurels-will-get-you-pwned
Dinis Cruz
 
Web Server Hardening
Web Server HardeningWeb Server Hardening
Web Server Hardening
n|u - The Open Security Community
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Application
edavid2685
 
[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security Headers[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security Headers
OWASP
 
Do not disturb my circles! Secure Application Isolation with OSGi - Mirko Jah...
Do not disturb my circles! Secure Application Isolation with OSGi - Mirko Jah...Do not disturb my circles! Secure Application Isolation with OSGi - Mirko Jah...
Do not disturb my circles! Secure Application Isolation with OSGi - Mirko Jah...
mfrancis
 
Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers 
Jeff Suratt
 
Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)
Nagaraju Repala
 
Web security and OWASP
Web security and OWASPWeb security and OWASP
Web security and OWASP
Isuru Samaraweera
 
Rapid Android Application Security Testing
Rapid Android Application Security TestingRapid Android Application Security Testing
Rapid Android Application Security Testing
Nutan Kumar Panda
 
CNIT 128: Android Implementation Issues (Part 2)
CNIT 128: Android Implementation Issues (Part 2)CNIT 128: Android Implementation Issues (Part 2)
CNIT 128: Android Implementation Issues (Part 2)
Sam Bowne
 

What's hot (20)

Securing Docker Containers
Securing Docker ContainersSecuring Docker Containers
Securing Docker Containers
 
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
 
Integrating Black Duck into Your Environment with Hub APIs
Integrating Black Duck into Your Environment with Hub APIsIntegrating Black Duck into Your Environment with Hub APIs
Integrating Black Duck into Your Environment with Hub APIs
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
 
Thick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseThick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash Course
 
Attack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration TestingAttack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration Testing
 
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout SuiteCloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
 
aclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHoundaclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHound
 
2014 04-03 xyratex event
2014 04-03 xyratex event2014 04-03 xyratex event
2014 04-03 xyratex event
 
[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilities[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilities
 
Asec r01-resting-on-your-laurels-will-get-you-pwned
Asec r01-resting-on-your-laurels-will-get-you-pwnedAsec r01-resting-on-your-laurels-will-get-you-pwned
Asec r01-resting-on-your-laurels-will-get-you-pwned
 
Web Server Hardening
Web Server HardeningWeb Server Hardening
Web Server Hardening
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Application
 
[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security Headers[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security Headers
 
Do not disturb my circles! Secure Application Isolation with OSGi - Mirko Jah...
Do not disturb my circles! Secure Application Isolation with OSGi - Mirko Jah...Do not disturb my circles! Secure Application Isolation with OSGi - Mirko Jah...
Do not disturb my circles! Secure Application Isolation with OSGi - Mirko Jah...
 
Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers 
 
Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)
 
Web security and OWASP
Web security and OWASPWeb security and OWASP
Web security and OWASP
 
Rapid Android Application Security Testing
Rapid Android Application Security TestingRapid Android Application Security Testing
Rapid Android Application Security Testing
 
CNIT 128: Android Implementation Issues (Part 2)
CNIT 128: Android Implementation Issues (Part 2)CNIT 128: Android Implementation Issues (Part 2)
CNIT 128: Android Implementation Issues (Part 2)
 

Similar to BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Client (Penetration Testing)

Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
Alert Logic
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
Get started with Cloudera's cyber solution
Get started with Cloudera's cyber solutionGet started with Cloudera's cyber solution
Get started with Cloudera's cyber solution
Cloudera, Inc.
 
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewallPresentation database security audit vault & database firewall
Presentation database security audit vault & database firewall
xKinAnx
 
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
Amazon Web Services
 
Security for devs
Security for devsSecurity for devs
Security for devs
Abdelrhman Shawky
 
CS166 Final project
CS166 Final projectCS166 Final project
CS166 Final project
Kaya Ota
 
Owasp Indy Q2 2012 Cheat Sheet Overview
Owasp Indy Q2 2012 Cheat Sheet OverviewOwasp Indy Q2 2012 Cheat Sheet Overview
Owasp Indy Q2 2012 Cheat Sheet Overview
owaspindy
 
Get Started with Cloudera’s Cyber Solution
Get Started with Cloudera’s Cyber SolutionGet Started with Cloudera’s Cyber Solution
Get Started with Cloudera’s Cyber Solution
Cloudera, Inc.
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Ajin Abraham
 
KoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersKoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginners
Tobias Koprowski
 
Play Framework and Activator
Play Framework and ActivatorPlay Framework and Activator
Play Framework and Activator
Kevin Webber
 
Security guidelines
Security guidelinesSecurity guidelines
Security guidelines
karthz
 
2015 582 gangler_ppt - ms
2015 582 gangler_ppt - ms2015 582 gangler_ppt - ms
2015 582 gangler_ppt - ms
Secure-24
 
Protecting your data at rest with Apache Kafka by Confluent and Vormetric
Protecting your data at rest with Apache Kafka by Confluent and VormetricProtecting your data at rest with Apache Kafka by Confluent and Vormetric
Protecting your data at rest with Apache Kafka by Confluent and Vormetric
confluent
 
Stay productive_while_slicing_up_the_monolith
Stay productive_while_slicing_up_the_monolithStay productive_while_slicing_up_the_monolith
Stay productive_while_slicing_up_the_monolith
Markus Eisele
 
Security for developers
Security for developersSecurity for developers
Security for developers
Abdelrhman Shawky
 
KoprowskiT_SQLSat419_WADBforBeginners
KoprowskiT_SQLSat419_WADBforBeginnersKoprowskiT_SQLSat419_WADBforBeginners
KoprowskiT_SQLSat419_WADBforBeginners
Tobias Koprowski
 
AWS Security Architecture - Overview
AWS Security Architecture - OverviewAWS Security Architecture - Overview
AWS Security Architecture - Overview
Sai Kesavamatham
 
OWASP top 10-2013
OWASP top 10-2013OWASP top 10-2013
OWASP top 10-2013
tmd800
 

Similar to BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Client (Penetration Testing) (20)

Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Get started with Cloudera's cyber solution
Get started with Cloudera's cyber solutionGet started with Cloudera's cyber solution
Get started with Cloudera's cyber solution
 
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewallPresentation database security audit vault & database firewall
Presentation database security audit vault & database firewall
 
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
 
Security for devs
Security for devsSecurity for devs
Security for devs
 
CS166 Final project
CS166 Final projectCS166 Final project
CS166 Final project
 
Owasp Indy Q2 2012 Cheat Sheet Overview
Owasp Indy Q2 2012 Cheat Sheet OverviewOwasp Indy Q2 2012 Cheat Sheet Overview
Owasp Indy Q2 2012 Cheat Sheet Overview
 
Get Started with Cloudera’s Cyber Solution
Get Started with Cloudera’s Cyber SolutionGet Started with Cloudera’s Cyber Solution
Get Started with Cloudera’s Cyber Solution
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
 
KoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersKoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginners
 
Play Framework and Activator
Play Framework and ActivatorPlay Framework and Activator
Play Framework and Activator
 
Security guidelines
Security guidelinesSecurity guidelines
Security guidelines
 
2015 582 gangler_ppt - ms
2015 582 gangler_ppt - ms2015 582 gangler_ppt - ms
2015 582 gangler_ppt - ms
 
Protecting your data at rest with Apache Kafka by Confluent and Vormetric
Protecting your data at rest with Apache Kafka by Confluent and VormetricProtecting your data at rest with Apache Kafka by Confluent and Vormetric
Protecting your data at rest with Apache Kafka by Confluent and Vormetric
 
Stay productive_while_slicing_up_the_monolith
Stay productive_while_slicing_up_the_monolithStay productive_while_slicing_up_the_monolith
Stay productive_while_slicing_up_the_monolith
 
Security for developers
Security for developersSecurity for developers
Security for developers
 
KoprowskiT_SQLSat419_WADBforBeginners
KoprowskiT_SQLSat419_WADBforBeginnersKoprowskiT_SQLSat419_WADBforBeginners
KoprowskiT_SQLSat419_WADBforBeginners
 
AWS Security Architecture - Overview
AWS Security Architecture - OverviewAWS Security Architecture - Overview
AWS Security Architecture - Overview
 
OWASP top 10-2013
OWASP top 10-2013OWASP top 10-2013
OWASP top 10-2013
 

More from Aditya K Sood

Emerging Trends in Online Social Networks Malware
Emerging Trends in Online Social Networks MalwareEmerging Trends in Online Social Networks Malware
Emerging Trends in Online Social Networks Malware
Aditya K Sood
 
Enfilade: Tool to Detect Infections in MongoDB Instances
Enfilade: Tool to Detect Infections in MongoDB InstancesEnfilade: Tool to Detect Infections in MongoDB Instances
Enfilade: Tool to Detect Infections in MongoDB Instances
Aditya K Sood
 
Detecting Ransomware/Bot Infections in Elasticsearch
Detecting Ransomware/Bot Infections in ElasticsearchDetecting Ransomware/Bot Infections in Elasticsearch
Detecting Ransomware/Bot Infections in Elasticsearch
Aditya K Sood
 
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
Aditya K Sood
 
Network Security : Book Review : Targeted Cyber Attacks : Aditya K Sood
Network Security : Book Review : Targeted Cyber Attacks : Aditya K SoodNetwork Security : Book Review : Targeted Cyber Attacks : Aditya K Sood
Network Security : Book Review : Targeted Cyber Attacks : Aditya K Sood
Aditya K Sood
 
Abusing Glype Proxies - Attacks, Exploits and Defences
Abusing Glype Proxies - Attacks, Exploits and DefencesAbusing Glype Proxies - Attacks, Exploits and Defences
Abusing Glype Proxies - Attacks, Exploits and Defences
Aditya K Sood
 
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin MagazineNIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
Aditya K Sood
 
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
Aditya K Sood
 
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
Aditya K Sood
 
ToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android Infections
Aditya K Sood
 
DEF CON 20 - Botnets Die Hard - Owned and Operated
DEF CON 20 - Botnets Die Hard - Owned and OperatedDEF CON 20 - Botnets Die Hard - Owned and Operated
DEF CON 20 - Botnets Die Hard - Owned and Operated
Aditya K Sood
 
Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks
Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks
Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks
Aditya K Sood
 
NGR Bot Analysis Paper
NGR Bot Analysis PaperNGR Bot Analysis Paper
NGR Bot Analysis Paper
Aditya K Sood
 
Virus bulletin 2011 Conference Paper - Browser Exploit Packs - Exploitation T...
Virus bulletin 2011 Conference Paper - Browser Exploit Packs - Exploitation T...Virus bulletin 2011 Conference Paper - Browser Exploit Packs - Exploitation T...
Virus bulletin 2011 Conference Paper - Browser Exploit Packs - Exploitation T...
Aditya K Sood
 
Commercial Cyber Crime - Social Networks Malware
Commercial Cyber Crime - Social Networks MalwareCommercial Cyber Crime - Social Networks Malware
Commercial Cyber Crime - Social Networks Malware
Aditya K Sood
 
Virus Bulletin 2011 Conference - Browser Exploit Packs - Death by Bundled Exp...
Virus Bulletin 2011 Conference - Browser Exploit Packs - Death by Bundled Exp...Virus Bulletin 2011 Conference - Browser Exploit Packs - Death by Bundled Exp...
Virus Bulletin 2011 Conference - Browser Exploit Packs - Death by Bundled Exp...
Aditya K Sood
 
OWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web MalwareOWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web Malware
Aditya K Sood
 
Browser Malware Taxonomy
Browser Malware TaxonomyBrowser Malware Taxonomy
Browser Malware Taxonomy
Aditya K Sood
 
BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...
BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...
BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...
Aditya K Sood
 
PenTest Magazine Teaser - Mobile Hacking
PenTest Magazine Teaser - Mobile HackingPenTest Magazine Teaser - Mobile Hacking
PenTest Magazine Teaser - Mobile Hacking
Aditya K Sood
 

More from Aditya K Sood (20)

Emerging Trends in Online Social Networks Malware
Emerging Trends in Online Social Networks MalwareEmerging Trends in Online Social Networks Malware
Emerging Trends in Online Social Networks Malware
 
Enfilade: Tool to Detect Infections in MongoDB Instances
Enfilade: Tool to Detect Infections in MongoDB InstancesEnfilade: Tool to Detect Infections in MongoDB Instances
Enfilade: Tool to Detect Infections in MongoDB Instances
 
Detecting Ransomware/Bot Infections in Elasticsearch
Detecting Ransomware/Bot Infections in ElasticsearchDetecting Ransomware/Bot Infections in Elasticsearch
Detecting Ransomware/Bot Infections in Elasticsearch
 
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
 
Network Security : Book Review : Targeted Cyber Attacks : Aditya K Sood
Network Security : Book Review : Targeted Cyber Attacks : Aditya K SoodNetwork Security : Book Review : Targeted Cyber Attacks : Aditya K Sood
Network Security : Book Review : Targeted Cyber Attacks : Aditya K Sood
 
Abusing Glype Proxies - Attacks, Exploits and Defences
Abusing Glype Proxies - Attacks, Exploits and DefencesAbusing Glype Proxies - Attacks, Exploits and Defences
Abusing Glype Proxies - Attacks, Exploits and Defences
 
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin MagazineNIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
 
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
 
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
 
ToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android Infections
 
DEF CON 20 - Botnets Die Hard - Owned and Operated
DEF CON 20 - Botnets Die Hard - Owned and OperatedDEF CON 20 - Botnets Die Hard - Owned and Operated
DEF CON 20 - Botnets Die Hard - Owned and Operated
 
Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks
Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks
Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks
 
NGR Bot Analysis Paper
NGR Bot Analysis PaperNGR Bot Analysis Paper
NGR Bot Analysis Paper
 
Virus bulletin 2011 Conference Paper - Browser Exploit Packs - Exploitation T...
Virus bulletin 2011 Conference Paper - Browser Exploit Packs - Exploitation T...Virus bulletin 2011 Conference Paper - Browser Exploit Packs - Exploitation T...
Virus bulletin 2011 Conference Paper - Browser Exploit Packs - Exploitation T...
 
Commercial Cyber Crime - Social Networks Malware
Commercial Cyber Crime - Social Networks MalwareCommercial Cyber Crime - Social Networks Malware
Commercial Cyber Crime - Social Networks Malware
 
Virus Bulletin 2011 Conference - Browser Exploit Packs - Death by Bundled Exp...
Virus Bulletin 2011 Conference - Browser Exploit Packs - Death by Bundled Exp...Virus Bulletin 2011 Conference - Browser Exploit Packs - Death by Bundled Exp...
Virus Bulletin 2011 Conference - Browser Exploit Packs - Death by Bundled Exp...
 
OWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web MalwareOWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web Malware
 
Browser Malware Taxonomy
Browser Malware TaxonomyBrowser Malware Taxonomy
Browser Malware Taxonomy
 
BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...
BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...
BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...
 
PenTest Magazine Teaser - Mobile Hacking
PenTest Magazine Teaser - Mobile HackingPenTest Magazine Teaser - Mobile Hacking
PenTest Magazine Teaser - Mobile Hacking
 

Recently uploaded

哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
insn4465
 
Harnessing WebAssembly for Real-time Stateless Streaming Pipelines
Harnessing WebAssembly for Real-time Stateless Streaming PipelinesHarnessing WebAssembly for Real-time Stateless Streaming Pipelines
Harnessing WebAssembly for Real-time Stateless Streaming Pipelines
Christina Lin
 
Modelagem de um CSTR com reação endotermica.pdf
Modelagem de um CSTR com reação endotermica.pdfModelagem de um CSTR com reação endotermica.pdf
Modelagem de um CSTR com reação endotermica.pdf
camseq
 
Manufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptxManufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptx
Madan Karki
 
New techniques for characterising damage in rock slopes.pdf
New techniques for characterising damage in rock slopes.pdfNew techniques for characterising damage in rock slopes.pdf
New techniques for characterising damage in rock slopes.pdf
wisnuprabawa3
 
14 Template Contractual Notice - EOT Application
14 Template Contractual Notice - EOT Application14 Template Contractual Notice - EOT Application
14 Template Contractual Notice - EOT Application
SyedAbiiAzazi1
 
ACEP Magazine edition 4th launched on 05.06.2024
ACEP Magazine edition 4th launched on 05.06.2024ACEP Magazine edition 4th launched on 05.06.2024
ACEP Magazine edition 4th launched on 05.06.2024
Rahul
 
Generative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of contentGenerative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of content
Hitesh Mohapatra
 
22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt
KrishnaveniKrishnara1
 
6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024)6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024)
ClaraZara1
 
digital fundamental by Thomas L.floydl.pdf
digital fundamental by Thomas L.floydl.pdfdigital fundamental by Thomas L.floydl.pdf
digital fundamental by Thomas L.floydl.pdf
drwaing
 
Swimming pool mechanical components design.pptx
Swimming pool mechanical components design.pptxSwimming pool mechanical components design.pptx
Swimming pool mechanical components design.pptx
yokeleetan1
 
Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...
IJECEIAES
 
BPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdf
BPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdfBPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdf
BPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdf
MIGUELANGEL966976
 
Recycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part IIIRecycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part III
Aditya Rajan Patra
 
[JPP-1] - (JEE 3.0) - Kinematics 1D - 14th May..pdf
[JPP-1] - (JEE 3.0) - Kinematics 1D - 14th May..pdf[JPP-1] - (JEE 3.0) - Kinematics 1D - 14th May..pdf
[JPP-1] - (JEE 3.0) - Kinematics 1D - 14th May..pdf
awadeshbabu
 
Low power architecture of logic gates using adiabatic techniques
Low power architecture of logic gates using adiabatic techniquesLow power architecture of logic gates using adiabatic techniques
Low power architecture of logic gates using adiabatic techniques
nooriasukmaningtyas
 
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTCHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
jpsjournal1
 
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
thanhdowork
 
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
ihlasbinance2003
 

Recently uploaded (20)

哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
 
Harnessing WebAssembly for Real-time Stateless Streaming Pipelines
Harnessing WebAssembly for Real-time Stateless Streaming PipelinesHarnessing WebAssembly for Real-time Stateless Streaming Pipelines
Harnessing WebAssembly for Real-time Stateless Streaming Pipelines
 
Modelagem de um CSTR com reação endotermica.pdf
Modelagem de um CSTR com reação endotermica.pdfModelagem de um CSTR com reação endotermica.pdf
Modelagem de um CSTR com reação endotermica.pdf
 
Manufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptxManufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptx
 
New techniques for characterising damage in rock slopes.pdf
New techniques for characterising damage in rock slopes.pdfNew techniques for characterising damage in rock slopes.pdf
New techniques for characterising damage in rock slopes.pdf
 
14 Template Contractual Notice - EOT Application
14 Template Contractual Notice - EOT Application14 Template Contractual Notice - EOT Application
14 Template Contractual Notice - EOT Application
 
ACEP Magazine edition 4th launched on 05.06.2024
ACEP Magazine edition 4th launched on 05.06.2024ACEP Magazine edition 4th launched on 05.06.2024
ACEP Magazine edition 4th launched on 05.06.2024
 
Generative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of contentGenerative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of content
 
22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt
 
6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024)6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024)
 
digital fundamental by Thomas L.floydl.pdf
digital fundamental by Thomas L.floydl.pdfdigital fundamental by Thomas L.floydl.pdf
digital fundamental by Thomas L.floydl.pdf
 
Swimming pool mechanical components design.pptx
Swimming pool mechanical components design.pptxSwimming pool mechanical components design.pptx
Swimming pool mechanical components design.pptx
 
Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...
 
BPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdf
BPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdfBPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdf
BPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdf
 
Recycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part IIIRecycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part III
 
[JPP-1] - (JEE 3.0) - Kinematics 1D - 14th May..pdf
[JPP-1] - (JEE 3.0) - Kinematics 1D - 14th May..pdf[JPP-1] - (JEE 3.0) - Kinematics 1D - 14th May..pdf
[JPP-1] - (JEE 3.0) - Kinematics 1D - 14th May..pdf
 
Low power architecture of logic gates using adiabatic techniques
Low power architecture of logic gates using adiabatic techniquesLow power architecture of logic gates using adiabatic techniques
Low power architecture of logic gates using adiabatic techniques
 
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTCHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
 
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
 
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
 

BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Client (Penetration Testing)

  • 1. C-SCAD: ASSESSING SECURITY FLAWS IN ClearSCADA WebX CLIENT! Diary of the Penetration Tester ! Aditya K Sood, Senior Security Researcher and Engineer SecNiche Security Labs (http://www.secniche.org )
  • 2. Whoami ! • Dr. Aditya K Sood – Senior Threat Researcher and Engineer • Others • Worked previously for IOActive, Armorize, Coseinc and KPMG • Active Speaker at Security conferences • Written Content – IEEE Magazine/Virus Bulletin/ ISSA/ISACA/CrossTalk/HITB Ezine /Elsevier NESE|CFS • Personal Website: – LinkedIn : http://www.linkedin.com/in/adityaks – Website: http://www.secniche.org – Blog: http://secniche.blogspot.com • Authored “ Targeted Cyber Attacks” Book • Email : contact {at no spam} secniche {dot} org!
  • 3. What is ClearSCADA ? • Open source platform designed for managing remote SCADA systems • Optimizes the SCADA functionality • Object-oriented Architecture (OOA) representing assets and information • Multiple remote management interfaces • Considers as one-software package • More Information – http://plcsystems.ru/catalog/SCADAPack/doc/ClearSCADA_spec_eng.pdf
  • 4. ClearSCADA – Architecture • ClearSCADA – Network View – Refer : http://www.999automation.com/blog/?p=4465
  • 5. ClearSCADA Components! • ClearSCADA Server – Runs as a server under Windows operating system • ClearSCADA ViewX Client – Windows thick client application providing user interface for managing ClearSCADA – ViewX does not store SCADA data on the underlined system • ClearSCADA WebX Client – Web client (browser-based) designed for providing user interface to ClearSCADA
  • 6. ClearSCADA – WebX Client! • WebX Client
  • 7. ClearSCADA – WebX Client! • WebX Client Information – Designed for Internet Explorer browser and: • Served as an ActiveX Plugin from the ClearSCADA server • Integrated as a part of ClearSCADA server • Majority of the SCADA data can be queried • Web-X displays graphics, alarm page, trend viewer, SQL lists and diagnostics. • Operators can view, control, acknowledge alarms, execute reports etc. • WebX Client – Design Security or Constraints – Cannot be used to configure SCADA database – Cannot be used to alter SCADA settings – Cannot be used to edit graphic displays
  • 8. WebX Client Design • Other browsers might not display the information and raise notification • If you want to display information in any browser in XML or other format, simply remove the “applet” word from the URL • Example:- – http://<truncated-host>/db/OPCGROUP.Default?applet – http://<truncated-host>/db/OPCGROUP.Default
  • 9. WebX Client Design With Applet Keyword ! Without Applet Keyword !
  • 10. ClearSCADA – WebX Client! • Configuration • Refer : http://www.opssys.com/InstantKB/Article.aspx?id=13592
  • 12. What WebX Client Reveals ! • Objects Revealing Information
  • 13. What WebX Client Reveals ! • Server Status Information
  • 14. ClearSCADA – WebX Client! • C-SCAD Tool
  • 15. Why C-SCAD ? • Efforts towards building more dedicated SCADA penetration testing tools • Web-X client interfaces are not well secured and can reveal ample amount of information about SCADA deployment • In certain deployments, direct access to Web-X client can give access to specific web pages revealing information – If not, C-SCAD does the testing and information mining for the penetration testers
  • 16. What this Tool does ? • Enumerates active users configured for the Web-X access • Enumerates configured databases and SQL lists for the ClearSCADA • Performs complete configuration check for exposed components • Verifies access to diagnostic page and dumps required information • Executes dictionary attacks for checking weak credentials • Triggers Shodan search queries for exposed ClearSCADA Web-X client on the Internet
  • 17. ClearSCADA – WebX Client! • Enumerating the list of active users !
  • 18. ClearSCADA – WebX Client! • Enumerating the Databases !
  • 19. ClearSCADA – WebX Client! • Available Reports Information !
  • 20. ClearSCADA – WebX Client! • Available SQL Commands !
  • 21. ClearSCADA – WebX Client! • Diagnostic Page Check !
  • 22. ClearSCADA – WebX Client! • Dictionary Attack: – No CAPTCH – Tool uses a slow mode for this attack – It open source, so alter as per your convenience
  • 23. ClearSCADA – WebX Client! • Shodan Search – ClearSCADA Deployments
  • 24. What Else …. ? • Integrated check for released vulnerabilities with details • Known security advisories: – http://resourcecenter.controlmicrosystems.com/download/attachments/28311675/Te chnical+Support+Bulletin+-+ClearSCADA+Security_V010.pdf – http://resourcecenter.controlmicrosystems.com/download/attachments/29426140/Te chnical+Support+Bulletin+-+ClearSCADA+Security+V5.pdf – http://ics-cert.us-cert.gov/advisories/ICSA-10-314-01A • A few vulnerabilities have been reported to ICS-CERT while working on this tool. Details will be released once these are patched.
  • 25. ClearSCADA Demo Version • ClearSCADA free demo request for evaluation purposes • http://resourcecenter.controlmicrosystems.com/display/public/CS/SCA DA+Expert+ClearSCADA+Free+Trial+Download+Request
  • 26. Conclusion ! • More dedicated tools are required for testing SCADA software • Security assessment depends heavily on the design of software and its working • Standard tools might not work on the target software because of their inability to understand the context
  • 27. Thanks ! • BlackHat Arsenal Team – http://www.blackhat.com • ToolsWatch - http://www.toolswatch.org/ • Jeremy Brown (@dwordj) for providing his vulnerability PoC to be added in the tool • Tool will be available at : http://cscad.secniche.org