Submit Search
Upload
DEF CON 24 - Gorenc Sands - hacker machine interface
•
0 likes
•
32 views
Felipe Prado
Follow
DEF CON 24 - Gorenc Sands - hacker machine interface
Read less
Read more
Technology
Report
Share
Report
Share
1 of 62
Download now
Download to read offline
Recommended
Targeted attacks on major industry sectores in south korea 20170927 cha minse...
Targeted attacks on major industry sectores in south korea 20170927 cha minse...
Minseok(Jacky) Cha
From stealing confidential data to revenue-generating attacks
From stealing confidential data to revenue-generating attacks
Minseok(Jacky) Cha
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
Hacks in Taiwan (HITCON)
Mitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo Nixu
Nixu Corporation
【HITCON Hackathon 2017】 TrendMicro Datasets
【HITCON Hackathon 2017】 TrendMicro Datasets
Hacks in Taiwan (HITCON)
Fighting malware - keeping your Intellectual Property safe
Fighting malware - keeping your Intellectual Property safe
Prayukth K V
Architecting cybersecurity to future proof smart cities against emerging cybe...
Architecting cybersecurity to future proof smart cities against emerging cybe...
NUS-ISS
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
PROIDEA
Recommended
Targeted attacks on major industry sectores in south korea 20170927 cha minse...
Targeted attacks on major industry sectores in south korea 20170927 cha minse...
Minseok(Jacky) Cha
From stealing confidential data to revenue-generating attacks
From stealing confidential data to revenue-generating attacks
Minseok(Jacky) Cha
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
Hacks in Taiwan (HITCON)
Mitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo Nixu
Nixu Corporation
【HITCON Hackathon 2017】 TrendMicro Datasets
【HITCON Hackathon 2017】 TrendMicro Datasets
Hacks in Taiwan (HITCON)
Fighting malware - keeping your Intellectual Property safe
Fighting malware - keeping your Intellectual Property safe
Prayukth K V
Architecting cybersecurity to future proof smart cities against emerging cybe...
Architecting cybersecurity to future proof smart cities against emerging cybe...
NUS-ISS
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
PROIDEA
Scaling ML-Based Threat Detection For Production Cyber Attacks
Scaling ML-Based Threat Detection For Production Cyber Attacks
Databricks
From Strategy To Tactics - Targeting And Protecting Privileged Accounts
From Strategy To Tactics - Targeting And Protecting Privileged Accounts
Lavi Lazarovitz
2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW
Sylvain Martinez
Threat detection-report-backoff-pos
Threat detection-report-backoff-pos
EMC
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic Menace
NowSecure
Evolución de la Ciber Seguridad
Evolución de la Ciber Seguridad
Cristian Garcia G.
Ransomware in targeted attacks
Ransomware in targeted attacks
Kaspersky
Q1 2016 Open Source Security Report: Glibc and Beyond
Q1 2016 Open Source Security Report: Glibc and Beyond
Black Duck by Synopsys
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
Suwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
How to assign a CVE to yourself?
How to assign a CVE to yourself?
Ramin Farajpour Cami
Global Cyber Threat Intelligence
Global Cyber Threat Intelligence
NTT Innovation Institute Inc.
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Raffael Marty
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response
Adrian Guthrie
Malware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response Technology
Adrian Guthrie
Case study cybersecurity industry birth and growth
Case study cybersecurity industry birth and growth
Mamoon Ismail Khalid
Insecure magazine - 52
Insecure magazine - 52
Felipe Prado
IRJET- Ethical Hacking Techniques and its Preventive Measures for Newbies
IRJET- Ethical Hacking Techniques and its Preventive Measures for Newbies
IRJET Journal
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Black Duck by Synopsys
Generación V de ciberataques
Generación V de ciberataques
Cristian Garcia G.
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
Cyber Security Alliance
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat Security Conference
GreyNoise - Mass Exploitation
GreyNoise - Mass Exploitation
Andrew Morris
More Related Content
What's hot
Scaling ML-Based Threat Detection For Production Cyber Attacks
Scaling ML-Based Threat Detection For Production Cyber Attacks
Databricks
From Strategy To Tactics - Targeting And Protecting Privileged Accounts
From Strategy To Tactics - Targeting And Protecting Privileged Accounts
Lavi Lazarovitz
2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW
Sylvain Martinez
Threat detection-report-backoff-pos
Threat detection-report-backoff-pos
EMC
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic Menace
NowSecure
Evolución de la Ciber Seguridad
Evolución de la Ciber Seguridad
Cristian Garcia G.
Ransomware in targeted attacks
Ransomware in targeted attacks
Kaspersky
Q1 2016 Open Source Security Report: Glibc and Beyond
Q1 2016 Open Source Security Report: Glibc and Beyond
Black Duck by Synopsys
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
Suwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
How to assign a CVE to yourself?
How to assign a CVE to yourself?
Ramin Farajpour Cami
What's hot
(10)
Scaling ML-Based Threat Detection For Production Cyber Attacks
Scaling ML-Based Threat Detection For Production Cyber Attacks
From Strategy To Tactics - Targeting And Protecting Privileged Accounts
From Strategy To Tactics - Targeting And Protecting Privileged Accounts
2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW
Threat detection-report-backoff-pos
Threat detection-report-backoff-pos
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Evolución de la Ciber Seguridad
Evolución de la Ciber Seguridad
Ransomware in targeted attacks
Ransomware in targeted attacks
Q1 2016 Open Source Security Report: Glibc and Beyond
Q1 2016 Open Source Security Report: Glibc and Beyond
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
How to assign a CVE to yourself?
How to assign a CVE to yourself?
Similar to DEF CON 24 - Gorenc Sands - hacker machine interface
Global Cyber Threat Intelligence
Global Cyber Threat Intelligence
NTT Innovation Institute Inc.
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Raffael Marty
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response
Adrian Guthrie
Malware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response Technology
Adrian Guthrie
Case study cybersecurity industry birth and growth
Case study cybersecurity industry birth and growth
Mamoon Ismail Khalid
Insecure magazine - 52
Insecure magazine - 52
Felipe Prado
IRJET- Ethical Hacking Techniques and its Preventive Measures for Newbies
IRJET- Ethical Hacking Techniques and its Preventive Measures for Newbies
IRJET Journal
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Black Duck by Synopsys
Generación V de ciberataques
Generación V de ciberataques
Cristian Garcia G.
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
Cyber Security Alliance
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat Security Conference
GreyNoise - Mass Exploitation
GreyNoise - Mass Exploitation
Andrew Morris
ifda financial attacks - Conférence ECW 2018 Rennes
ifda financial attacks - Conférence ECW 2018 Rennes
OPcyberland
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC Perspective
Positive Hack Days
Malware Analysis
Malware Analysis
Ramin Farajpour Cami
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Minseok(Jacky) Cha
Cyber security and attack analysis : how Cisco uses graph analytics
Cyber security and attack analysis : how Cisco uses graph analytics
Linkurious
Corporate threat vector and landscape
Corporate threat vector and landscape
yohansurya2
Level Up Your Security with Threat Intelligence
Level Up Your Security with Threat Intelligence
IBM Security
TrendMicro: 從雲到端,打造安全的物聯網
TrendMicro: 從雲到端,打造安全的物聯網
Amazon Web Services
Similar to DEF CON 24 - Gorenc Sands - hacker machine interface
(20)
Global Cyber Threat Intelligence
Global Cyber Threat Intelligence
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response Technology
Case study cybersecurity industry birth and growth
Case study cybersecurity industry birth and growth
Insecure magazine - 52
Insecure magazine - 52
IRJET- Ethical Hacking Techniques and its Preventive Measures for Newbies
IRJET- Ethical Hacking Techniques and its Preventive Measures for Newbies
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Generación V de ciberataques
Generación V de ciberataques
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
GreyNoise - Mass Exploitation
GreyNoise - Mass Exploitation
ifda financial attacks - Conférence ECW 2018 Rennes
ifda financial attacks - Conférence ECW 2018 Rennes
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC Perspective
Malware Analysis
Malware Analysis
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Cyber security and attack analysis : how Cisco uses graph analytics
Cyber security and attack analysis : how Cisco uses graph analytics
Corporate threat vector and landscape
Corporate threat vector and landscape
Level Up Your Security with Threat Intelligence
Level Up Your Security with Threat Intelligence
TrendMicro: 從雲到端,打造安全的物聯網
TrendMicro: 從雲到端,打造安全的物聯網
More from Felipe Prado
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
Felipe Prado
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
Felipe Prado
DEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got ants
Felipe Prado
DEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryption
Felipe Prado
DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101
Felipe Prado
DEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a government
Felipe Prado
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
Felipe Prado
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
Felipe Prado
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
Felipe Prado
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
Felipe Prado
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
Felipe Prado
DEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud security
Felipe Prado
DEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portals
Felipe Prado
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitch
Felipe Prado
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
Felipe Prado
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
Felipe Prado
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
Felipe Prado
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
Felipe Prado
DEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devices
Felipe Prado
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
Felipe Prado
More from Felipe Prado
(20)
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
Recently uploaded
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Mattias Andersson
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
UiPathCommunity
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
ScyllaDB
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Kalema Edgar
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Fwdays
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Florian Wilhelm
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Fwdays
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
2toLead Limited
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Enterprise Knowledge
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
Fwdays
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Alfredo García Lavilla
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Dubai Multi Commodity Centre
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Addepto
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
The Digital Insurer
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
Padma Pradeep
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
Miki Katsuragi
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Wonjun Hwang
costume and set research powerpoint presentation
costume and set research powerpoint presentation
phoebematthew05
Recently uploaded
(20)
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
costume and set research powerpoint presentation
costume and set research powerpoint presentation
DEF CON 24 - Gorenc Sands - hacker machine interface
1.
Hacker'Machine,Interface, State,of,the,Union,for,SCADA,HMI,Vulnerabili:es,
2.
Copyright,2016,Trend,Micro,Inc.,2, Introduc:on,
3.
Copyright,2016,Trend,Micro,Inc.,3, Trend,Micro,Zero,Day,Ini:a:ve, • Fritz,Sands,',@FritzSands, – Security)Researcher)–)Zero)Day)Ini4a4ve) –
Root)cause)analysis)and)vulnerability)discovery) – Focused)on)SCADA)HMI)vulnerability)analysis) • Brian,Gorenc,',@maliciousinput, – Senior)Manager)?)Zero)Day)Ini4a4ve) – Root)cause)analysis)and)vulnerability)discovery) – Organizer)of)Pwn2Own)hacking)compe44ons)
4.
Copyright,2016,Trend,Micro,Inc.,4, SCADA,Industry,
5.
Copyright,2016,Trend,Micro,Inc.,5, Marketplace,Overview,, • Focused,on,ICS,equipment,sales,over,soTware,sales, • Ac:ve,merger,and,acquisi:on,ac:vity,, •
Highly,regionalized,,
6.
Copyright,2016,Trend,Micro,Inc.,6, What,is,the,Human,Machine,Interface?, • Main,hub,for,managing,and,opera:ng,control,systems, • Collects,data,from,the,control,systems, •
Presents,visualiza:on,of,the,system,architecture, • Alarms,operator/sends,no:fica:ons, • Should,be,operated,on,isolated,and,trusted,networks,
7.
Copyright,2016,Trend,Micro,Inc.,7, Why,target,the,Human,Machine,Interface?, • Control,the,targeted,cri:cal,infrastructure, • Harvest,informa:on,about,architecture, •
Disable,alarming,and,no:fica:on,systems, • Physically,damage,SCADA,equipment,
8.
Copyright,2016,Trend,Micro,Inc.,8, Malware,Targe:ng,HMI,Solu:ons, • Stuxnet, – First,malware,created,to,target,ICS,environments, –
Abused,HMI,vulnerabili:es, • Siemems,SIMATIC,STEP,7,DLL,Hijacking,Vulnerability,(ICSA'12'205'02), • Siemens,WinCC,Insecure,SQL,Server,Authen:ca:on,(ICSA'12'205'01), • ,BlackEnergy, – Ongoing,sophis:cated,malware,campaign,compromising,ICS,environments, – Abused,HMI,vulnerabili:es, • GE,CIMIPCITY,Path,Traversal,Vulnerabili:es,(ICSA'14'023'01), • Siemens,WinCC,Remote,Code,Execu:on,Vulnerabili:es,(ICSA'14'329'02D), • Advantech,WebAccess,(ICS'ALERT'14'281'01B),
9.
Copyright,2016,Trend,Micro,Inc.,9, ICS'CERT, • Organiza:on,within,Department,of,Homeland,Security, • Focuses,on:, –
Responding,to,and,analyzing,control,systems'related,incidents, – Conduc:ng,vulnerability,and,malware,analysis, – Providing,onsite,incident,response,services, – Coordina:ng,the,responsible,disclosure,of,vulnerabili:es,and, associated,mi:ga:ons, • For,2015,,ICS'CERT,responded,to,295,incidents,and,handled, 486,vulnerability,disclosures,
10.
Copyright,2016,Trend,Micro,Inc.,10, Cri:cal,Infrastructure,Ahacks,
11.
Copyright,2016,Trend,Micro,Inc.,11, Targe:ng,Water,U:li:es, • Compromised,internet'facing,AS/400,system,responsible,for:, – Network,rou:ng, –
Manipula:on,of,Programmable,Logic,Controllers,(PLC), – Management,of,customer,PII,and,billing,informa:on, • Altered,sejngs,related,to,water,flow,and,amount,of, chemicals,that,went,into,the,water,supply, • Four,separate,connec:ons,to,the,AS/400,over,a,60'day, period, • Actors,IP,:ed,to,previous,hack:vist,ac:vi:es,
12.
Copyright,2016,Trend,Micro,Inc.,12, Targe:ng,Power,Plants, • On,December,24,,2015,,Ukrainian,companies,experienced, unscheduled,power,outages,impac:ng,225,000+,customers., – Caused,by,external,malicious,actors, –
Mul:ple,coordinated,ahacks,within,30,minutes,of,each,other, • Used,remote,administra:on,tools,and/or,remote,industrial, control,system,(ICS),client,soTware,to,control,breakers., • Used,KillDisk,to,overwrite,Windows'based,human'machine, interface,system., – Disrupt,restora:on,efforts,
13.
Copyright,2016,Trend,Micro,Inc.,13, Targe:ng,Railway,and,Mining,Industry, • Malware,similar,to,the,power,incident,found,in,the,ahacks, against,a,Ukrainian,rail,and,a,Ukrainian,mining,company, – November,–,December,2015, •
Overlap,between,the,samples,found,in,the,Ukrainian,power, incident,and,those,apparently,used,against,the,Ukrainian, mining,company, – Malware,leveraged,(BlackEnergy/KillDisk), – Infrastructure, – Naming,Conven:ons,
14.
Copyright,2016,Trend,Micro,Inc.,14, Prevalent,Vulnerability,Types,
15.
Copyright,2016,Trend,Micro,Inc.,15, Current,State,of,HMI,Solu:ons, • Not,built,with,security,in,mind,, • Seen,no,benefit,of,the,evolu:on,of,the,secure,SDL, •
Mi:ga:ons,against,advanced,ahacks,are,disabled, • Poor,design/developer,assump:ons, • Lack,of,understanding,of,real,opera:ng,environment, – Not,on,isolated,or,trusted,networks, – Con:nually,being,interconnected,
16.
Copyright,2016,Trend,Micro,Inc.,16, Common,Problems,with,HMI, Memory,Corrup:on, Creden:al,Management, Insecure,Default, Authen:ca:on/Authoriza:on, Injec:on, Other, Source:,2015'2016,ICS'CERT,Advisories,,
17.
Copyright,2016,Trend,Micro,Inc.,17, Memory,Corrup:on, • 20%,of,iden:fied,vulnerabili:es, • Common,vulnerability,types, –
Stack'based,Buffer,Overflow, – Heap'based,Buffer,Overflow, – Out'of'bounds,Read/Write, • Zero,Day,Ini:a:ve,case,study, – Advantech,WebAccess,webvrpcs,Service, BwOpcSvc.dll,WindowName,, sprinq,Stack'Based,Buffer,Overflow, Remote,Code,Execu:on,Vulnerability,
18.
Copyright,2016,Trend,Micro,Inc.,18, , Advantech,WebAccess,Case,Study, • ICS'CERT,states:, – “There,are,many,instances,where,the,buffer,on,the,stack,can,be, overwrihen”, •
Iden:fiers, – CVE'2016'0856, – ZDI'16'048, – ICSA'16'014'01, • CVSS, – 9.3, • Disclosure,Timeline,, – 2015–09–17,',Reported,to,vendor,, 2016–02–05,–,Coordinated,release, • Credit, – Discovered,by:,Anonymous, – Disclosed,by:,Zero,Day,Ini:a:ve,
19.
Copyright,2016,Trend,Micro,Inc.,19, , Advantech,WebAccess,HMI,Solu:on,
20.
Copyright,2016,Trend,Micro,Inc.,20, Remotely,Accessible,Services,, • Launches,a,service,,webvrpcs.exe,,in,the,context,of,a,local, administra:ve,users, • Services,listens,on,TCP,port,4592,,by,default,,and,may,be, accessed,over,an,RPC'based,protocol, •
Applica:on,interface,is,structured,to,resemble,the,Windows, Device,IoControl,func:on, – Each,func:on,contains,a,field,similar,to,an,IOCTL,
21.
Copyright,2016,Trend,Micro,Inc.,21, Prototype,of,RPC,func:on,
22.
Copyright,2016,Trend,Micro,Inc.,22, IOCTL,0x0001388B, • Inside,BwOpcSvc.dll,(which,is,loaded,into,webvrpc.exe),, rou:ne,with,an,exported,entry,name,of,BwSvcFunc:on, which,processes,a,number,of,entry,points,,using,a,jump, table., • Flaw,exists,within,the,implementa:on,of,IOCTL,0x0001388B,, •
Stack'based,buffer,overflow,exists,in,a,call,to,sprinq,using, WindowsName,parameter,
23.
Copyright,2016,Trend,Micro,Inc.,23, Vulnerable,Code,
24.
Copyright,2016,Trend,Micro,Inc.,24, Stack,Layout,
25.
Copyright,2016,Trend,Micro,Inc.,25, Applica:on,Crash,
26.
Copyright,2016,Trend,Micro,Inc.,26, Exploita:on,Demo,
27.
Copyright,2016,Trend,Micro,Inc.,27, Patch,Analysis, • _sprinq,is,in,the,list,of,MicrosoT,banned,APIs,list, – First,published,in,2007, –
hhps://msdn.microsoT.com/en'us/library/bb288454.aspx,,,, • Advantech,should,implement,MicrosoT,banned,APIs,and, remove,all,of,them,from,shipping,code, • What,did,they,do…,
28.
Copyright,2016,Trend,Micro,Inc.,28, Patch,Analysis, • WindowName,field,in,the,stack,buffer,is,0x80,bytes, • _snprinq,Length,parameter,is,0x7f,bytes,
29.
Copyright,2016,Trend,Micro,Inc.,29, Variant,Analysis, 1. ZDI'16'049,',Advantech,WebAccess,webvrpcs,Service,BwOpcSvc.dll,WindowName,sprinq,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 2. ZDI'16'050,',Advantech,WebAccess,webvrpcs,Service,BwOpcSvc.dll,WindowName,sprinq,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 3.
ZDI'16'051,',Advantech,WebAccess,webvrpcs,Service,BwOpcSvc.dll,WindowName,sprinq,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 4. ZDI'16'052,',Advantech,WebAccess,webvrpcs,Service,BwOpcSvc.dll,sprinq,Uncontrolled,Format,String,Remote,Code,Execu:on,Vulnerability, 5. ZDI'16'053,',Advantech,WebAccess,webvrpcs,Service,BwBASScdDl.dll,TargetHost,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 6. ZDI'16'054,',Advantech,WebAccess,webvrpcs,Service,WaDBS.dll,TagName,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 7. ZDI'16'055,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,sprinq,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 8. ZDI'16'056,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,sprinq,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 9. ZDI'16'057,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,ProjectName,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 10. ZDI'16'058,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,ProjectName,strcpy,Globals,Overflow,Remote,Code,Execu:on,Vulnerability, 11. ZDI'16'059,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,ProjectName,strcat,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 12. ZDI'16'060,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,HostName/ProjectName/NodeName,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 13. ZDI'16'061,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,sprinq,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 14. ZDI'16'062,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,ProjectName/NodeName,sprinq,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 15. ZDI'16'063,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 16. ZDI'16'064,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,strcpy,Heap'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 17. ZDI'16'065,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,strcpy,Heap'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 18. ZDI'16'066,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,strcpy,Heap'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 19. ZDI'16'067,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,Backup,RPC,Hostname,strcpy,Heap'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 20. ZDI'16'068,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,strcpy,Heap'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 21. ZDI'16'069,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,NewPointValue,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 22. ZDI'16'070,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,Primary,RPC,Hostname,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 23. ZDI'16'071,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 24. ZDI'16'072,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,Backup,RPC,Hostname,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability,
30.
Copyright,2016,Trend,Micro,Inc.,30, Variant,Analysis, 25. ZDI'16'073,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,memcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 26. ZDI'16'074,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,memcpy,Globals,Overflow,Remote,Code,Execu:on,Vulnerability, 27.
ZDI'16'075,',Advantech,WebAccess,webvrpcs,Service,BwpAlarm.dll,memcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 28. ZDI'16'076,',Advantech,WebAccess,webvrpcs,Service,ViewSrv.dll,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 29. ZDI'16'077,',Advantech,WebAccess,webvrpcs,Service,ViewSrv.dll,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 30. ZDI'16'078,',Advantech,WebAccess,webvrpcs,Service,ViewSrv.dll,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 31. ZDI'16'079,',Advantech,WebAccess,webvrpcs,Service,ViewSrv.dll,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 32. ZDI'16'080,',Advantech,WebAccess,webvrpcs,Service,ViewSrv.dll,TagName,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 33. ZDI'16'081,',Advantech,WebAccess,webvrpcs,Service,BwKrlApi.dll,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 34. ZDI'16'082,',Advantech,WebAccess,webvrpcs,Service,ViewSrv.dll,Path,BwBuildPath,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 35. ZDI'16'083,',Advantech,WebAccess,webvrpcs,Service,ViewSrv.dll,Path,BwBuildPath,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 36. ZDI'16'084,',Advantech,WebAccess,webvrpcs,Service,ViewSrv.dll,Path,BwBuildPath,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 37. ZDI'16'085,',Advantech,WebAccess,webvrpcs,Service,ViewSrv.dll,Path,BwBuildPath,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 38. ZDI'16'086,',Advantech,WebAccess,webvrpcs,Service,BwKrlApi.dll,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 39. ZDI'16'087,',Advantech,WebAccess,webvrpcs,Service,BwKrlApi.dll,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 40. ZDI'16'088,',Advantech,WebAccess,webvrpcs,Service,BwKrlApi.dll,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 41. ZDI'16'089,',Advantech,WebAccess,webvrpcs,Service,BwKrlApi.dll,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 42. ZDI'16'090,',Advantech,WebAccess,webvrpcs,Service,BwKrlApi.dll,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 43. ZDI'16'091,',Advantech,WebAccess,webvrpcs,Service,BwKrlApi.dll,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 44. ZDI'16'092,',Advantech,WebAccess,webvrpcs,Service,BwKrlApi.dll,Path,BwBuildPath,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 45. ZDI'16'093,',Advantech,WebAccess,webvrpcs,Service,DrawSrv.dll,Path,BwBuildPath,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 46. ZDI'16'094,',Advantech,WebAccess,webvrpcs,Service,DrawSrv.dll,Path,BwBuildPath,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 47. ZDI'16'095,',Advantech,WebAccess,webvrpcs,Service,DrawSrv.dll,TagGroup,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 48. ZDI'16'096,',Advantech,WebAccess,webvrpcs,Service,ViewDll.dll,TagGroup,strcat,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability,
31.
Copyright,2016,Trend,Micro,Inc.,31, Variant,Analysis, 49. ZDI'16'097,',Advantech,WebAccess,webvrpcs,Service,ViewDll.dll,TagGroup,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 50. ZDI'16'099,',Advantech,WebAccess,webvrpcs,Service,DrawSrv.dll,TagGroup,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 51.
ZDI'16'100,',Advantech,WebAccess,webvrpcs,Service,DrawSrv.dll,TagGroup,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 52. ZDI'16'101,',Advantech,WebAccess,datacore,Service,datacore.exe,Path,strcat,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 53. ZDI'16'102,',Advantech,WebAccess,datacore,Service,datacore.exe,Path,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 54. ZDI'16'103,',Advantech,WebAccess,datacore,Service,datacore.exe,Path,strcat,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 55. ZDI'16'104,',Advantech,WebAccess,datacore,Service,datacore.exe,ExtDataSize,Integer,Overflow,Remote,Code,Execu:on,Vulnerability, 56. ZDI'16'105,',Advantech,WebAccess,datacore,Service,datacore.exe,strcpy,Shared,Virtual,Memory,Overflow,Remote,Code,Execu:on,Vulnerability, 57. ZDI'16'106,',Advantech,WebAccess,datacore,Service,datacore.exe,sprinq,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 58. ZDI'16'107,',Advantech,WebAccess,datacore,Service,datacore.exe,strcpy,Heap'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 59. ZDI'16'108,',Advantech,WebAccess,datacore,Service,datacore.exe,Username,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 60. ZDI'16'109,',Advantech,WebAccess,datacore,Service,datacore.exe,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 61. ZDI'16'110,',Advantech,WebAccess,datacore,Service,datacore.exe,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 62. ZDI'16'111,',Advantech,WebAccess,datacore,Service,datacore.exe,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 63. ZDI'16'112,',Advantech,WebAccess,datacore,Service,datacore.exe,Username,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 64. ZDI'16'113,',Advantech,WebAccess,datacore,Service,datacore.exe,Username,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 65. ZDI'16'114,',Advantech,WebAccess,datacore,Service,datacore.exe,Username,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 66. ZDI'16'115,',Advantech,WebAccess,datacore,Service,datacore.exe,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 67. ZDI'16'116,',Advantech,WebAccess,datacore,Service,datacore.exe,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 68. ZDI'16'117,',Advantech,WebAccess,datacore,Service,datacore.exe,Username,strcpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 69. ZDI'16'118,',Advantech,WebAccess,datacore,Service,datacore.exe,strncpy,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 70. ZDI'16'119,',Advantech,WebAccess,datacore,Service,datacore.exe,AlarmMessage,strcpy,Heap'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 71. ZDI'16'120,',Advantech,WebAccess,datacore,Service,datacore.exe,AlarmMessage,sprinq,Stack'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability, 72. ZDI'16'121,',Advantech,WebAccess,datacore,Service,datacore.exe,AlarmMessage,strcpy,Heap'Based,Buffer,Overflow,Remote,Code,Execu:on,Vulnerability,
32.
Copyright,2016,Trend,Micro,Inc.,32, Creden:al,Management, • 19%,of,iden:fied,vulnerabili:es, • Common,vulnerability,types, –
Use,of,Hard'coded,Creden:als, – Storing,Passwords,in,a,Recoverable, Format, – Insufficiently,Protected,Creden:als, • Zero,Day,Ini:a:ve,case,study, – GE,MDS,PulseNET,Hidden,Support,Account, Remote,Code,Execu:on,Vulnerability, ,
33.
Copyright,2016,Trend,Micro,Inc.,33, , GE,MDS,PulseNET,Case,Study, • ICS'CERT,states:, – “The,affected,products,contain,a,hard'coded,support,account,with, full,privileges.”, •
Iden:fiers, – CVE'2015'6456, – ZDI'15'440, – ICSA'15'258'03, • CVSS, – 9.0, • Disclosure,Timeline,, – 2015–05–14,',Reported,to,vendor,, 2015–09–16,–,Coordinated,release, • Credit, – Discovered,by:,Andrea,Micalizzi,(rgod), Disclosed,by:,Zero,Day,Ini:a:ve,
34.
Copyright,2016,Trend,Micro,Inc.,34, User,Management,Panel,
35.
Copyright,2016,Trend,Micro,Inc.,35, Actual,User,Database,
36.
Copyright,2016,Trend,Micro,Inc.,36, Undocumented,ge_support,Account, • Exists,in,the,sec_user,table)by)default) • Password,for,this,account:, –
<![HDATA[MD5$8af7e0cd2c76d2faa98b71f8ca7923f9, – “Pu1seNET”, • Account,offers,full,privileges,
37.
Copyright,2016,Trend,Micro,Inc.,37, Insecure,Default, • 12%,of,iden:fied,vulnerabili:es, • Common,vulnerability,types, –
Cleartext,Transmission,of,Sensi:ve,, Informa:on, – Missing,Encryp:on,of,Sensi:ve, – Unsafe,Ac:veX,Control,Marked, Safe,For,Scrip:ng, • Zero,Day,Ini:a:ve,case,study, – Seimens,Case,Study,
38.
Copyright,2016,Trend,Micro,Inc.,38, 0'day,Vulnerability,Case,Study, • Vulnerability,details,will,be,disclosed,during,the,talk,at,the, DEF,CON,conference, • Expected,to,patch,the,week,before,the,conference, •
If,it,is,not,patched,,we,will,release,the,details,publically,in, accordance,with,the,Zero,Day,Ini:a:ve,Vulnerability, Disclosure,Policy,
39.
Copyright,2016,Trend,Micro,Inc.,39, Authen:ca:on/Authoriza:on, • 12%,of,iden:fied,vulnerabili:es, • Common,vulnerability,types, –
Authen:ca:on,Bypass,Issues, – Improper,Access,Control, – Improper,Privilege,Management, – Improper,Authen:ca:on, • Zero,Day,Ini:a:ve,case,study, – Advantech,WebAccess,Case,Study,
40.
Copyright,2016,Trend,Micro,Inc.,40, 0'day,Vulnerability,Case,Study, • Vulnerability,details,will,be,disclosed,during,the,talk,at,the, DEF,CON,conference, • Expected,to,patch,before,the,conference, •
If,it,is,not,patched,,we,will,release,the,details,publically,in, accordance,with,the,Zero,Day,Ini:a:ve,Vulnerability, Disclosure,Policy,
41.
Copyright,2016,Trend,Micro,Inc.,41, Injec:ons, • 9%,of,iden:fied,vulnerabili:es, • Common,vulnerability,types, –
SQL,Injec:on, – Code,Injec:on,, – OS,Command,Injec:on, – Command,Injec:on, • Zero,Day,Ini:a:ve,case,study, – Cogent,DataHub,Gamma, Command,Injec:on, Remote,Code,Execu:on,Vulnerability,
42.
Copyright,2016,Trend,Micro,Inc.,42, , Cogent,DataHub,Case,Study, • ICS'CERT,states:, – “allow,an,ahacker,to,turn,on,an,insecure,processing,mode,in,the, web,server,,which,subsequently,allows,the,ahacker,to,send, arbitrary,script,commands,to,the,server”, •
Iden:fiers, – CVE'2015'3789, – ZDI'15'438, – ICSA–15–246–01, • CVSS, – 7.5, • Disclosure,Timeline,, – 2015–06–02,',Reported,to,vendor,, 2015–09–08,–,Coordinated,release, • Credit, – Discovered,by:,Anonymous, – Disclosed,by:,Zero,Day,Ini:a:ve,
43.
Copyright,2016,Trend,Micro,Inc.,43, , Cogent,DataHub,Overview,
44.
Copyright,2016,Trend,Micro,Inc.,44, Gamma,Script,Overview, • Gamma,is,DataHub’s,scrip:ng,language, • Dynamically'typed,interpreted,programming,language, specifically,designed,to,allow,rapid,development,of,control, and,user,interface,applica:ons, •
Gamma,has,a,syntax,similar,to,C,and,C++,,but,has,a,range,of, built'in,features,that,make,it,a,far,beher,language,for, developing,sophis:cated,real':me,systems,
45.
Copyright,2016,Trend,Micro,Inc.,45, Ahacker'Supplied,Script,Evalua:on, • Flaw,exists,within,the,EvalExpresssion,method, – Allows,for,execu:on,of,ahacker,controlled,code, •
Remotely,accessible,through,the,AJAX,facility, – Listening,on,TCP,port,80,, • Supplying,a,specially,formahed,Gamma,script,allows,for,the, execu:on,of,arbitrary,OS,commands,
46.
Copyright,2016,Trend,Micro,Inc.,46, Vulnerable,Code,
47.
Copyright,2016,Trend,Micro,Inc.,47, Exploita:on,Steps, 1. Send,a,request,to,any,Gamma,script,to,load,necessary, libraries, 2. Call,AJAXSupport.AllowExpressions,and,set, allow_any_expression,to,True,, 3.
Call,AJAXSupport.EvalExpression,method,and,pass,in,the, script,that,you,want,executed,
48.
Copyright,2016,Trend,Micro,Inc.,48, Exploita:on,Demo,
49.
Copyright,2016,Trend,Micro,Inc.,49, Patch,Analysis,
50.
Copyright,2016,Trend,Micro,Inc.,50, Researcher,Guidance,,
51.
Copyright,2016,Trend,Micro,Inc.,51, Basic,Fuzzing, • Simple,bit'flipping,fuzzing,is,highly,effec:ve,against,HMI, – Look,for,new,file,associa:ons,during,installa:ons, •
Don’t,forget,to,enable,page,heap,to,find,heap,corrup:on, – gflags.exe,/i,hmi.exe,+hpa,+ust, • Leverage,exis:ng,tools,and,frameworks, – radamsa, – sqlmap,
52.
Copyright,2016,Trend,Micro,Inc.,52, MicrosoT’s,Ahack,Surface,Analyzer, • Released,in,2012, • Creates,snapshots,before,and,aTer,installa:on, •
Highlights,security,misconfigura:ons, – Registry,sejngs,and,file,permissions, • Provides,a,list,of,auditable,system,modifica:ons, – COM,objects, – Ac:veX,controls, – File,associa:ons, – RPC,endpoints,
53.
Copyright,2016,Trend,Micro,Inc.,53, Ahack,Surface,Analyzer,Report,
54.
Copyright,2016,Trend,Micro,Inc.,54, Ahack,Surface,Analyzer,Report,
55.
Copyright,2016,Trend,Micro,Inc.,55, Audit,for,Banned,APIs, • C,run:me,has,many,APIs,with,serious,security,programs, • MicrosoT,banned,use,of,problema:c,C,library,func:ons, –
“The,Security,Development,Lifecycle”,(MicrosoT,,2006), – Security,Development,Lifecycle,Banned,Func:on,Calls,, hhps://msdn.microsoT.com/en'us/library/bb288454.aspx, • Depressingly,common,in,HMI,code,,with,predictable, nega:ve,impacts, • IDA,is,extremely,valuable,tool,for,audi:ng,for,inappropriate, uses,,
56.
Copyright,2016,Trend,Micro,Inc.,56, Disclosure,Sta:s:cs,
57.
Copyright,2016,Trend,Micro,Inc.,57, Vulnerability,Exposure,Windows, 0, 20, 40, 60, 80, 100, 120, 140, 160, 180, 2013, 2014, 2015,
2016,
58.
Copyright,2016,Trend,Micro,Inc.,58, Vendor,Response,Times, 0, 50, 100, 150, 200, 250, ABB, Advantech, Codesys,
Cogent, Real'Time, Systems, Ecava, GE, Honeywell, IndusoT, MICROSYS, PTC, Rockwell, Automa:on, Schneider, Electric, Tibbo, Trihedral, Engineering, Ltd, Unitronics, WellinTech,
59.
Copyright,2016,Trend,Micro,Inc.,59, Industry,by,Industry,Comparison, 0, 20, 40, 60, 80, 100, 120, 140, 160, 180, 200, Business, Highly'Deployed, SCADA,
Security,
60.
Copyright,2016,Trend,Micro,Inc.,60, Conclusions,
61.
Copyright,2016,Trend,Micro,Inc.,61, Go,find,bugs!, • ICS'focused,malware,ac:vely,exploi:ng,HMI,vulnerabili:es, • HMI,codebases,plagued,with,cri:cal,vulnerabili:es, •
Simple,techniques,can,be,used,to,find,vulnerabili:es, • Exposure,windows,is,~150,days,leaving,cri:cal, infrastructure,vulnerable,
62.
Copyright,2016,Trend,Micro,Inc.,62, Ques:ons?, , , , , , www.zerodayini:a:ve.com, @thezdi,
Download now