К началу 2016 года у многих сложилось впечатление, что проблема DDoS-атак исчерпала себя — настолько тривиальными выглядели сами атаки и меры по защите от них. Спустя год ситуация кардинально изменилась. Обсудим эти изменения, их причины, предпосылки и последствия, а также их взаимосвязь с развитием IoT.
Ratan Mohapatra submitted a final exam documenting two labs: 1) Using remote desktop to connect from VM Win7-1 to Win7-2 by activating RDP from the command prompt on Win7-1. Screenshots showed the connection was successful. 2) Creating a new firewall inbound rule for ICMPV4 traffic on Win7-2 using the remote desktop, then pinging successfully between Win7-1 and Win7-2 in both directions.
The document discusses the history and components of industrial automation and programmable logic controllers (PLCs). It provides an overview of PLC components like the power supply, communication modules, input/output modules, and processor. Examples of PLC addressing modes and advanced instructions are also described. The document outlines an automatic parking control project and a motor sequence control project developed using a PLC. It discusses the role of PLCs in instrumentation and control applications.
This document contains code and instructions for testing bitwise AND logic on an MCS51 microcontroller. It includes:
1) Code to move test data values into registers R0-R5 for inputs.
2) Code that performs AND operations on the register pairs to test the logic.
3) Instructions to use a circuit simulation software to test the AND logic by reading switches on ports 1 and 3 and displaying the output on port 2 LEDs.
The document discusses SCADA (Supervisory Control and Data Acquisition) systems which are used to remotely monitor and control critical infrastructure like power plants, oil and gas pipelines, and water treatment facilities. It outlines some security issues with SCADA including that these systems have been of interest to terrorists and nation-states due to their ability to disrupt important systems, and that insiders and simple attacks could also potentially target vulnerable SCADA networks.
This document outlines a project to automate water level monitoring and control in dams using a microcontroller. The system uses sensors to detect the water level and signals the microcontroller, which then controls motors to open and close doors based on minimum and maximum water levels. If the level exceeds maximum, the doors close and an alarm activates to warn of high water. When the level lowers, the doors reopen automatically. The microcontroller is programmed to interface with sensors, motors, displays and alarms to regulate the water level.
Confidence 2017: SCADA and mobile in the IoT times (Ivan Yushkievich, Alexand...PROIDEA
The document discusses the results of analyzing 32 mobile SCADA and industrial control system applications for security issues. Several common issues were found:
- Over 60% of apps had insecure data storage issues like storing passwords and configuration files in unencrypted formats on external storage.
- Around 30-35% of apps had insecure communication issues like transferring credentials in clear text or not properly implementing SSL certificate pinning.
- Other frequent issues included insecure authorization, client code quality problems, and potential for code tampering on rooted devices.
Reverse engineering of the app code found additional logic and implementation flaws. The document concludes mobile app security in industrial control systems still needs significant improvements.
The goal of the talk is to demonstrate how technical vulnerabilities in the IT components can be used to bypass industrial and functional safety features and create cable melting or blackout conditions. Few (fixed) vulnerabilities in Relay Protection terminals discovered by the SCADA StrangeLove team will be discussed.
К началу 2016 года у многих сложилось впечатление, что проблема DDoS-атак исчерпала себя — настолько тривиальными выглядели сами атаки и меры по защите от них. Спустя год ситуация кардинально изменилась. Обсудим эти изменения, их причины, предпосылки и последствия, а также их взаимосвязь с развитием IoT.
Ratan Mohapatra submitted a final exam documenting two labs: 1) Using remote desktop to connect from VM Win7-1 to Win7-2 by activating RDP from the command prompt on Win7-1. Screenshots showed the connection was successful. 2) Creating a new firewall inbound rule for ICMPV4 traffic on Win7-2 using the remote desktop, then pinging successfully between Win7-1 and Win7-2 in both directions.
The document discusses the history and components of industrial automation and programmable logic controllers (PLCs). It provides an overview of PLC components like the power supply, communication modules, input/output modules, and processor. Examples of PLC addressing modes and advanced instructions are also described. The document outlines an automatic parking control project and a motor sequence control project developed using a PLC. It discusses the role of PLCs in instrumentation and control applications.
This document contains code and instructions for testing bitwise AND logic on an MCS51 microcontroller. It includes:
1) Code to move test data values into registers R0-R5 for inputs.
2) Code that performs AND operations on the register pairs to test the logic.
3) Instructions to use a circuit simulation software to test the AND logic by reading switches on ports 1 and 3 and displaying the output on port 2 LEDs.
The document discusses SCADA (Supervisory Control and Data Acquisition) systems which are used to remotely monitor and control critical infrastructure like power plants, oil and gas pipelines, and water treatment facilities. It outlines some security issues with SCADA including that these systems have been of interest to terrorists and nation-states due to their ability to disrupt important systems, and that insiders and simple attacks could also potentially target vulnerable SCADA networks.
This document outlines a project to automate water level monitoring and control in dams using a microcontroller. The system uses sensors to detect the water level and signals the microcontroller, which then controls motors to open and close doors based on minimum and maximum water levels. If the level exceeds maximum, the doors close and an alarm activates to warn of high water. When the level lowers, the doors reopen automatically. The microcontroller is programmed to interface with sensors, motors, displays and alarms to regulate the water level.
Confidence 2017: SCADA and mobile in the IoT times (Ivan Yushkievich, Alexand...PROIDEA
The document discusses the results of analyzing 32 mobile SCADA and industrial control system applications for security issues. Several common issues were found:
- Over 60% of apps had insecure data storage issues like storing passwords and configuration files in unencrypted formats on external storage.
- Around 30-35% of apps had insecure communication issues like transferring credentials in clear text or not properly implementing SSL certificate pinning.
- Other frequent issues included insecure authorization, client code quality problems, and potential for code tampering on rooted devices.
Reverse engineering of the app code found additional logic and implementation flaws. The document concludes mobile app security in industrial control systems still needs significant improvements.
The goal of the talk is to demonstrate how technical vulnerabilities in the IT components can be used to bypass industrial and functional safety features and create cable melting or blackout conditions. Few (fixed) vulnerabilities in Relay Protection terminals discovered by the SCADA StrangeLove team will be discussed.
Scada deep inside: protocols and security mechanismsAleksandr Timorin
The document discusses SCADA protocols and security mechanisms. It begins with an introduction to the speaker and overview of the agenda, which includes discussions of common industrial protocols like Modbus, DNP3, PROFINET DCP, IEC 61850, IEC 61870, and protocols from Siemens and Honeywell. It notes that many protocols have no authentication or encryption. The document then demonstrates attacks against protocols like analyzing and spoofing PROFINET DCP packets and causing issues on a Siemens PLC.
Ripe71 FastNetMon open source DoS / DDoS mitigationPavel Odintsov
This document describes FastNetMon, an open source DDoS mitigation toolkit. It provides concise summaries of network traffic and detects DDoS attacks in real-time. It can block malicious traffic through methods like BGP announcements. FastNetMon supports many Linux distributions and can integrate with hardware/cloud solutions. It detects attacks faster than traditional hardware/service approaches through optimized packet capture using tools like Netmap and PF_RING.
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar Santhosh Kumar
The document summarizes a presentation given by Santhosh Kumar and Anamika Singh on analyzing router vulnerabilities and the WiHawk router vulnerability scanner. The presentation covered analyzing sample routers to find issues, open source tools for firmware analysis, demonstrating exploits found, and the lack of responses from some vendors. It also described the WiHawk scanner which automates checking routers for common vulnerabilities and issues like default credentials, backdoors, and more.
This book covers the details of Soil moisture control system, Web based SCADA System, Automated Meter reading ,GPRS based asset tracking system and LiFi based Navigation and many more .
Role of Connectivity - IoT - Cloud in Industry 4.0Gautam Ahuja
The role of Connectivity, IoT & Cloud in Industry 4.0.
This was presented to professionals from the Manufacturing & Process industries at the CII meet on 10th October 2018@ Lonavala.
José Ramón Palanco is an OT security expert at ElevenPaths (Telefónica) who specializes in penetration testing, vulnerability research, and programming. The presentation covers OT protocols, an OT lab for hardware hacking and firmware analysis, industrial malware examples like Stuxnet, and projects including an industrial protocol IDS and Nmap scripts for discovering SCADA/ICS devices.
This document describes a microcontroller-based automatic engine locking system for drunken drivers. The system uses an AT89S52 microcontroller and various hardware components like an alcohol detection sensor, buzzer, LCD display, motors and more. It detects alcohol levels using a sensor and locks the engine by activating a relay if alcohol is detected above the set limit, simulating the locking process. The system is programmed using Keil software and aims to prevent accidents caused by drunk driving.
The document lists over 100 technology project topics available for download on the website 15projects.com. The topics cover a wide range of technology subjects including networking, security, hardware, software, and more. Visitors are encouraged to visit 15projects.com multiple times to access and download full materials for the various topics free of charge to help with student projects and research.
CONFidence 2015: SCADA and mobile: security assessment of the applications th...PROIDEA
Speakers: Alexander Bolshev, Ivan Iushkevich
Language: English
The days when mobile technologies were just a rising trend have passed, and now mobile devices are an integral part of our life. As a result, you may find them in places where they probably shouldn't be. But convenience often wins over security. Nowadays, you can monitor (or even control!) your ICS (Industrial Control System) from a brand-new Android or iOS smartphone. Just type the words 'HMI', 'SCADA', or 'PLC' into Google Play Store or iTunes App Store, and a surprisingly large bunch of results will appear. Moreover, many of these applications are developed by serious vendors, like Siemens, GE, Omron, etc., and allow accessing, monitoring, or controlling the HMI, PLC, DCS, or SCADA systems in your ICS infrastructure. Are they secure? Could an attacker do something bad if they get access to an industrial engineer's tablet? What kind of vulnerabilities can exist in these applications? What attack vectors are possible?
To answer all these questions, we took a sample of "mobile apps for your SCADA, PLC, HMI" and assessed them. In these talk, found vulnerabilities, attack methods, and other potential risks will be shown. Two attack scenarios will be shown: attacking ICS infrastructure via a compromised smartphone and penetrating mobile devices out of a compromised ICS environment (bottom-to-top attacks). We will discuss whether it is SAFE to allow mobile applications to interact with your ICS infrastructure. Also, the detailed statistics of found flaws and security mechanisms usage will be shown.
CONFidence: http://confidence.org.pl/pl/
The document discusses cybersecurity issues related to IoT devices. It begins by describing the 2016 Mirai botnet attacks, which exploited vulnerabilities in IoT devices like IP cameras and DVRs to take down major websites. The document then analyzes the current security situations of IoT, finding that many devices have vulnerabilities due to a lack of focus on security by manufacturers. It also notes that IoT devices could potentially be used as "weapons of mass destruction" due to their ubiquity, connectivity and potential access to users' daily lives. The rest of the document examines common vulnerabilities and attack vectors in IoT devices.
Microcontroller based automatic engine locking system for drunken driversVinny Chweety
This document describes a mini project report on a microcontroller-based automatic engine locking system for drunken drivers. The system uses an AT89S52 microcontroller and various hardware components like an alcohol detection sensor, buzzer, LCD display, motors/engine, and other supporting circuitry. If the alcohol detection sensor detects alcohol levels above a set limit from the driver's breath, the microcontroller will lock the engine by activating a relay to prevent drunken driving and accidents. The project aims to increase road safety by preventing intoxicated individuals from operating vehicles.
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...PROIDEA
The document provides an overview and analysis of several industrial control system protocols including MODBUS, DNP3, PROFINET DCP, IEC 61850-8-1, IEC 61870-5-101/104, FTE, and Siemens protocols. It discusses the functionality of each protocol, security issues like the lack of authentication and encryption, and tools for analyzing and interacting with the protocols. Live demonstrations are provided of scanning networks using some of the protocols.
SCADA deep inside: protocols and security mechanismsAleksandr Timorin
The document discusses various industrial control system protocols including Modbus, DNP3, PROFINET DCP, IEC 61850-8-1, and IEC 61870-5-101/104. It describes their functions, security issues like lack of authentication and encryption, and available tools for analyzing the protocols. The speaker is a penetration tester who researches SCADA security and protocols.
Stuxnet is a computer virus that targets industrial control systems. It spreads through infected USB drives and networks, then infects PLCs (Programmable Logic Controllers) that are configured for specific industrial processes. Once infected, Stuxnet alters the PLC code to change the industrial process without the operator's knowledge through a "man in the middle" attack when programming software updates the PLC. The presentation demonstrates how Stuxnet infects a PLC and alters its code to change an industrial process.
BsidesSP: Pentesting in SDN - Owning the ControllersRoberto Soares
Conference:
BsidesSP
Description:
SDN (Software Defined Network) has attracted the attention of many technology giants from various segments such as VMware, Juniper, Cisco, HP, IBM, Google, China Telecom, Huawei and others by providing more virtualized services that can be scheduled, managed and monitored faster, more efficient and in a less costly manner than the usual solutions. Defining routes, switching, QoS treatment and security policies that happened in stocky and specific hardware now has performed his duties in higher layers of software, installed on virtualized machine. But how can we test this? First, we'll address an overview of the SDN architecture, soon after, it will be explained how to find SDN controllers, and if present in our network, steal critical information so that we can proceed with our exploitation. In the end, we will take possession of the controllers and make unexpected. There will be a smattering of codes for metasploit that will be demonstrated. Does a controller can control us? We'll see.
This document summarizes an presentation on industrial protocols for pentesters. It discusses several common industrial protocols including Modbus, Siemens S7, PROFINET, and provides information on analyzing them such as looking for patterns in hex dumps. Example tools for scanning devices and extracting information via these protocols are also presented. The document concludes with a reminder of resources for further information on industrial control systems security.
This document provides a tutorial on SCADA (Supervisory Control and Data Acquisition) systems. It defines SCADA as a system that collects data from sensors measuring processes, transmits the data to central computers, and issues commands to remote terminal units to control processes. The document outlines the basic components of SCADA systems including sensors, remote terminal units, the master terminal unit, and the communications network. It also discusses modern SCADA features and provides an example of a SCADA system implementation in Egypt for electricity distribution.
Bringing M2M to the web with Paho: Connecting Java Devices and online dashboa...Dominik Obermaier
This document discusses using MQTT and the Eclipse Paho project to connect IoT devices and web dashboards. It introduces MQTT as a lightweight protocol for machine-to-machine communication and outlines its advantages over HTTP. The presenters demonstrate building a Java device simulator that publishes sensor data to an MQTT broker using Paho, and a web dashboard that subscribes to sensor topics using Paho.js to display readings in real-time. Attendees learn how to implement device connectivity, publish and subscribe functionality, and build interactive dashboards to control and monitor IoT devices through MQTT and Paho.
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...grecsl
Knowing how to perform basic malware analysis can go a long way in helping infosec analysts do some basic triage to either crush the mundane or recognize when its time to pass the more serious samples on to the the big boys. This presentation covers several analysis environment options and the three quick steps that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a "ninja" per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of malware analysis.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Scada deep inside: protocols and security mechanismsAleksandr Timorin
The document discusses SCADA protocols and security mechanisms. It begins with an introduction to the speaker and overview of the agenda, which includes discussions of common industrial protocols like Modbus, DNP3, PROFINET DCP, IEC 61850, IEC 61870, and protocols from Siemens and Honeywell. It notes that many protocols have no authentication or encryption. The document then demonstrates attacks against protocols like analyzing and spoofing PROFINET DCP packets and causing issues on a Siemens PLC.
Ripe71 FastNetMon open source DoS / DDoS mitigationPavel Odintsov
This document describes FastNetMon, an open source DDoS mitigation toolkit. It provides concise summaries of network traffic and detects DDoS attacks in real-time. It can block malicious traffic through methods like BGP announcements. FastNetMon supports many Linux distributions and can integrate with hardware/cloud solutions. It detects attacks faster than traditional hardware/service approaches through optimized packet capture using tools like Netmap and PF_RING.
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar Santhosh Kumar
The document summarizes a presentation given by Santhosh Kumar and Anamika Singh on analyzing router vulnerabilities and the WiHawk router vulnerability scanner. The presentation covered analyzing sample routers to find issues, open source tools for firmware analysis, demonstrating exploits found, and the lack of responses from some vendors. It also described the WiHawk scanner which automates checking routers for common vulnerabilities and issues like default credentials, backdoors, and more.
This book covers the details of Soil moisture control system, Web based SCADA System, Automated Meter reading ,GPRS based asset tracking system and LiFi based Navigation and many more .
Role of Connectivity - IoT - Cloud in Industry 4.0Gautam Ahuja
The role of Connectivity, IoT & Cloud in Industry 4.0.
This was presented to professionals from the Manufacturing & Process industries at the CII meet on 10th October 2018@ Lonavala.
José Ramón Palanco is an OT security expert at ElevenPaths (Telefónica) who specializes in penetration testing, vulnerability research, and programming. The presentation covers OT protocols, an OT lab for hardware hacking and firmware analysis, industrial malware examples like Stuxnet, and projects including an industrial protocol IDS and Nmap scripts for discovering SCADA/ICS devices.
This document describes a microcontroller-based automatic engine locking system for drunken drivers. The system uses an AT89S52 microcontroller and various hardware components like an alcohol detection sensor, buzzer, LCD display, motors and more. It detects alcohol levels using a sensor and locks the engine by activating a relay if alcohol is detected above the set limit, simulating the locking process. The system is programmed using Keil software and aims to prevent accidents caused by drunk driving.
The document lists over 100 technology project topics available for download on the website 15projects.com. The topics cover a wide range of technology subjects including networking, security, hardware, software, and more. Visitors are encouraged to visit 15projects.com multiple times to access and download full materials for the various topics free of charge to help with student projects and research.
CONFidence 2015: SCADA and mobile: security assessment of the applications th...PROIDEA
Speakers: Alexander Bolshev, Ivan Iushkevich
Language: English
The days when mobile technologies were just a rising trend have passed, and now mobile devices are an integral part of our life. As a result, you may find them in places where they probably shouldn't be. But convenience often wins over security. Nowadays, you can monitor (or even control!) your ICS (Industrial Control System) from a brand-new Android or iOS smartphone. Just type the words 'HMI', 'SCADA', or 'PLC' into Google Play Store or iTunes App Store, and a surprisingly large bunch of results will appear. Moreover, many of these applications are developed by serious vendors, like Siemens, GE, Omron, etc., and allow accessing, monitoring, or controlling the HMI, PLC, DCS, or SCADA systems in your ICS infrastructure. Are they secure? Could an attacker do something bad if they get access to an industrial engineer's tablet? What kind of vulnerabilities can exist in these applications? What attack vectors are possible?
To answer all these questions, we took a sample of "mobile apps for your SCADA, PLC, HMI" and assessed them. In these talk, found vulnerabilities, attack methods, and other potential risks will be shown. Two attack scenarios will be shown: attacking ICS infrastructure via a compromised smartphone and penetrating mobile devices out of a compromised ICS environment (bottom-to-top attacks). We will discuss whether it is SAFE to allow mobile applications to interact with your ICS infrastructure. Also, the detailed statistics of found flaws and security mechanisms usage will be shown.
CONFidence: http://confidence.org.pl/pl/
The document discusses cybersecurity issues related to IoT devices. It begins by describing the 2016 Mirai botnet attacks, which exploited vulnerabilities in IoT devices like IP cameras and DVRs to take down major websites. The document then analyzes the current security situations of IoT, finding that many devices have vulnerabilities due to a lack of focus on security by manufacturers. It also notes that IoT devices could potentially be used as "weapons of mass destruction" due to their ubiquity, connectivity and potential access to users' daily lives. The rest of the document examines common vulnerabilities and attack vectors in IoT devices.
Microcontroller based automatic engine locking system for drunken driversVinny Chweety
This document describes a mini project report on a microcontroller-based automatic engine locking system for drunken drivers. The system uses an AT89S52 microcontroller and various hardware components like an alcohol detection sensor, buzzer, LCD display, motors/engine, and other supporting circuitry. If the alcohol detection sensor detects alcohol levels above a set limit from the driver's breath, the microcontroller will lock the engine by activating a relay to prevent drunken driving and accidents. The project aims to increase road safety by preventing intoxicated individuals from operating vehicles.
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...PROIDEA
The document provides an overview and analysis of several industrial control system protocols including MODBUS, DNP3, PROFINET DCP, IEC 61850-8-1, IEC 61870-5-101/104, FTE, and Siemens protocols. It discusses the functionality of each protocol, security issues like the lack of authentication and encryption, and tools for analyzing and interacting with the protocols. Live demonstrations are provided of scanning networks using some of the protocols.
SCADA deep inside: protocols and security mechanismsAleksandr Timorin
The document discusses various industrial control system protocols including Modbus, DNP3, PROFINET DCP, IEC 61850-8-1, and IEC 61870-5-101/104. It describes their functions, security issues like lack of authentication and encryption, and available tools for analyzing the protocols. The speaker is a penetration tester who researches SCADA security and protocols.
Stuxnet is a computer virus that targets industrial control systems. It spreads through infected USB drives and networks, then infects PLCs (Programmable Logic Controllers) that are configured for specific industrial processes. Once infected, Stuxnet alters the PLC code to change the industrial process without the operator's knowledge through a "man in the middle" attack when programming software updates the PLC. The presentation demonstrates how Stuxnet infects a PLC and alters its code to change an industrial process.
BsidesSP: Pentesting in SDN - Owning the ControllersRoberto Soares
Conference:
BsidesSP
Description:
SDN (Software Defined Network) has attracted the attention of many technology giants from various segments such as VMware, Juniper, Cisco, HP, IBM, Google, China Telecom, Huawei and others by providing more virtualized services that can be scheduled, managed and monitored faster, more efficient and in a less costly manner than the usual solutions. Defining routes, switching, QoS treatment and security policies that happened in stocky and specific hardware now has performed his duties in higher layers of software, installed on virtualized machine. But how can we test this? First, we'll address an overview of the SDN architecture, soon after, it will be explained how to find SDN controllers, and if present in our network, steal critical information so that we can proceed with our exploitation. In the end, we will take possession of the controllers and make unexpected. There will be a smattering of codes for metasploit that will be demonstrated. Does a controller can control us? We'll see.
This document summarizes an presentation on industrial protocols for pentesters. It discusses several common industrial protocols including Modbus, Siemens S7, PROFINET, and provides information on analyzing them such as looking for patterns in hex dumps. Example tools for scanning devices and extracting information via these protocols are also presented. The document concludes with a reminder of resources for further information on industrial control systems security.
This document provides a tutorial on SCADA (Supervisory Control and Data Acquisition) systems. It defines SCADA as a system that collects data from sensors measuring processes, transmits the data to central computers, and issues commands to remote terminal units to control processes. The document outlines the basic components of SCADA systems including sensors, remote terminal units, the master terminal unit, and the communications network. It also discusses modern SCADA features and provides an example of a SCADA system implementation in Egypt for electricity distribution.
Bringing M2M to the web with Paho: Connecting Java Devices and online dashboa...Dominik Obermaier
This document discusses using MQTT and the Eclipse Paho project to connect IoT devices and web dashboards. It introduces MQTT as a lightweight protocol for machine-to-machine communication and outlines its advantages over HTTP. The presenters demonstrate building a Java device simulator that publishes sensor data to an MQTT broker using Paho, and a web dashboard that subscribes to sensor topics using Paho.js to display readings in real-time. Attendees learn how to implement device connectivity, publish and subscribe functionality, and build interactive dashboards to control and monitor IoT devices through MQTT and Paho.
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...grecsl
Knowing how to perform basic malware analysis can go a long way in helping infosec analysts do some basic triage to either crush the mundane or recognize when its time to pass the more serious samples on to the the big boys. This presentation covers several analysis environment options and the three quick steps that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a "ninja" per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of malware analysis.
Similar to Experience with testing industrial cybersecurity solutions against real-world attack scenarios (20)
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
Infrastructure Challenges in Scaling RAG with Custom AI models
Experience with testing industrial cybersecurity solutions against real-world attack scenarios
1.
2. • Industrial Cybersecurity Business Development at Kaspersky Lab
• Head of program committee of Kaspersky Industrial Cybersecurity Conference
• Coordinator for Russia at Industrial Cybersecurity Center (CCI)
• Co-Founder of ICS Cyber Security community RUSCADASEC
• Certified SCADA Security Architect (CSSA), CISSP, CEH
• @shipulin_anton
12. Full details on the testbed
https://itrust.sutd.edu.sg/testbeds/secure-water-treatment-swat/
6 stages:
►P1: RAW water Supply and storage
►P2: Pre‐treatment
►P3: Ultrafiltration and backwash
►P4: De‐Chlorination System
►P5: Reverse Osmosis (RO)
►P6: RO Permeate Transfer, UF Backwash and Cleaning
13. Cybercriminal Attacker Model
- Control of the PLC through the Bridged Man-in-the-Middle (MiTM) at Level 0
- Control of the chemical dosing system through a Python script (pycomm)
- Control of the Historian through the Aircrack WiFi
- Control of the pressure through the Server Message Block (SMB)
- Control of the water level in the tank through the Metasploit VNC Scanner
- Control of the pump through a rogue router
- Control of the pump through the FactoryTalk and password vulnerability
- Control of the pressure pump through Python script (pycomm)
- Control of the pump through the compromised HMI
- Overwriting data stored at Historian
- Control of the Historian through MiTM using ARP
Insider Attacker Model
- Control of the Motorised Valve through Manual Intervention
- Control of the RIO/Display through manual configuration on the sensor
- Control of the water pump P101 through the Python script (pycomm)
- Control of the water pump P101 through manual operation of the HMI
- Control of the pressure pump through Python script (pycomm)
- Control of the water tank level LIT101 through Python script (pycomm)
- Control of chemical dosing through modified PLC Logic
- Control of the RIO through disconnecting Analogue Input/Output pin
- Control of the amount of chemical dosing through Python script
- Control of the PLC through the modification of PLC logic in Studio 5000
- Control of the motorised valve through modification of PLC logic in Studio 5000
- Control of the motorised valve MV201 through the modification of PLC logic
- Control of the water tank level LIT301 through adjusting alarm levels
- Control of the chemical dosing pump P205 through manual operation of the dosing meter
- Control of the HMI/SCADA through simulation control
- Control of the PLC through disconnected network cables
Details: https://goo.gl/y1Pxre
14. • Out of the box installation with no learning mode
• Only L1 monitoring / L0 attacks was out of scope
• Didn’t monitor physical attacks
Detection results
Details: https://goo.gl/y1Pxre
15. 2:23 - Scanning both Zycron and SWaT network concurrently.
2:30 - Discovered the VNC service.
2:38 - Attack: Attempting to do MITM attack on PLC1
2:50 - Attack: Attempting to do Layer 0 MITM attack on LIT101.
2:23 - Scanning both Zycron and SWaT network concurrently.
2:30 - Discovered the VNC service.
2:38 - Attack: Attempting to do MITM attack on PLC1 Attempt to do bridge in primary plc to RIO
2:50 - Attack: Attempting to do Layer 0 MITM attack on LIT101. Spoof water level to 390
2:54 - Attack Successful! 2:59 - Attack: Download modified P2 PLC code.
3:01 - Attack Unsuccessful! 3:18 - Attack: Downloading modified P2 PLC code. Attack Unsuccessful!
3:19 - Attack: Trying to breach the firewall.
3:22 - Attack: Overwriting PLC code. Attack Unsuccessful!
3:38 - Attack: Attempting to set LIT101 to 300. Attack Unsuccessful!
4:16 - Spoofing attack LIT101 at HMI Successful!
4:45 - Download of PLC code failed!
5:07 - Launch on DPIT pressure successful!
5:18 - Attempt to change plant to manual mode.
5:19 - Attempt successful!
5:20 - Attempt to stop plant process.
5:23 - Attempt to stop/start plant successful!
5:28 - Attack : Attempt to do DoS attack on historian for all values. Attack unsuccessful!
5:36 - Attack : Attempt to do DoS attack on historian for all values. Attack unsuccessful!
6:18 - Attack: Attempt to do DoS attack on historian for all values. Attack unsuccessful!
6:20 - Eternal Blue attack: Time Out!
https://itrust.sutd.edu.sg/ciss-2019/
16. Overview of dataset requests by country (left) and year (right)
• Secure Water Treatment (SWaT)
• SWaT Security Showdown (S317)
• Water Distribution (WADI)
• BATtle of Attack Detection Algorithms (BATADAL)
• Electric Power and Intelligent Control (EPIC)
• Blaq_0
https://itrust.sutd.edu.sg/research/dataset/
Visit by Kaspersky LabDetected attack:
23 out of 34
Not detected:
9 with small impacts
Correct interpretation:
22 out of 23
False positive:
3 as attack continuation
New anomalies:
7 anomalies
Kaspersky Machine Learning for
Anomaly Detection Results on the SWaT Dataset
https://tinyurl.com/mlad2018
17. • WMI Lateral Movement
• Reconnaissance / Network Scan
• Reconnaissance / Reading Project from PLC / Modbus
• Reconnaissance / Modbus Scan
• Transfer Malicious Firmware to Rockwell Automation PLC
• Modbus Write Attempt from an Internet address
• “Stuxnet” Malware Network Activity
• “Havex” Malware Network Activity
• “Greyenergy” Malware Network Activity
https://www.youtube.com/watch?v=vSd8hoRqnF4&list=PLPmbqO785Hlt3yFvW-EZhvRq53EcCjmZc
https://www.youtube.com/watch?v=A2tQo4t4ibo