This document provides an overview of industrial control systems (ICS) and Programmable Logic Controllers (PLCs). It discusses the components of ICS, including sensors, actuators, HMIs, PLCs, and more. It also covers the MODBUS protocol commonly used in ICS, providing details on its master/slave architecture and function codes. The document concludes by discussing tools used in the workshop, such as Kali Linux, MBTGET, PLCSCAN, and Metasploit modules, to analyze MODBUS communications, perform reconnaissance on PLCs, and attack standard services and protocols.
This presentation was given at BSides Las Vegas 2015.
The modern times that we live in, the gentle shift that we are making towards the Internet of Things (IoT) is slowly but surely getting a grip on our day to day lives. The same goes for securing our Industrial Control Systems (ICS). We see that the demand for ICS security is raising and governmental regulations are being established and implement. However, this also means that the need for ICS security professionals is raising as well. More and more security professionals/firms are starting to perform security assessments such as penetration testing on an ICS level. Two years ago I got the question if I was up for the challenge, converting myself from a ‘normal’ security professional to a ICS specific security professional.
The purpose of this talk would be to provide a starting point for security professionals that want to make the shift towards ICS Security, just like I did two years ago. While the term starting point might be a bit misleading, the goal would be to provide an ICS 001 talk instead in contrast to an ICS 101 talk.
Scada Industrial Control Systems Penetration Testing Yehia Mamdouh
Scada Industrial Control Systems Penetration Testing
Start from Types of Scada Networks, then Penetration testing, finally what Security should be follow
IPS (Intrusion Prevention System) is definitely the next level of security technology with its capability to
provide security at all system levels from the operating system kernel to network data packets. It
provides policies and rules for network traffic along with an IDS for alerting system or network
administrators to suspicious traffic, but allows the administrator to provide the action upon being
alerted. Where IDS informs of a potential attack, an IPS makes attempts to stop it. Another huge leap
over IDS, is that IPS has the capability of being able to prevent known intrusion signatures, but also
some unknown attacks due to its database of generic attack behaviours. Thought of as a combination of
IDS and an application layer firewall for protection, IPS is generally considered to be the "next
generation" of IDS.
Slides for the presentation about SCADA hacking given on Hackers 2 Hackers Conference 10th edition at São Paulo, Brazil
Demo videos:
- Wago 0day DOS: https://www.youtube.com/watch?v=ACMJmXy4hSg
- Modbus Replay: https://www.youtube.com/watch?v=1pfZDiUUQHQ
Presentation Video (pt_BR)
- https://www.youtube.com/watch?v=R1snsQ_WS9Y
Static Analysis Security Testing for Dummies... and YouKevin Fealey
Most enterprise application security teams have at least one Static Analysis Security Testing (SAST) tool in their tool-belt; but for many, the tool never leaves the belt. SAST tools have gotten a reputation for being slow, error-prone, and difficult to use; and out of the box, many of them are – but with a little more knowledge behind how these tools are designed, a SAST tool can be a valuable part of any security program.
In this talk, we’ll help you understand the strengths and weaknesses of SAST tools by illustrating how they trace your code for vulnerabilities. You’ll see out-of-the-box rules for commercial and open-source SAST tools, and learn how to write custom rules for the widely-used open source SAST tool, PMD. We’ll explain the value of customizing tools for your organization; and you’ll learn how to integrate SAST technologies into your existing build and deployment pipelines. Lastly, we’ll describe many of the common challenges organizations face when deploying a new security tool to security or development teams, as well as some helpful hints to resolve these issues
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
• Why An Industrial Cybersecurity Standard
• What Is IEC 62443 About
• How It Impacts On You - The Security Lifecycle
• IEC 62443 Certificates
• Reference: Some Ongoing Projects
• Summary
This presentation was given at BSides Las Vegas 2015.
The modern times that we live in, the gentle shift that we are making towards the Internet of Things (IoT) is slowly but surely getting a grip on our day to day lives. The same goes for securing our Industrial Control Systems (ICS). We see that the demand for ICS security is raising and governmental regulations are being established and implement. However, this also means that the need for ICS security professionals is raising as well. More and more security professionals/firms are starting to perform security assessments such as penetration testing on an ICS level. Two years ago I got the question if I was up for the challenge, converting myself from a ‘normal’ security professional to a ICS specific security professional.
The purpose of this talk would be to provide a starting point for security professionals that want to make the shift towards ICS Security, just like I did two years ago. While the term starting point might be a bit misleading, the goal would be to provide an ICS 001 talk instead in contrast to an ICS 101 talk.
Scada Industrial Control Systems Penetration Testing Yehia Mamdouh
Scada Industrial Control Systems Penetration Testing
Start from Types of Scada Networks, then Penetration testing, finally what Security should be follow
IPS (Intrusion Prevention System) is definitely the next level of security technology with its capability to
provide security at all system levels from the operating system kernel to network data packets. It
provides policies and rules for network traffic along with an IDS for alerting system or network
administrators to suspicious traffic, but allows the administrator to provide the action upon being
alerted. Where IDS informs of a potential attack, an IPS makes attempts to stop it. Another huge leap
over IDS, is that IPS has the capability of being able to prevent known intrusion signatures, but also
some unknown attacks due to its database of generic attack behaviours. Thought of as a combination of
IDS and an application layer firewall for protection, IPS is generally considered to be the "next
generation" of IDS.
Slides for the presentation about SCADA hacking given on Hackers 2 Hackers Conference 10th edition at São Paulo, Brazil
Demo videos:
- Wago 0day DOS: https://www.youtube.com/watch?v=ACMJmXy4hSg
- Modbus Replay: https://www.youtube.com/watch?v=1pfZDiUUQHQ
Presentation Video (pt_BR)
- https://www.youtube.com/watch?v=R1snsQ_WS9Y
Static Analysis Security Testing for Dummies... and YouKevin Fealey
Most enterprise application security teams have at least one Static Analysis Security Testing (SAST) tool in their tool-belt; but for many, the tool never leaves the belt. SAST tools have gotten a reputation for being slow, error-prone, and difficult to use; and out of the box, many of them are – but with a little more knowledge behind how these tools are designed, a SAST tool can be a valuable part of any security program.
In this talk, we’ll help you understand the strengths and weaknesses of SAST tools by illustrating how they trace your code for vulnerabilities. You’ll see out-of-the-box rules for commercial and open-source SAST tools, and learn how to write custom rules for the widely-used open source SAST tool, PMD. We’ll explain the value of customizing tools for your organization; and you’ll learn how to integrate SAST technologies into your existing build and deployment pipelines. Lastly, we’ll describe many of the common challenges organizations face when deploying a new security tool to security or development teams, as well as some helpful hints to resolve these issues
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
• Why An Industrial Cybersecurity Standard
• What Is IEC 62443 About
• How It Impacts On You - The Security Lifecycle
• IEC 62443 Certificates
• Reference: Some Ongoing Projects
• Summary
Nozomi Networks is the leader of industrial cybersecurity, delivering real-time visibility to manage cyber risk & improve resilience for industrial operations. With one solution, customers gain advanced cybersecurity, improved operational reliability & easy IT/OT integration. Innovating the use of artificial intelligence, the company helps the largest industrial sites around the world See and Secure™ their critical industrial control networks. Today Nozomi Networks supports over a quarter of a million devices in the critical infrastructure, energy, manufacturing, mining, transportation & utility sectors, making it possible to tackle the escalating cyber risks to operational networks (OT).
These are slides from local security chapters meetup, Here I tried to explain the challenges in appsec and complete framework for different life cycle of secure software development cycle
Is your ICS breached? Are you sure? How do you know?
The current state of security in Industrial Control Systems is a widely publicized issue, but fixes to ICS security issues are long cycle, with some systems and devices that will unfortunately never have patches available. In this environment, visibility into security threats to ICS is critical, and almost all of ICS monitoring has been focused on compliance, rather than looking for indicators/evidence of compromise. The non-intrusive nature of Network Security Monitoring (NSM) is a perfect fit for ICS. This presentation will show how NSM should be part of ICS defense and response strategy, various options for implementing NSM, and some of the capabilities that NSM can bring to an ICS security program. Free tools such as Security Onion, Snort IDS, Bro IDS, NetworkMiner, and Wireshark will be used to look at the ICS environment for anomalies. It will be helpful if attendees have read these books (but they aren't required): The Cuckoo's Egg by Cliff Stoll, The Practice of Network Security Monitoring by Richard Bejtlich, and Applied Network Security Monitoring by Chris Sanders and Jason Smith.
Final Year Engineering Internship Report for Internship at Siemens Information Systems Ltd. Project : Network Intrusion Detection And Prevention Using Snort And Iptables
Find out the SOC Cyber Security at Steppa. Our SOC contains several capabilities like process and break down any PC translated information, assess and distinguish suspicious and maicious web and system activities, visualize and monitor all threats in real time.
Automating with PowerShell - a favorite amongst security teams and hackers alike. Many modern attacks leverage PowerShell to evade antivirus, whitelisting, and other security products and technology.
This presentation will share ways a SIEM can detect modern PowerShell attacks. Techniques discussed include quick wins and more detailed practices, addressing false positives and high volumes of PowerShell logs. Take a deeper dive into PowerShell monitoring and advanced endpoint analytics with SANS Instructors Justin Henderson and Tim Garcia.
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
Donovan Tindall of Honeywell at the S4x15 Operations Technology Day (OTDay). A meaty, but practical technical session on how to use Active Directory to help manage and secure your ICS.
Presented: September 21, 2017
At: CS2AI, Washington, DC
A decade ago, ISA99 published the first standard in what is now the ISA/IEC 62443 series. Since then, the series has coalesced into the current form consisting of 13 individual documents in various stages of completion, publication, and/or revision. Printing out all of the existing standards and drafts can easily use up more than a ream of paper. It can be a daunting task to try to apply it to an organization. So, what are you supposed to do? How are you supposed to proceed? In this talk, I’ll go over some of the lessons I’ve learned from helping customers develop and evaluate security programs within their organization.
Using Canary Honeypots for Network Security Monitoringchrissanders88
In this presentation I talk about how honeypots that have more traditionally been used for research purposes can also be used as an effective part of a network security monitoring strategy.
Security orchestration and automation for MSSPs alleviates these challenges and makes the process run effectively and efficiently. Automation and orchestration methods impact MSSPs in several important ways. Here’s how:
Automation : Enables response to low level tasks, while freeing analysts for higher value
Orchestration : One responsibility of an MSSP is to manage the tasks of client SOCs.
Visit - https://www.siemplify.co/mssp-security-orchestration-automation/
Nozomi Networks is the leader of industrial cybersecurity, delivering real-time visibility to manage cyber risk & improve resilience for industrial operations. With one solution, customers gain advanced cybersecurity, improved operational reliability & easy IT/OT integration. Innovating the use of artificial intelligence, the company helps the largest industrial sites around the world See and Secure™ their critical industrial control networks. Today Nozomi Networks supports over a quarter of a million devices in the critical infrastructure, energy, manufacturing, mining, transportation & utility sectors, making it possible to tackle the escalating cyber risks to operational networks (OT).
These are slides from local security chapters meetup, Here I tried to explain the challenges in appsec and complete framework for different life cycle of secure software development cycle
Is your ICS breached? Are you sure? How do you know?
The current state of security in Industrial Control Systems is a widely publicized issue, but fixes to ICS security issues are long cycle, with some systems and devices that will unfortunately never have patches available. In this environment, visibility into security threats to ICS is critical, and almost all of ICS monitoring has been focused on compliance, rather than looking for indicators/evidence of compromise. The non-intrusive nature of Network Security Monitoring (NSM) is a perfect fit for ICS. This presentation will show how NSM should be part of ICS defense and response strategy, various options for implementing NSM, and some of the capabilities that NSM can bring to an ICS security program. Free tools such as Security Onion, Snort IDS, Bro IDS, NetworkMiner, and Wireshark will be used to look at the ICS environment for anomalies. It will be helpful if attendees have read these books (but they aren't required): The Cuckoo's Egg by Cliff Stoll, The Practice of Network Security Monitoring by Richard Bejtlich, and Applied Network Security Monitoring by Chris Sanders and Jason Smith.
Final Year Engineering Internship Report for Internship at Siemens Information Systems Ltd. Project : Network Intrusion Detection And Prevention Using Snort And Iptables
Find out the SOC Cyber Security at Steppa. Our SOC contains several capabilities like process and break down any PC translated information, assess and distinguish suspicious and maicious web and system activities, visualize and monitor all threats in real time.
Automating with PowerShell - a favorite amongst security teams and hackers alike. Many modern attacks leverage PowerShell to evade antivirus, whitelisting, and other security products and technology.
This presentation will share ways a SIEM can detect modern PowerShell attacks. Techniques discussed include quick wins and more detailed practices, addressing false positives and high volumes of PowerShell logs. Take a deeper dive into PowerShell monitoring and advanced endpoint analytics with SANS Instructors Justin Henderson and Tim Garcia.
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
Donovan Tindall of Honeywell at the S4x15 Operations Technology Day (OTDay). A meaty, but practical technical session on how to use Active Directory to help manage and secure your ICS.
Presented: September 21, 2017
At: CS2AI, Washington, DC
A decade ago, ISA99 published the first standard in what is now the ISA/IEC 62443 series. Since then, the series has coalesced into the current form consisting of 13 individual documents in various stages of completion, publication, and/or revision. Printing out all of the existing standards and drafts can easily use up more than a ream of paper. It can be a daunting task to try to apply it to an organization. So, what are you supposed to do? How are you supposed to proceed? In this talk, I’ll go over some of the lessons I’ve learned from helping customers develop and evaluate security programs within their organization.
Using Canary Honeypots for Network Security Monitoringchrissanders88
In this presentation I talk about how honeypots that have more traditionally been used for research purposes can also be used as an effective part of a network security monitoring strategy.
Security orchestration and automation for MSSPs alleviates these challenges and makes the process run effectively and efficiently. Automation and orchestration methods impact MSSPs in several important ways. Here’s how:
Automation : Enables response to low level tasks, while freeing analysts for higher value
Orchestration : One responsibility of an MSSP is to manage the tasks of client SOCs.
Visit - https://www.siemplify.co/mssp-security-orchestration-automation/
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...PROIDEA
In my topic I’ll share my experience in analysis of most popular open and vendor’s specific proprietary industrial protocols.
For each protocol I will present packet structure, real examples, (in)secure features and possible hacks.
At the end of the topic I’ll share my practial approach, methodology and useful scripts.
During the presentation we will talk about:
Well-known protocols: Profinet, Modbus, DNP3
IEC 61850-8-1 (MMS)
IEC 61870-5-101/104
FTE (Fault Tolerant Ethernet)
Siemens S7
Compromising Industrial Facilities From 40 Miles AwayEnergySec
Presented by: Lucas Apa and Carlos Mario Penagos, IOActive
Abstract: The evolution of wireless technologies has allowed industrial automation and control systems (IACS) to become strategic assets for companies that rely on processing plants and facilities. When sensors and transmitters are attacked, remote sensor measurements on which critical decisions are made might be modified, this could lead to unexpected, harmful, and dangerous consequences.
This presentation demonstrates attacks that exploit key distribution vulnerabilities we recently discovered in every wireless device made by three leading industrial wireless automation solution providers. We will review the most commonly implemented key distribution schemes, their weaknesses, and how vendors can more effectively align their designs with key distribution solutions.
FPGA based 10G Performance Tester for HW OpenFlow SwitchYutaka Yasuda
SDN operators need to measure the performance of OF HW switch on their site. Cause there is 1000 times differences in latency, depends on the specified flow entry. ASIC can forward in several μsecs but the software (CPU) may take msec.
To protect yourself from unexpected performance plunge, monitor your switches healthiness on your site.
This presentation was given to the Dublin Node (JS) Community on May 29th 2014.
Presented by: Chris Lawless, Kevin Yu Wei Xia, Fergal Carroll @phergalkarl, Ciarán Ó hUallacháin, and Aman Kohli @akohli
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey GordeychikCODE BLUE
The boom of AI brought to the market a set of impressive solutions both on the hardware and software side. On the other hand, massive implementation of AI in various areas brings about problems, and security is one of the greatest concerns.
In this talk we will present results of hands-on vulnerability research of different components of AI infrastructure including NVIDIA DGX GPU servers, ML frameworks such as Pytorch, Keras and Tensorflow, data processing pipelines and specific applications, including Medical Imaging and face recognition powered CCTV. Updated Internet Census toolkit based on the Grinder framework will be introduced.
Master Serial Killer - DEF CON 22 - ICS VillageChris Sistrunk
Updated slides on Master Serial Killer from Adam Crain and Chris Sistrunk's research on ICS Protocol Vulnerabilities called Project Robus, the Aegis Fuzzer, and mitigations of these vulnerabilities.
Are your Oracle databases highly available? You have deployed Real Application Clusters (RAC), Data Guard, or Failover Clusters and are well protected against server failures? Great – the prerequisites for a highly available environment are given. However, to assure that backend infrastructure failures also remain transparent to the client, an appropriate configuration is a prerequisite.
This lecture will discuss the Oracle technologies that can be used to achieve automatic client failover functionality. What are the advantages, but also the limitations of these technologies?
Similar to Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Europe 2014) (20)
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
2. Who am I?
Arnaud
soullié
Senior security auditor
interests
§ Windows Ac+ve Directory
Can a Windows AD be secured ? JSSI 2014
(French, sorry)
§ SCADA stuff
§ Wine tas+ng
(we’re not going to talk about it today)
@arnaudsoullie
3. LAB PREREQUISITE
What’s in the lab vm?
LAB KALI LINUX
ADDITIONAL TOOLS
SCRIPTS AND FILE EXAMPLES
§ MODBUSPAL
§ MBTGET
§ PLCSCAN
§ SNAP7
§ …
§ PCAP SAMPLES
§ SCRIPTS
SKELETONS
§ …
6. What is an Industrial Control System (ICS)?
Group WAN
Corporate network
Corporate IT
Production
management
ERP server
Supervision network / SCADA
Data Historian / Scada
server
Maintenance
laptops
Supervision
consoles
Production network
RTUs
PLCs
ICS
PLC
Wireless industrial
networks
Corporate IS handle data
≠
ICS handle interfaces data with physical world
7. A bit of vocabulary
ICS (Industrial Control System)
=
IACS (Industrial Automa4on and Control Systems)
~=
SCADA (Supervisory Control And Data Acquisi4on)
~=
DCS (Distributed Control System)
Nowadays, people tend to say “SCADA” for anything related to ICS
8. ICS COMPONENTS
§ Sensors and actuators: allow interac=on with the
physical world (pressure sensor, valves, motors,
…)
§ Local HMI: Human-‐Machine Interface, permits
the supervision and control of a subprocess
§ PLC: Programmable Logic Controller : manages
the sensors and actuators
§ Supervision screen: remote supervision of the
industrial process
§ Data historian: Records all the data from the
produc=on and Scada networks and allows
expor=ng to the corporate IS (to the ERP for
instance)
10. SCADA SECURITY AWARENESS TIMELINE (SIMPLIFIED)
Who cares ?
OMG !
OMG !
STUXNET !!!
2011
<2011
September 5, 2014
11. SCADA SECURITY AWARENESS TIMELINE (SIMPLIFIED)
2011 Under control
Who cares ?
OMG !
OMG !
STUXNET !!!
<2011
One day ?
September 5, 2014
12. WHAT IS WRONG WITH CURRENT ICS security?
Network
segmentation
security
supervision
Organization &
awareness
Vulnerability
management
third paRty
management
security
In protocols
13. ICS-‐CERT listed over 250 a6acks on ICS in 2013
59% of a6acks targeted the energy sector
79 a6acks successfully compromised the target
57 a6acks did not succeed in compromising the target
120 a6acks were not idenHfied/invesHgated
14. What is
A PLC?
§ Real-‐+me digital computer used for automa+on
§ Replaces electrical relays
§ Lots of analogue or digital inputs & outputs
§ Rugged devices (immune to vibra+on, electrical noise, temperature, dust, …)
What’s inside ? Siemens S7-1200
15. PLC
programming
§ “Ladder Logic” was the first programming language for PLC, as it mimics the real-‐life
circuits
§ IEC 61131-‐3 defines 5 programming languages for PLCs
§ LD: Ladder Diagram
§ FBD: Func+on Block Diagram
§ ST: Structured Text
§ IL: Instruc+on List
§ SFC: Sequen+al Func+on Chart
Ladder diagram example Structured text example
(* simple state machine *)
TxtState := STATES[StateMachine];
CASE StateMachine OF
1: ClosingValve();
ELSE
;; BadCase();
END_CASE;
Instruction list example
LD Speed
GT 1000
JMPCN VOLTS_OK
LD Volts
VOLTS_OK LD 1
ST %Q75
17. § Shodan is a search engine dedicated to find devices exposed to the Internet
§ It regularly scans the whole Internet IPV4 range (~4,3 billions IPs)
§ Results are par+ally free (you have to pay to export the results)
What can you find?
§ All kinds of connected devices
§ PLCs
§ Webcams
§ Smart-‐things (fridge, TV, …)
§ Things you can’t even imagine…
§ Example ICS report :
hgps://www.shodan.io/report/l7VjfVKc
ALTERNATIVES?
§ Scan the Internet yourself
(Zmap, Massscan)
§ Other online services/surveys
18. FUNNy things you can find on teh interwebs
It’s not just webcams.
This is a crematorium.
On the internet.
20. Modbus
protocol
§ Serial communica+on protocol invented in 1979 by Schneider Electric
§ Developed for industrial applica+on
§ Royalty-‐free
§ Now one of the standards for industrial communica+ons
HOW it works
§ Master / Slave protocol
§ Master must regularly poll the slaves to get
informa+on
§ Modbus addresses are 8 bits long, so only 247
slaves per master
§ There is no object descrip+on: a request returns
a value, without any context or unit
Security anyone?
§ Clear-‐text
§ No authen+ca+on
21. Modbus
protocol
§ Modbus was originally made for serial communica+ons
§ However it is now ooen used over TCP
MODBUS/TCP FRAME FORMAT
Name
Length
FuncHon
TransacHon idenHfier
2
For synchronizaHon between server & client
Protocol idenHfier
2
Zero for Modbus/TCP
Length field
2
Number of remaining bytes in this frame
Unit idenHfier
1
Slave address (255 if not used)
FuncHon code
1
FuncHon codes as in other variants
Data bytes or command
n
Data as response or commands
22. Modbus
protocol
§ The most common Modbus func+ons allow to read and write data from/to a PLC
§ Other func+ons, such as file read and diagnos+cs func+ons also exist
§ Undocumented Modbus func+on codes can also be used to perform specific ac+ons
COMMONLY USED MODBUS function codes
FuncHon name
FuncHon
code
Read coils
1
Write single coil
5
Read holding registers
3
Write single register
6
Write mulHple registers
16
Read/Write mulHple registers
23
23. Modbus
protocol
ALL documented MODBUS function codes (from wikipedia) h,p://en.wikipedia.org/wiki/Modbus
24. Lab Session #1: Analyzing a Modbus communication with Wireshark
§ Launch Wireshark
§ Open “modbus1.pcap”
§ Try to understand what’s going on
§ What’s the value of register #123 at the end?
25. Lab session #2: ModbusPal
§ Modbuspal is a modbus simulator
$ > java –jar ModbusPal.jar
§ Add a modbus slave
§ Set some register values
§ Query it with:
§ MBTGET Perl script
§ Metasploit module
§ Analyze traffic with Wireshark
27. Lab session #2: ModbusPal + METASPLOIT
§ A simple modbus client that I developed
§ Can perform read and write operaHons on coils and registers
§ Included in msf’s trunk so you already have it J
§ Launch msf console
$ > msfconsole
msf > use auxiliary/scanner/scada/modbusclient
msf auxiliary(modbusclient) > info
§ Play!
msf auxiliary(modbusclient) > set ACTION
28. Attacking
plcs
Never do this
on LIVE production systems
Attacking
plcs
Never do this
on LIVE production systems
29. Lab session #3 : Reconnaissance
§ ObjecHve : IdenHfy all exposed services on a device or a
range of devices
§ Oken the first step in a pentest
§ We will use two tools
§ Nmap: The world’s finest port scanner
§ PLCSCAN: A reconnaissance tool dedicated to PLCs
§ PLCs IP addresses
§ 192.168.0.50: Siemens S7-‐1200
§ 192.168.0.5: Schneider m340
30. Lab session #3 : Reconnaissance (Nmap)
§ The de-‐facto tool for port scanning but can be really dangerous
on ICS
§ Two stories from NIST SP800-‐82
§ A ping sweep broke for over 50 000$ in product at a semi-‐conductor factory
§ The blocking of gas distribu>on for several hours a?er a pentester went slightly off-‐
perimeter during an assessment for a gas company
§ Nmap useful setup for ICS scanning
§ Reduce scanning speed! Use « --scan-delay=1 » to scan one port at a
Hme
§ Perform a TCP scan instead of a SYN scan / do not perform UDP scan
§ Do not use fingerprinHng funcHons, and manually select scripts (do not use “–
sC”)
31. Lab session #3 : Reconnaissance (PLCSCAN)
§ h6ps://code.google.com/p/plcscan/
by SCADAStrangeLove (h6p://scadastrangelove.org/)
§ Scans for ports 102 (Siemens) and 502 (Modbus) and tries
to pull informaHon about the PLC (modules, firmware
version,…)
§ Not exhausHve since not all PLCs use Modbus or are
Siemens
§ What if I told you there was another way… SNMP ?
32. Lab session #4 : Attacking standard services
§ Most PLCs have standard interfaces, such as HTTP and FTP
§ Lets’ say security was not the first thing in mind when
introducing these features …
§ Schneider M340
§ Connect to the webserver
§ Default password
§ Hardcoded password ?
§ Take a look at Java applets !
34. What can we do about it ?
It’s difficult, but not all hope is lost.
Network segmentation Patch when you can
§ Do not expose your ICS on
the Internet
§ Do not expose all of your
ICS on your internal
network
§ Use DMZ / Data diodes to
export data from ICS to
corporate network
§ Patching once a year
during plant
maintenance is
beYer than doing
nothing
Apply corporate best
practices
§ Change default
passwords
§ Disable unused services
Security supervision
§ IPS have signatures for
ICS
§ Create your own
signatures, it is not that
difficult
Y U NO SECURE ICS ?
THE COST IS TOO DAMN HIGH !
35. TOOLZ used during the workshop
§ Kali Linux: h6p://www.kali.org/
§ MBTGET: h6ps://github.com/sourceperl/mbtget
§ PLCSCAN: h6ps://code.google.com/p/plcscan/
§ METASPLOIT MODULES
§ Modbusclient: included in Metasploit
§ modicon_stux_transfer_ASO (not totally finished):
h6ps://github.com/arnaudsoullie/metasploit-‐framework/
blob/modicon_stux_transfer/modules/auxiliary/admin/
scada/modicon_stux_transfer.rb
§ Scripts for the Siemens
§ Snap7: h6p://snap7.sourceforge.net/
§ Py. wrapper: h6ps://pypi.python.org/pypi/python-‐snap7/
§ The actual scripts: h6ps://github.com/arnaudsoullie/scan7