Slides of the SCADA security talk presented at RootedCON 2014 by Juan Vazquez (Rapid7) and Julian Vilas (independent security researcher): "Kicking around SCADA"
RootedCON 2015 - Deep inside the Java framework Apache Strutstestpurposes
Slides for the talk given at RootedCON 2015 security conference by Julián Vilas (security analyst and researcher).
The goal of the talk was giving a view on the security of the Apache Struts framework.
Manuel Wiesinger in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
This document summarizes a three-part challenge involving cracking a MIPS binary, exploiting a Python/XXE vulnerability in a web application, and decrypting messages from a SecureDrop-like system. The MIPS binary is cracked by inverting its password checking algorithm. The web app is exploited via XXE to retrieve files containing an admin URL and view state details. Python code is modified at runtime to decrypt an AES key and access a "secret.key" file. This key reveals a tarball containing a SecureDrop implementation. A buffer overflow in SecDrop's service is used to run shellcode. Timing attacks via the CPU cache are then used to retrieve the private RSA key and decrypt messages stored by the SecureDrop-
Экспресс-анализ вредоносов / Crowdsourced Malware TriagePositive Hack Days
Ведущие: Сергей Франкофф и Шон Уилсон
Сортировка вредоносного ПО представляет собой процесс быстрого анализа потенциально опасных файлов или URL. Любая тщательно продуманная система реагирования на инциденты безопасности обладает этой важной функцией. Но что, если у вас не установлена программа реагирования на инциденты? Как быть, если вы только начали ее настраивать? А вдруг у вас нет программных средств для проведения анализа? Грамотно выбранный бесплатный онлайн-инструмент, веб-браузер и блокнот — вот все, что вам пригодится. На мастер-классе участники самостоятельно будут заниматься сортировкой вредоносного ПО. Ведущий предоставит информацию о необходимых инструментах.
Kernel Recipes 2016 - Wo needs a real-time operating system (not you!)Anne Nicolas
A Real-Time Operating System (RTOS) is used for mission critical projects that require a deterministic response time for external stimuli. Many times project managers request an RTOS even though they don’t fully understand what exactly an RTOS gives them. And many times, a normal OS would do just fine, and perhaps even better, as an RTOS sacrifices throughput for determinism.
This talk will discuss exactly what an RTOS is and what it is good for. What types of requirements that require having an RTOS will be explained, as well as requirements where not having on RTOS would be more appropriate. You do not need to be a programmer to enjoy this talk. It will be discussed at a very high level but still contain enough information for a seasoned developer to get something out of it too.
Steven Rostedt, Red Hat
Introductory talk about how to think about various deep learning architectures and their suitability to different types of data. Presented at Data Science Meetup @ University of Tartu
Deep Learning: Theory, History, State of the Art & Practical ToolsIlya Kuzovkin
The document provides an overview of the history and development of deep learning, beginning with early work on artificial neurons in the 1940s-50s and the perceptron in the 1950s. It describes how backpropagation and use of the sigmoid function in the 1980s enabled training of multi-layer neural networks, but that the deep learning revolution did not occur until recently due to limitations in data, computing power, and other factors at the time. The remainder of the document focuses on explaining how backpropagation works to train neural networks by calculating error in the forward pass and using it to update weights in the backward pass through gradient descent.
RootedCON 2015 - Deep inside the Java framework Apache Strutstestpurposes
Slides for the talk given at RootedCON 2015 security conference by Julián Vilas (security analyst and researcher).
The goal of the talk was giving a view on the security of the Apache Struts framework.
Manuel Wiesinger in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
This document summarizes a three-part challenge involving cracking a MIPS binary, exploiting a Python/XXE vulnerability in a web application, and decrypting messages from a SecureDrop-like system. The MIPS binary is cracked by inverting its password checking algorithm. The web app is exploited via XXE to retrieve files containing an admin URL and view state details. Python code is modified at runtime to decrypt an AES key and access a "secret.key" file. This key reveals a tarball containing a SecureDrop implementation. A buffer overflow in SecDrop's service is used to run shellcode. Timing attacks via the CPU cache are then used to retrieve the private RSA key and decrypt messages stored by the SecureDrop-
Экспресс-анализ вредоносов / Crowdsourced Malware TriagePositive Hack Days
Ведущие: Сергей Франкофф и Шон Уилсон
Сортировка вредоносного ПО представляет собой процесс быстрого анализа потенциально опасных файлов или URL. Любая тщательно продуманная система реагирования на инциденты безопасности обладает этой важной функцией. Но что, если у вас не установлена программа реагирования на инциденты? Как быть, если вы только начали ее настраивать? А вдруг у вас нет программных средств для проведения анализа? Грамотно выбранный бесплатный онлайн-инструмент, веб-браузер и блокнот — вот все, что вам пригодится. На мастер-классе участники самостоятельно будут заниматься сортировкой вредоносного ПО. Ведущий предоставит информацию о необходимых инструментах.
Kernel Recipes 2016 - Wo needs a real-time operating system (not you!)Anne Nicolas
A Real-Time Operating System (RTOS) is used for mission critical projects that require a deterministic response time for external stimuli. Many times project managers request an RTOS even though they don’t fully understand what exactly an RTOS gives them. And many times, a normal OS would do just fine, and perhaps even better, as an RTOS sacrifices throughput for determinism.
This talk will discuss exactly what an RTOS is and what it is good for. What types of requirements that require having an RTOS will be explained, as well as requirements where not having on RTOS would be more appropriate. You do not need to be a programmer to enjoy this talk. It will be discussed at a very high level but still contain enough information for a seasoned developer to get something out of it too.
Steven Rostedt, Red Hat
Introductory talk about how to think about various deep learning architectures and their suitability to different types of data. Presented at Data Science Meetup @ University of Tartu
Deep Learning: Theory, History, State of the Art & Practical ToolsIlya Kuzovkin
The document provides an overview of the history and development of deep learning, beginning with early work on artificial neurons in the 1940s-50s and the perceptron in the 1950s. It describes how backpropagation and use of the sigmoid function in the 1980s enabled training of multi-layer neural networks, but that the deep learning revolution did not occur until recently due to limitations in data, computing power, and other factors at the time. The remainder of the document focuses on explaining how backpropagation works to train neural networks by calculating error in the forward pass and using it to update weights in the backward pass through gradient descent.
Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...RootedCON
1. The document discusses a presentation given by Juan Vazquez and Julian Vilas analyzing vulnerabilities in the Yokogawa CENTUM CS 3000 R3 SCADA system.
2. They discovered several buffer overflow vulnerabilities through fuzzing protocols and applications used by the system. Exploits were developed and disclosed to the vendor through a responsible disclosure process.
3. The presentation demonstrates exploits through Metasploit and discusses how an attacker could potentially tamper with process variables to manipulate control processes after gaining remote code execution on the system through the buffer overflows.
Hugo Teso - Profundizando en la seguridad de la aviación [Rooted CON 2014]RootedCON
This document discusses vulnerabilities in aviation technology. It describes how aircraft communication systems like ACARS and ADS-B can be exploited to gather information or interfere with flight systems. Newer wireless technologies for updating aircraft software systems could also provide new attack vectors. The document demonstrates hacking an aircraft's autopilot system using a drone and modified software. It promotes further research into aviation security issues.
The document provides feedback on UPMC's deployment of uPortal 4.2+ with a responsive design. It summarizes UPMC's migration strategy of running parallel projects to update existing portlets to uPortal 4.2+ while developing a new multi-tenant architecture. It also describes homemade responsive design improvements made to uPortal like off-canvas menus and sticky navigation. Finally, it outlines steps taken to make the Apereo Email Preview portlet responsive through a proof of concept, including market research on existing responsive email clients.
Deploying responsive uPortal 4.2 at UPMC - Sorbonne UniversitésChristian Cousquer
This document provides feedback on deploying uPortal 4.2+ at UPMC and includes the following key points:
1) It summarizes the context and current deployment of the UPMC portal called monUPMC, which has been in production since 2012.
2) It describes the migration strategy adopted at UPMC to update the base and portlets to uPortal 4.2+ while maintaining functionality and switching to a multi-tenant architecture.
3) It shares experiences from developing responsive features like off-canvas menus for uPortal to address regressions from the prior universal design.
The document discusses the draft USG IPv6 V1.0 Profile, which provides requirements for IPv6-capable systems in the US government. It addresses topics like the profile's scope and relationship to other efforts. It also identifies several issues that may be of interest to the SAAG group, such as IPsec algorithms and requirements, privacy addresses, and developing a testing program. Stakeholders are encouraged to provide comments on the draft profile.
The document discusses software-defined networking (SDN) and an alternative paradigm called hybrid open (HOpen) architecture. HOpen architecture separates the control plane from the forwarding plane, like in SDN, but also leverages existing vendor code while allowing operators to develop new features independently. The author provides examples of how Comcast has added new protocols and capabilities to the HOpen platform to innovate more quickly without relying solely on vendors or standards bodies. HOpen represents a middle ground between traditional vendor-controlled networks and pure open SDN and could change how new protocols are developed and adopted.
This document summarizes an update on Project SLOPE's Task 3.6 on data management and backup. The task aims to develop a system for exchanging data between field hardware and a central computer, and provide a data backup strategy. It is led by CNR and involves several partners. The current status is 50% complete. A key output is a prototype portable and internally powered "black box" for daily/weekly data backups and transmitting data from areas without network coverage, due by Month 25.
an API for standardised access to Big Earth Observation data in a landscape of a growing number of EO cloud providers
11:40
16/11/2019
With the opening of global archives of Earth Observation data streams from satellites we have arrived at a richness of operationally available observations over the whole globe, starting from the Landsat series of satellites and now the plethora of available data coming through Copernicus and its series of Sentinel satellites, that has never been available before. This created huge opportunities for research and businesses, being able to exploit the temporal domain of those observations in a powerful manner, but also poses challenges in terms of data management and processing capacities. As a consequence, a growing number of cloud services and customized solutions in various research centres have been developed, leading to processing workflows optimized for specific system architectures and back-end infrastructures. As such this is limiting portability and reproducibility of workflows across backends, both for science and business applications. (...)
This document summarizes a presentation about advanced deployment strategies including canary releases, deployment rings, and dark launches. The presentation covers:
- How canary releases work by deploying a new version to a subset of infrastructure initially before gradually routing more users to it while monitoring for issues
- Key considerations for canary releases like ensuring a consistent user experience and having a rollback path
- How deployment rings limit impact on users by gradually deploying and validating changes in production rings
- Dark launches where new code is executed silently before a full launch to test infrastructure changes before high traffic
The document discusses model-driven telemetry as an approach to network visibility and monitoring. It describes some of the challenges with traditional monitoring approaches like SNMP polling. Model-driven telemetry uses data models to push analytics-ready data from network devices to collectors. Key aspects covered include using YANG models to map native device data, encoding the data using protocols like gRPC and Google Protocol Buffers, and configuring subscriptions to stream telemetry data from sensors to destinations.
Model-driven Telemetry: The Foundation of Big Data AnalyticsCisco Canada
This document discusses model-driven telemetry. It begins by explaining the origins of telemetry, noting its use in applications like military, medical, and networking. It then discusses telemetry use cases like network health monitoring, troubleshooting, and capacity planning. Next, it covers challenges with traditional telemetry methods like SNMP and syslog being too slow, incomplete, and hard to operationalize. The document then introduces the concepts of streaming telemetry and model-driven telemetry as an improved approach, discussing how it is based on open standards like YANG data models, gRPC protocol, and protocol buffer encodings. It provides examples of configuring sensors, destinations, and subscriptions on Cisco networking devices.
Ayush M Bhesaniya is seeking an internship or full-time position in electrical engineering. He has a master's degree in electrical engineering from San Jose State University and is currently interning at Synopsys, where he has developed scripts, GUIs, and templates to automate testing processes. Some of his academic projects include implementing an arbiter for multiple masters and slaves, designing an LCD graphics controller using an AHB bus interface, and verifying a UART using UVM. He has skills in programming languages like Verilog, VHDL, C, C++, and scripting languages like Perl and Python.
The document discusses trends in open source software vulnerabilities (OSS CVEs). It finds that the number of OSS CVEs is growing rapidly, driven by increased security research and tools like Google's OSS Fuzz project. When major vulnerabilities are disclosed, related CVE reports increase in subsequent months. High priority CVEs often see attacks within days of publication. The document provides several ways to learn about vulnerabilities quickly, such as Mitre's CVE changelog, security mailing lists, and checking the websites of major OSS projects.
Simple AEAD Hardware Interface SAEHI in a SoC: Implementing an On-Chip Keyak/...mjos
Presenter: Markku-Juhani O. Saarinen
Talk: Design and implementation of the WhirlBob and Keyak/WhirlBob embedded FPGA System-on-Chip co-processor for the second round of the CAESAR competition
Conference: TrustED 2014 - Arizona, USA, 03 November 2014,
http://th.informatik.uni-mannheim.de/trusted-workshop/2014/
The document discusses advanced deployment strategies including canary releases, deployment rings, and dark launching. It defines canary releases as deploying a new version to a subset of infrastructure initially without routing live traffic to it. Benefits include reducing risk and allowing capacity testing in production. The document reviews how to implement canary releases by routing a percentage of users to the new version while monitoring for issues before routing all users. It also discusses using deployment rings to gradually rollout changes and limit impact, as well as dark launching where new code is executed silently before a full launch.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...RootedCON
1. The document discusses a presentation given by Juan Vazquez and Julian Vilas analyzing vulnerabilities in the Yokogawa CENTUM CS 3000 R3 SCADA system.
2. They discovered several buffer overflow vulnerabilities through fuzzing protocols and applications used by the system. Exploits were developed and disclosed to the vendor through a responsible disclosure process.
3. The presentation demonstrates exploits through Metasploit and discusses how an attacker could potentially tamper with process variables to manipulate control processes after gaining remote code execution on the system through the buffer overflows.
Hugo Teso - Profundizando en la seguridad de la aviación [Rooted CON 2014]RootedCON
This document discusses vulnerabilities in aviation technology. It describes how aircraft communication systems like ACARS and ADS-B can be exploited to gather information or interfere with flight systems. Newer wireless technologies for updating aircraft software systems could also provide new attack vectors. The document demonstrates hacking an aircraft's autopilot system using a drone and modified software. It promotes further research into aviation security issues.
The document provides feedback on UPMC's deployment of uPortal 4.2+ with a responsive design. It summarizes UPMC's migration strategy of running parallel projects to update existing portlets to uPortal 4.2+ while developing a new multi-tenant architecture. It also describes homemade responsive design improvements made to uPortal like off-canvas menus and sticky navigation. Finally, it outlines steps taken to make the Apereo Email Preview portlet responsive through a proof of concept, including market research on existing responsive email clients.
Deploying responsive uPortal 4.2 at UPMC - Sorbonne UniversitésChristian Cousquer
This document provides feedback on deploying uPortal 4.2+ at UPMC and includes the following key points:
1) It summarizes the context and current deployment of the UPMC portal called monUPMC, which has been in production since 2012.
2) It describes the migration strategy adopted at UPMC to update the base and portlets to uPortal 4.2+ while maintaining functionality and switching to a multi-tenant architecture.
3) It shares experiences from developing responsive features like off-canvas menus for uPortal to address regressions from the prior universal design.
The document discusses the draft USG IPv6 V1.0 Profile, which provides requirements for IPv6-capable systems in the US government. It addresses topics like the profile's scope and relationship to other efforts. It also identifies several issues that may be of interest to the SAAG group, such as IPsec algorithms and requirements, privacy addresses, and developing a testing program. Stakeholders are encouraged to provide comments on the draft profile.
The document discusses software-defined networking (SDN) and an alternative paradigm called hybrid open (HOpen) architecture. HOpen architecture separates the control plane from the forwarding plane, like in SDN, but also leverages existing vendor code while allowing operators to develop new features independently. The author provides examples of how Comcast has added new protocols and capabilities to the HOpen platform to innovate more quickly without relying solely on vendors or standards bodies. HOpen represents a middle ground between traditional vendor-controlled networks and pure open SDN and could change how new protocols are developed and adopted.
This document summarizes an update on Project SLOPE's Task 3.6 on data management and backup. The task aims to develop a system for exchanging data between field hardware and a central computer, and provide a data backup strategy. It is led by CNR and involves several partners. The current status is 50% complete. A key output is a prototype portable and internally powered "black box" for daily/weekly data backups and transmitting data from areas without network coverage, due by Month 25.
an API for standardised access to Big Earth Observation data in a landscape of a growing number of EO cloud providers
11:40
16/11/2019
With the opening of global archives of Earth Observation data streams from satellites we have arrived at a richness of operationally available observations over the whole globe, starting from the Landsat series of satellites and now the plethora of available data coming through Copernicus and its series of Sentinel satellites, that has never been available before. This created huge opportunities for research and businesses, being able to exploit the temporal domain of those observations in a powerful manner, but also poses challenges in terms of data management and processing capacities. As a consequence, a growing number of cloud services and customized solutions in various research centres have been developed, leading to processing workflows optimized for specific system architectures and back-end infrastructures. As such this is limiting portability and reproducibility of workflows across backends, both for science and business applications. (...)
This document summarizes a presentation about advanced deployment strategies including canary releases, deployment rings, and dark launches. The presentation covers:
- How canary releases work by deploying a new version to a subset of infrastructure initially before gradually routing more users to it while monitoring for issues
- Key considerations for canary releases like ensuring a consistent user experience and having a rollback path
- How deployment rings limit impact on users by gradually deploying and validating changes in production rings
- Dark launches where new code is executed silently before a full launch to test infrastructure changes before high traffic
The document discusses model-driven telemetry as an approach to network visibility and monitoring. It describes some of the challenges with traditional monitoring approaches like SNMP polling. Model-driven telemetry uses data models to push analytics-ready data from network devices to collectors. Key aspects covered include using YANG models to map native device data, encoding the data using protocols like gRPC and Google Protocol Buffers, and configuring subscriptions to stream telemetry data from sensors to destinations.
Model-driven Telemetry: The Foundation of Big Data AnalyticsCisco Canada
This document discusses model-driven telemetry. It begins by explaining the origins of telemetry, noting its use in applications like military, medical, and networking. It then discusses telemetry use cases like network health monitoring, troubleshooting, and capacity planning. Next, it covers challenges with traditional telemetry methods like SNMP and syslog being too slow, incomplete, and hard to operationalize. The document then introduces the concepts of streaming telemetry and model-driven telemetry as an improved approach, discussing how it is based on open standards like YANG data models, gRPC protocol, and protocol buffer encodings. It provides examples of configuring sensors, destinations, and subscriptions on Cisco networking devices.
Ayush M Bhesaniya is seeking an internship or full-time position in electrical engineering. He has a master's degree in electrical engineering from San Jose State University and is currently interning at Synopsys, where he has developed scripts, GUIs, and templates to automate testing processes. Some of his academic projects include implementing an arbiter for multiple masters and slaves, designing an LCD graphics controller using an AHB bus interface, and verifying a UART using UVM. He has skills in programming languages like Verilog, VHDL, C, C++, and scripting languages like Perl and Python.
The document discusses trends in open source software vulnerabilities (OSS CVEs). It finds that the number of OSS CVEs is growing rapidly, driven by increased security research and tools like Google's OSS Fuzz project. When major vulnerabilities are disclosed, related CVE reports increase in subsequent months. High priority CVEs often see attacks within days of publication. The document provides several ways to learn about vulnerabilities quickly, such as Mitre's CVE changelog, security mailing lists, and checking the websites of major OSS projects.
Simple AEAD Hardware Interface SAEHI in a SoC: Implementing an On-Chip Keyak/...mjos
Presenter: Markku-Juhani O. Saarinen
Talk: Design and implementation of the WhirlBob and Keyak/WhirlBob embedded FPGA System-on-Chip co-processor for the second round of the CAESAR competition
Conference: TrustED 2014 - Arizona, USA, 03 November 2014,
http://th.informatik.uni-mannheim.de/trusted-workshop/2014/
The document discusses advanced deployment strategies including canary releases, deployment rings, and dark launching. It defines canary releases as deploying a new version to a subset of infrastructure initially without routing live traffic to it. Benefits include reducing risk and allowing capacity testing in production. The document reviews how to implement canary releases by routing a percentage of users to the new version while monitoring for issues before routing all users. It also discusses using deployment rings to gradually rollout changes and limit impact, as well as dark launching where new code is executed silently before a full launch.
Similar to RootedCON 2014 - Kicking around SCADA! (20)
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Tatiana Kojar
Skybuffer AI, built on the robust SAP Business Technology Platform (SAP BTP), is the latest and most advanced version of our AI development, reaffirming our commitment to delivering top-tier AI solutions. Skybuffer AI harnesses all the innovative capabilities of the SAP BTP in the AI domain, from Conversational AI to cutting-edge Generative AI and Retrieval-Augmented Generation (RAG). It also helps SAP customers safeguard their investments into SAP Conversational AI and ensure a seamless, one-click transition to SAP Business AI.
With Skybuffer AI, various AI models can be integrated into a single communication channel such as Microsoft Teams. This integration empowers business users with insights drawn from SAP backend systems, enterprise documents, and the expansive knowledge of Generative AI. And the best part of it is that it is all managed through our intuitive no-code Action Server interface, requiring no extensive coding knowledge and making the advanced AI accessible to more users.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Dive into the realm of operating systems (OS) with Pravash Chandra Das, a seasoned Digital Forensic Analyst, as your guide. 🚀 This comprehensive presentation illuminates the core concepts, types, and evolution of OS, essential for understanding modern computing landscapes.
Beginning with the foundational definition, Das clarifies the pivotal role of OS as system software orchestrating hardware resources, software applications, and user interactions. Through succinct descriptions, he delineates the diverse types of OS, from single-user, single-task environments like early MS-DOS iterations, to multi-user, multi-tasking systems exemplified by modern Linux distributions.
Crucial components like the kernel and shell are dissected, highlighting their indispensable functions in resource management and user interface interaction. Das elucidates how the kernel acts as the central nervous system, orchestrating process scheduling, memory allocation, and device management. Meanwhile, the shell serves as the gateway for user commands, bridging the gap between human input and machine execution. 💻
The narrative then shifts to a captivating exploration of prominent desktop OSs, Windows, macOS, and Linux. Windows, with its globally ubiquitous presence and user-friendly interface, emerges as a cornerstone in personal computing history. macOS, lauded for its sleek design and seamless integration with Apple's ecosystem, stands as a beacon of stability and creativity. Linux, an open-source marvel, offers unparalleled flexibility and security, revolutionizing the computing landscape. 🖥️
Moving to the realm of mobile devices, Das unravels the dominance of Android and iOS. Android's open-source ethos fosters a vibrant ecosystem of customization and innovation, while iOS boasts a seamless user experience and robust security infrastructure. Meanwhile, discontinued platforms like Symbian and Palm OS evoke nostalgia for their pioneering roles in the smartphone revolution.
The journey concludes with a reflection on the ever-evolving landscape of OS, underscored by the emergence of real-time operating systems (RTOS) and the persistent quest for innovation and efficiency. As technology continues to shape our world, understanding the foundations and evolution of operating systems remains paramount. Join Pravash Chandra Das on this illuminating journey through the heart of computing. 🌟
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfflufftailshop
When it comes to unit testing in the .NET ecosystem, developers have a wide range of options available. Among the most popular choices are NUnit, XUnit, and MSTest. These unit testing frameworks provide essential tools and features to help ensure the quality and reliability of code. However, understanding the differences between these frameworks is crucial for selecting the most suitable one for your projects.
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on automated letter generation for Bonterra Impact Management using Google Workspace or Microsoft 365.
Interested in deploying letter generation automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
A Comprehensive Guide to DeFi Development Services in 2024Intelisync
DeFi represents a paradigm shift in the financial industry. Instead of relying on traditional, centralized institutions like banks, DeFi leverages blockchain technology to create a decentralized network of financial services. This means that financial transactions can occur directly between parties, without intermediaries, using smart contracts on platforms like Ethereum.
In 2024, we are witnessing an explosion of new DeFi projects and protocols, each pushing the boundaries of what’s possible in finance.
In summary, DeFi in 2024 is not just a trend; it’s a revolution that democratizes finance, enhances security and transparency, and fosters continuous innovation. As we proceed through this presentation, we'll explore the various components and services of DeFi in detail, shedding light on how they are transforming the financial landscape.
At Intelisync, we specialize in providing comprehensive DeFi development services tailored to meet the unique needs of our clients. From smart contract development to dApp creation and security audits, we ensure that your DeFi project is built with innovation, security, and scalability in mind. Trust Intelisync to guide you through the intricate landscape of decentralized finance and unlock the full potential of blockchain technology.
Ready to take your DeFi project to the next level? Partner with Intelisync for expert DeFi development services today!
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
1. 1
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Tú a Boston Barcelona y yo a
California Tejas
A patadas con mi SCADA!
Juan Vazquez & Julian Vilas
2. 2
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Presentation
! Juan Vazquez (@_juan_vazquez_) from Austin (USA)
– Exploit developer at Metasploit (Rapid7)
! Julian Vilas (@julianvilas) (Redsadic) from Barcelona
(Spain)
– Security analyst & researcher at Scytl
! Bloggers of a non-too-much-regularly-updated blog J
– testpurposes.net
3. 3
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Motivation
! After being working side by side during years, we
decided to do something together! (Just when we’re
8.000 Km far)
– Handicap: Distance & Timezones (GMT +1 vs GMT - 6)
4. 4
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Motivation
! What? Some SCADA research:
– No intro to SCADA
– No compliance & regulation review
– No paperwork research about its security in general
– Just (in-depth) analysis of a big SCADA product
! Why?...
5. 5
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Index
! Introduction
! Platform Discovery
! Vulnerabilities & Exploitation
! Post Exploitation
! Last topic
! Conclusions
6. 6
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Introduction
! Yokogawa CENTUM CS 3000 R3
“Yokogawa released CENTUM CS 3000 R3 in 1998 as the first Windows-based
production control system under our brand. For over 10 years of continuous
developments and enhancements, CENTUM CS 3000 R3 is equipped with functions
to make it a matured system. With over 7600 systems sold worldwide, it is a
field-proven system with 99.99999% of availability.”
7. 7
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Introduction
! Present at oil&gas, refining, chemical, power, …
– Customers (all over the world) like: BP, Total, Chevron,
Shell, Tamoil, Samsung, Bridgestone, Mitsubishi, PPT, …
8. 8
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Introduction
! Why we selected this product?
– Handicap: closed software, difficult to get access
! First version achieved
– R3.02 (September 2001)
! Finally, digging deeper into the Wild Wild Web, we
found a more recently version
– R3.08.50 (October 2007)
9. 9
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Introduction. Basic elements.
! FCS (controller)
! HIS (operation&monitoring station)
! Field elements
11. 11
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Introduction. Our Environment
! What exactly do we have?
! Tons of exe’s, dll’s, docs, installed on Windows XP
SP2 (SP3 support was added on R3.08.70
(November 2008)) ← Yes, WTF!
! Software with capabilities for:
– Operating & monitoring functions (HIS)
– Engineering
– FCS simulation & virtual testing
12. 12
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Introduction. Our Environment
! Spend lot of hours reading documentation
– Wasn’t funny :(
! Found utilities for designing the operation &
monitoring graphics
– FYI the graphics can be viewed like logic circuits,
interpretated by the controller
13. 13
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Introduction. Our Environment
! Started playing with it but soon realized we were
totally lost
Who said 8 == D ?
14. 14
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Introduction. Our Environment
! Process Variable (PV)
! Set Point Variable (SV)
! Manipulated Variable (MV)
15. 15
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Introduction. Our Environment
16. 16
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Introduction. Our Environment
! It means:
– FCS gets PVs from I/O modules
– FCS knows the SV value, and therefore if it should do any
correction operation (MV) to I/O modules
17. 17
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Introduction. Our Environment
! From the point of view of operating & monitoring
– HIS gets PVs from FCS
– HIS can set SVs to FCS
– HIS can get MVs from FCS
S
V
P
V
18. 18
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Introduction
! Doesn’t look familiar?
19. 19
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Platform Discovery
! Work with the product
! Discover the components
! Discover the Real Attack Surface!
– Windows Services
– Application Network Services
– Application Local Services
– Application client components (ActvX).
20. 20
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Platform Discovery
! Example: Initial Installation
21. 21
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Platform Discovery
! Example: Basic Demo Project Running (I) /
Processes
22. 22
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Platform Discovery
! Example: Basic Demo Project Running (II) / Network
23. 23
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Vulnerabilities. Documentation.
! First fails were discovered during installation
process
– Windows user created: “CENTUM”
– Password: we’re sure you can guess it in your first try ;)
24. 24
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Vulnerabilities. Documentation.
– Program installed under “C:CS3000”
– Wait….
25. 25
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Vulnerabilities. Documentation.
! WTF?
26. 26
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Vulnerabilities. Documentation.
! WTF?
27. 27
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Vulnerabilities. Documentation.
! WTF?
28. 28
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Vulnerabilities. Documentation.
! WTF?
29. 29
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Vulnerabilities. Design.
! Problems in typical SCADA protocols (like MODBUS)
have been widely discussed
! Things are not so different here, even in the
application layers you can spot a set of protocols
with a lack of authentication, integrity checks, etc.
30. 30
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Vulnerabilities. Design.
! Example: File Sharing protocol, similarities with FTP.
No authentication
31. 31
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
RETR command STOR command
Vulnerabilities. Design.
32. 32
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Vulnerabilities. Design.
! Metasploit DEMO.
– Using Auxiliary modules to download and upload files.
33. 33
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Vulnerabilities. Implementation...
! 5 Vulnerabilities Found
– Stack and Heap Based Buffer Overflows
– In different binaries (applications and protocols)
! Disclosure
– Rapid7 Vulnerability Disclosure Policy
• https://www.rapid7.com/disclosure.jsp
– Contact with Vendor (15 days)
– Disclosure with CERT (45 days) (CERT and JPCERT in our
case)
– Public Disclosure (60 days)
34. 34
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Vulnerabilities. Implementation.
! Summary
– Heap Buffer Overflow in BKCLogSvr.exe
– It shouldn’t be readable
– Stack Buffer Overflow in BKHOdeq.exe
– Stack Buffer Overflow in BKBCopyD.exe
– It shouldn’t be readable
35. 35
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Vulnerabilities. Implementation.
! How to find them? Semi Guided Dumb Fuzzing
1) Basic understanding of the Protocol
– Network Captures
– Reverse Engineering
2) Fuzz
3) Profit
36. 36
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Vulnerabilities. Implementation.
! Heap overflow in BKCLogSvr.exe
– Uninitialized stack data + memcpy
37. 37
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Vulnerabilities. Implementation.
! Buffer Overflow in BKHOdeq.exe
– Extracting lines from user data
38. 38
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Vulnerabilities. Implementation.
! Buffer Overflow in BKBCopyD.exe
– Use of dangerous functions vsprintf and strcpy in the
same function.
– Used to parse commands and arguments… ooops!
39. 39
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Exploitation
! Supported Operating Systems
40. 40
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Exploitation
! Lack of Compilation Time Protections (stack
cookies)
! Lack of Linking Time Protections (SAFESeh)
41. 41
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Exploitation
! DEMO: Metasploit vs Yokogawa CENTUM CS3000
– Exploits will be landed in Metasploit.
– Free shells! we love shells! J
– Check your installations! (more about that later…)
42. 42
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Post Exploitation
! We got shells… now what?
43. 43
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Post Exploitation
! We should have access to systems with highly
valuable data, get it!
! Steal data in SCADA environments :?
– Meterpreter is a powerful payload!!
– OJ (TheColonial) is doing an awesome work with it!
– You definitely should read:
• http://buffered.io/posts/3-months-of-meterpreter/
44. 44
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Post Exploitation
! The recent OJ’s work includes Window Integration:
“The goal here was to make it possible to enumerate all the windows on the current
desktop to give you a clearer view of what the user is running, and to perhaps allow
for interaction with those Windows later via Railgun”
! We have used it to enumerate interesting windows,
maximize and screenshot them!
45. 45
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Post Exploitation
! We should have access to systems with the power… to move
things… move them!
! Code Injection to allow tampering of communications
between HIS and FCS
! What to tamper?
– SV
! Where?
– BKFSim_vhfd.exe
! How?
– Uses ws2_32.dll and its API for TCP sockets.
46. 46
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Post Exploitation
! How to hijack?
– File System: Just drop a trojanized DLL
– Memory:
• IAT hijack?
• Detours Hooks?
! …
! Metasploit Friendly :?:?
47. 47
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Post Exploitation
! Reflective DLL Injection!
– Stephen Fewer
! Integrated Into Metasploit / Meterpreter
– https://github.com/stephenfewer/
ReflectiveDLLInjection
48. 48
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Post Exploitation
! Metasploit & Reflective DLL Injection
– Meterpreter & Extensions Loading
– Payload stage
• payload/windows/stage/dllinject
– Local Kernel Exploits
• Example: CVE-2013-3660 (pprFlattenRec)
– Post Exploitation
• post/windows/manage/reflective_dll_inject
49. 49
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Post Exploitation
! DEMO
– Windows Screenshots with Metasploit
– Reflective DLL injection: trojanizing comms for
manipulating the control processes!
50. 50
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Last topic
! OK, looks that the system is…
! …but, it isn’t so important because these systems
live in isolated environments, right?...
51. 51
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Last topic
! Shit! Let’s see again Yokogawa docs…
52. 52
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Last topic. #ScanAllTheThings
! With all this knowledge… wouldn’t be awesome to
know if all this research matters?
! Rapid7 - Project Sonar
– ZMAP
– Metasploit
! Thanks to Rapid7 for helping us to
#ScanAllTheThings
– Specially to Tas Giakouminakis and Mark Schloesser
– Don’t lose the opportunity to attend BH ASIA 2014!
53. 53
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Last topic. #ScanAllTheThings
! Let’s see if we can find something out there…
UDP
Services
TCP
Services
BKESysView
1057/UDP
BKERDBFlagSet
1059/UDP
BKHBos
1062/UDP
BKHOdeq
1064/UDP
BKHMsMngr
1065/UDP
BKHExtRecorder
1069/UDP
BKHClose
1070/UDP
BKHlongTerm
1071/UDP
BKHSched
1072/UDP
BKBBDFH
1074/UDP
BKBRECP
1075/UDP
BKHOpmp
1076/UDP
BKHPanel
1077-‐1082/UDP
BKHSysMsgWnd
1083/UDP
BKETestFunc
1084/UDP
BKFOrca
1085/UDP
BKHOdeq
20109/TCP
BKFSim_vhfd.exe
20110/TCP
BKBCopyD
20111/TCP
BKBBDFH
20153/TCP
BKHOdeq
20171/TCP
BKBBDFH
20174/TCP
BKHlongTerm
20183/TCP
54. 54
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Last topic. #ScanAllTheThings
! Methodology:
– TCP Scan the Internet with ZMAP: 1,301,154
suspicious addresses
– Eliminate false positives (blacklists, plus tests to discover
addresses answering open to all): 56,911 suspicious
addresses
– Use metasploit-framework to scan with the safe probes
55. 55
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Last topic
! In addition we’ve a bunch of vulnerabilities which
worths to detect
– Metasploit isn’t a Vulnerability Scanner but...
...because
some
probes/
checks
in
exploits
are
really
good.
WriXng
good
probes
isn’t
easy
indeed!
56. 56
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Last topic
! Results:
– 2 important environments around the world, conducting important
research projects with Yokogawa, are exposing CENTUM CS 3000
projects to the world
57. 57
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Conclusions
! Goals
– Understand and minimal deploy of the product
– Dissect and pwn it
– Discover how does it affect to the world
! Problems
– Distance
– Resources
– Attorneys
! Final conclusions
– Severity
– White hat vs Black Hat
58. 58
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Questions?
! More info at
– Twitter
• @_juan_vazquez_
• @julianvilas
– Testpurposes.net
– Rapid7 blog
! Released exploits at Metasploit
THANKS!