This document discusses a presentation given by the SCADA StrangeLove team, a group of security researchers focused on industrial control systems. The presentation provides an overview of railway safety and signaling systems such as ETCS and analyzes past railway accidents like those in Santiago de Compostela and Wenzhou. It also examines train communication networks and onboard control systems from a security perspective. Throughout, it emphasizes that the views expressed are those of the researchers and not their employers.
SCADA deep inside:protocols and software architectureqqlan
Speakers: Alexander Timorin, Alexander Tlyapov, Gleb Gritsai
This talk will feature a technical description and a detailed analysis of such popular industrial protocols as Profinet DCP, IEC 61850-8-1 (MMS), IEC 61870-5-101/104, based on case studies. We will disclose potential opportunities that those protocols provide to attackers, as well as the authentication mechanism of the Siemens proprietary protocol called S7.
Besides protocols, the results of the research called Siemens Simatic WinCC will be presented. The overall component interaction architecture, HTTP protocols and interaction mechanisms, authorization and internal logic vulnerabilities will be shown.
The talk will be concluded with a methodological approach to network protocol analysis, recommendation, and script release.
The goal of the talk is to demonstrate how technical vulnerabilities in the IT components can be used to bypass industrial and functional safety features and create cable melting or blackout conditions. Few (fixed) vulnerabilities in Relay Protection terminals discovered by the SCADA StrangeLove team will be discussed.
SCADA deep inside:protocols and software architectureqqlan
Speakers: Alexander Timorin, Alexander Tlyapov, Gleb Gritsai
This talk will feature a technical description and a detailed analysis of such popular industrial protocols as Profinet DCP, IEC 61850-8-1 (MMS), IEC 61870-5-101/104, based on case studies. We will disclose potential opportunities that those protocols provide to attackers, as well as the authentication mechanism of the Siemens proprietary protocol called S7.
Besides protocols, the results of the research called Siemens Simatic WinCC will be presented. The overall component interaction architecture, HTTP protocols and interaction mechanisms, authorization and internal logic vulnerabilities will be shown.
The talk will be concluded with a methodological approach to network protocol analysis, recommendation, and script release.
The goal of the talk is to demonstrate how technical vulnerabilities in the IT components can be used to bypass industrial and functional safety features and create cable melting or blackout conditions. Few (fixed) vulnerabilities in Relay Protection terminals discovered by the SCADA StrangeLove team will be discussed.
IEC 61131-9
Point-to-point communications protocol from the fieldbus to the sensor and actuator level.
IO-Link master acts as a gateway between the IO-Link device and the higher level communication system, such as a fieldbus (Profinet, EtherNet/IP, etc.) or a device-specific backplane bus.
IO-Link device is the field device with communication capability: sensors, switching devices, valve terminals, RFID devices, indicator lights, etc.
MIPI DevCon 2016: A Developer's Guide to MIPI I3C ImplementationMIPI Alliance
In this presentation, Intel's Ken Foust, MIPI Sensor Working Group Chair, provides early adopters of MIPI I3C with targeted guidance on how to ensure a successful and efficient implementation of MIPI I3C in their products.
Leveraging I2C as a foundation, many components of MIPI I3C will be familiar to implementers, but with guidance provided here, viewers will gain a clearer understanding of MIPI I3C’s new innovative features, how they will improve their systems, and what considerations should be made to fully leverage them.
IO-Link is an independent sensor/actuator interface solution for use with several industrial fieldbus and industrial network solutions, including PROFIBUS and PROFINET. The presentation will provide an introduction to this technology, the types of devices available, how they are parameterised and how they are integrated within a programmable control system.
IO-Link – What is it?
• IO-Link is the first standardised IO technology worldwide (IEC 61131-9) for the communication with sensors and also actuators.
• It is typically used in an automation environment below the I/O level for individual linking of field devices
• It uses point-to-point communication based on the long established 3-wire sensor and actuator connection without additional requirements regarding cabling.
• IO-Link is not a fieldbus, nor is it a replacement for AS-i. It is however evidence of the further development of the existing, tried-and-tested connection technology for sensors and actuators.
• Since 2010, IO-Link has been incorporated within the PROFIBUS & PROFINET User Organisation (PNO)
MIPI DevCon 2016: MIPI I3C High Data Rate ModesMIPI Alliance
The MIPI I3C standardized sensor interface provides a number of significant advantages over existing digital sensor interfaces. One of the most advanced features is the ability to operate in I3C high data rate modes, HDR-DDR, HDR-TSP and HDR-TSL, which provides the best performance in both speed and power. Alex Passi of Cadence Design Systems presents I3C interface basics and focuses on various verification aspects of I3C HDR modes through an advanced verification methodology based on coverage driven verification and real-life scenarios.
The Peek EuroController EC-2® is a state-of-the-art traffic
controller, rooted in a long tradition of innovation and
robustness. On the one hand it has an innovative design
which integrates a flexible software architecture on a high
power processor with extensive open connectivity. On
the other hand it has a safety architecture that complies
with European and local directives and electronics that is
durable, robust and easy to maintain.
With an installed base approaching 4 million nodes IO-Link is THE protocol for communication down to the sensor and actuator level. This presentation will be covering what a typical IO-Link solution consists of, how it interfaces to the control system and the benefits that can be derived from this increased level of communication with IO-Link devices. These include: easier handling of measurement signals, remote and automatic device parameterisation, smart sensor diagnostic functions, safety over IO-Link whilst also being an enabler for Industrial IoT and Industry 4.0 strategies.
SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]qqlan
For two years SCADA StrangeLove speaks about Industrial Control Systems and nuclear plants. This year we want to discuss Green Energy. Our hackers' vision of Green Energy, SmartGrids and Cloud IoT technology.
We will also speak about the security problems of traditional "heavy" industrial solutions, about the things that Zurich Airport and Large Hadron Collider have in common On top of it you will learn about our new releases, some funny and not so funny stories about discovery and fixing of vulnerabilities and the latest news from the front struggling for the Purity of Essence. Our latest research was devoted to the analysis of the architecture and implementation of the most wide spread platforms for wind and solar energy generation which produce many gigawatts of it. It may seem (not) surprising but the systems which manage huge turbine towers and household PhotoVoltaic plants are not only connected to the internet but also prone to many well known vulnerabilities and low-hanging 0-days. Even if these systems cannot be found via Shodan, fancy cloud technologies leave no chances for security. We will also speak about the security problems of traditional "heavy" industrial solutions, about the things that Zurich Airport and Large Hadron Collider have in common and why one should not develop brand new web server. Specially for the specialists on the other side of the fences, we will show by example of one industry the link between information security and industrial safety and will also demonstrate how a root access gained in a few minutes can bring to nought all the years of efforts that were devoted to the improvement of fail-safety and reliability of the ICS system. On top of it you will learn about our new releases, some funny and not so funny stories about discovery and fixing of vulnerabilities and the latest news from the front struggling for the Purity of Essence.
──────────
➤Speaker: Sergey Gordeychik, Aleksandr Timorin
Presentation on connector solutions for the Railroad industry with an emphasis on Industrial Ethernet technologies. Hardened RJ45 connectors, IP65 and IP67 solutions, M12 D-Coded and M12 X-Coded connectors, DIN rail mounted RJ45 and fiber optic terminal blocks.
IEC 61131-9
Point-to-point communications protocol from the fieldbus to the sensor and actuator level.
IO-Link master acts as a gateway between the IO-Link device and the higher level communication system, such as a fieldbus (Profinet, EtherNet/IP, etc.) or a device-specific backplane bus.
IO-Link device is the field device with communication capability: sensors, switching devices, valve terminals, RFID devices, indicator lights, etc.
MIPI DevCon 2016: A Developer's Guide to MIPI I3C ImplementationMIPI Alliance
In this presentation, Intel's Ken Foust, MIPI Sensor Working Group Chair, provides early adopters of MIPI I3C with targeted guidance on how to ensure a successful and efficient implementation of MIPI I3C in their products.
Leveraging I2C as a foundation, many components of MIPI I3C will be familiar to implementers, but with guidance provided here, viewers will gain a clearer understanding of MIPI I3C’s new innovative features, how they will improve their systems, and what considerations should be made to fully leverage them.
IO-Link is an independent sensor/actuator interface solution for use with several industrial fieldbus and industrial network solutions, including PROFIBUS and PROFINET. The presentation will provide an introduction to this technology, the types of devices available, how they are parameterised and how they are integrated within a programmable control system.
IO-Link – What is it?
• IO-Link is the first standardised IO technology worldwide (IEC 61131-9) for the communication with sensors and also actuators.
• It is typically used in an automation environment below the I/O level for individual linking of field devices
• It uses point-to-point communication based on the long established 3-wire sensor and actuator connection without additional requirements regarding cabling.
• IO-Link is not a fieldbus, nor is it a replacement for AS-i. It is however evidence of the further development of the existing, tried-and-tested connection technology for sensors and actuators.
• Since 2010, IO-Link has been incorporated within the PROFIBUS & PROFINET User Organisation (PNO)
MIPI DevCon 2016: MIPI I3C High Data Rate ModesMIPI Alliance
The MIPI I3C standardized sensor interface provides a number of significant advantages over existing digital sensor interfaces. One of the most advanced features is the ability to operate in I3C high data rate modes, HDR-DDR, HDR-TSP and HDR-TSL, which provides the best performance in both speed and power. Alex Passi of Cadence Design Systems presents I3C interface basics and focuses on various verification aspects of I3C HDR modes through an advanced verification methodology based on coverage driven verification and real-life scenarios.
The Peek EuroController EC-2® is a state-of-the-art traffic
controller, rooted in a long tradition of innovation and
robustness. On the one hand it has an innovative design
which integrates a flexible software architecture on a high
power processor with extensive open connectivity. On
the other hand it has a safety architecture that complies
with European and local directives and electronics that is
durable, robust and easy to maintain.
With an installed base approaching 4 million nodes IO-Link is THE protocol for communication down to the sensor and actuator level. This presentation will be covering what a typical IO-Link solution consists of, how it interfaces to the control system and the benefits that can be derived from this increased level of communication with IO-Link devices. These include: easier handling of measurement signals, remote and automatic device parameterisation, smart sensor diagnostic functions, safety over IO-Link whilst also being an enabler for Industrial IoT and Industry 4.0 strategies.
SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]qqlan
For two years SCADA StrangeLove speaks about Industrial Control Systems and nuclear plants. This year we want to discuss Green Energy. Our hackers' vision of Green Energy, SmartGrids and Cloud IoT technology.
We will also speak about the security problems of traditional "heavy" industrial solutions, about the things that Zurich Airport and Large Hadron Collider have in common On top of it you will learn about our new releases, some funny and not so funny stories about discovery and fixing of vulnerabilities and the latest news from the front struggling for the Purity of Essence. Our latest research was devoted to the analysis of the architecture and implementation of the most wide spread platforms for wind and solar energy generation which produce many gigawatts of it. It may seem (not) surprising but the systems which manage huge turbine towers and household PhotoVoltaic plants are not only connected to the internet but also prone to many well known vulnerabilities and low-hanging 0-days. Even if these systems cannot be found via Shodan, fancy cloud technologies leave no chances for security. We will also speak about the security problems of traditional "heavy" industrial solutions, about the things that Zurich Airport and Large Hadron Collider have in common and why one should not develop brand new web server. Specially for the specialists on the other side of the fences, we will show by example of one industry the link between information security and industrial safety and will also demonstrate how a root access gained in a few minutes can bring to nought all the years of efforts that were devoted to the improvement of fail-safety and reliability of the ICS system. On top of it you will learn about our new releases, some funny and not so funny stories about discovery and fixing of vulnerabilities and the latest news from the front struggling for the Purity of Essence.
──────────
➤Speaker: Sergey Gordeychik, Aleksandr Timorin
Presentation on connector solutions for the Railroad industry with an emphasis on Industrial Ethernet technologies. Hardened RJ45 connectors, IP65 and IP67 solutions, M12 D-Coded and M12 X-Coded connectors, DIN rail mounted RJ45 and fiber optic terminal blocks.
An Approach to Improve the Railway Crack Detection in the Tracks by Automated...IOSR Journals
Abstract : Today in the real time world, so many type of transports are available like, flights, trains, buses, but
majority of the people doing their travelling in trains only because due to less amount of charge for long time
journey and at the same time it is more comfortable also. For those people we have to provide the safety journey,
so the government has to take the responsibility for this. Although the government has taken necessary steps to
safe journey but due to some reasons the accidents will happens. One of the major accidents in the railways
networks are occurs due to track side faults. The track side fault means it will occur as natural or artificial. To
avoid this we are going to design the automated engine model. In this design the engine should be automated and
it is connected to the RF Rays. The automation techniques are based on two nodes, Track side node and Station
side node. The proposed scheme has been modelled for Automation Engines in the Indian railway networks
alone.
Keywords : Crack, Detection, GSM, Automation, Engines.
An Approach to Improve the Railway Crack Detection in the Tracks by Automated...IOSR Journals
Abstract : Today in the real time world, so many type of transports are available like, flights, trains, buses, but majority of the people doing their travelling in trains only because due to less amount of charge for long time journey and at the same time it is more comfortable also. For those people we have to provide the safety journey, so the government has to take the responsibility for this. Although the government has taken necessary steps to safe journey but due to some reasons the accidents will happens. One of the major accidents in the railways networks are occurs due to track side faults. The track side fault means it will occur as natural or artificial. To avoid this we are going to design the automated engine model. In this design the engine should be automated and it is connected to the RF Rays. The automation techniques are based on two nodes, Track side node and Station side node. The proposed scheme has been modelled for Automation Engines in the Indian railway networks alone. Keywords : Crack, Detection, GSM, Automation, Engines.
SIS Group Int. offers a reliable integrated railway transport management system. The system increases railway safety, controllability, carrying capacity.
Ed Adams, CEO of Security Innovation, along with Brian Witten from Symantec address the trade-off between safety, security and convenience as well as the steps that need be taken by manufacturers before we can trust our the new IoT ecosystem to deliver the promised benefits of connected services.
Embedded Fest 2019. Антон Волошин. Connected Mobility: from Vehicle to CloudEmbeddedFest
Vehicle connection with the outside world is one of the modern trends of automotive industry development. The key element of connected vehicle is telematics control unit (TCU). From the one hand telematics unit interacts with electronic control units (ECUs) in vehicle, such as Head Unit, Board Control Module, etc. over CAN or Automotive Ethernet, from the other hand – with the cloud services via modem and CDMA\GSM\LTE networks. TCU provides a wide range of useful features: remote commands, remote diagnostics, Wi-Fi hotspot, car positioning, online traffic and hazard information besides the basic emergency call functionality. Telematics essentials and architecture, as well as features implementation in detail, will be presented. Integration and homologation testing specifics will also be discussed.
ADVANCED RAILWAY SECURITY SYSTEM (ARSS) BASED ON ZIGBEE COMMUNICATION FOR TRA...rashmimabattin28
The principle point of this paper is to build up an inserted framework to distinguishing rail track flaw sending message to close station utilizing ZIGBEE TECHNOLOGY.
The boom of artificial intelligence brought to the market a set of impressive solutions both on hardware and software sides. On the other hand, massive implementation of AI in various areas brings about problems, and security is one of the greatest concerns. The speaker will present results of hands-on vulnerability research of different components of AI infrastructure, including NVIDIA DGX GPU servers, ML frameworks, such as PyTorch, Keras, and TensorFlow, data processing pipelines and specific applications, including medical imaging and face recognition–powered CCTV. Updated Internet Census toolkit based on the Grinder framework will be introduced.
ROMAN PALKIN
Backed up with real examples, this talk reviews the capabilities of widely-used frameworks TensorFlow and PyTorch for creating and spreading malicious software as well as implementing covert data communication channels. The purpose of this presentation is to draw attention of the community to the danger posed by careless use of Machine Learning models from unreliable sources.
AI for security or security for AI - Sergey GordeychikSergey Gordeychik
Machine learning technologies are turning from rocket science into daily engineering life. You no longer have to know the difference between Faster R-CNN and HMM to develop a machine vision system, and even OpenCV has bindings for JavaScript allowing to resolve quite serious tasks all the while remaining in front end. On other hand massive implementation of AI in various areas brings about problems, and security is one of the greatest concerns. In the broader context security is really all about trust.
Do we trust AI? I don’t, personally.
What is “state of the art” in AI security? Yesterday it was a PoC, not a product, today becoming a We will fix it later, tomorrow it will be a if it works, don’t touch it. And tomorrow is too late.
But what we can do for Trustworthy AI? There are just no simple answers.
You can’t install antivirus or calculate hashes to control integrity of annotated dataset. Traditional firewalls and IDS are almost useless in ML cloud internal SDN Infiniband network. Event C-level Compliance such as PCI DSS and GDPR doesn’t work for massive country-level AI deployments. What about vulnerability management for TensorFlow ML model? How it will impact ROC and AUC?..
To make it better we should rethink Cyber Resilience for AI process, systems and applications to make sure that they continuously deliver the intended outcome despite adverse cyber events. Make sure that security is genuinely integrated into innovation that AI brings into our lives. To trust AI and earn his trust, perhaps?
Having developed a test set, we started to research how safe it is for clients to use 4G networks of the telecommunication companies. During the research we have tested SIM-cards, 4G USB modems, radio components, IP access network. First of all we looked for the vulnerabilities that could be exploited remotely, via IP or radio network.
And the result was not late in arriving. In some cases we managed to attack SIM-cards and install a malicious Java applet there, we were able to update remotely USB modem firmware, to change password on a selfcare portal via SMS and even to get access to the internal technological network of a carrier.
Further attack evolution helped to understand how it is possible to use a simple SMS as an exploit that is able not only to compromise a USB modem and all the communications that go through it, but also to install bootkit on a box, that this modem is connected to.
Practical analysis of the cybersecurity of European smart gridsSergey Gordeychik
This paper summarizes the experience gained during a series of
practical cybersecurity assessments of various components of Europe’s
smart electrical grids.
The goal of this talk is to provide the results of passive and active fingerprinting for SD-WAN systems using a common threat intelligence approach. We explore Internet-based and cloud-based publicly available SD-WAN systems using the well-known «Shodan» and «Censys» search engines and custom developed automation tools and show that most of the SD-WAN systems have known vulnerabilities related to outdated software and insecure configuration.
Anton Nikolaev, Denis Kolegov, Oleg Broslavsky
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment Sergey Gordeychik
Denis Kolegov, Oleg Broslavsky, Power of Community 2018, Seoul, Korea
Today, «SD-WAN» is a very hot and attractive topic. Software-defined WAN (SD-WAN) is a technology based on software-defined network (SDN) approach applied to wide area networks (WAN) in enterprise networks. According to Gartner’s predictions study, more than 50% of routers will be replaced with SD-WAN solutions by 2020.
In this presentation, we disclose a set of vulnerabilities in widespread and most popular SD-WAN products including Citrix NetScaler and Silver Peak EdgeConnect. We present the new results of our research, consider some technical details of the insecure design and found vulnerabilities, and describe different attack scenarios that may allow an attacker to compromise SD-WAN control and data planes.
Too soft[ware defined] networks SD-Wan vulnerability assessmentSergey Gordeychik
The software defined wide-area network is technology based on SDN approach applied to branch office connections in Enterprises. According to Gartner's predictions, more than 50% of routers will be replaced with SD-WAN Solutions by 2020.
The SD-WAN can have firewalls and other perimeter security features on board which makes them attractive targets for attackers. Vendors promise "on-the-fly agility, security" and many other benefits. But what does "security" really mean from a hand-on perspective? Most of SD-WAN solutions are distributed as Linux-based Virtual Appliances or a Cloud-centric service which can make them low-hanging fruit even for script kiddie.
This presentation will introduce practical analysis of different SD-WAN solutions from the attacker perspective. Attack surface, threat model and real-world vulnerabilities in SD-WAN solutions will be presented.
Having developed a test set, we started to research how safe it is for clients to use 4G networks of the telecommunication companies. During the research we have tested SIM-cards, 4G USB modems, radio components, IP access network. First of all we looked for the vulnerabilities that could be exploited remotely, via IP or radio network.
And the result was not late in arriving. In some cases we managed to attack SIM-cards and install a malicious Java applet there, we were able to update remotely USB modem firmware, to change password on a selfcare portal via SMS and even to get access to the internal technological network of a carrier.
Further attack evolution helped to understand how it is possible to use a simple SMS as an exploit that is able not only to compromise a USB modem and all the communications that go through it, but also to install bootkit on a box, that this modem is connected to.
Recon: Hopeless relay protection for substation automation Sergey Gordeychik
Recon 2017: By Kirill Nesterov, Alexander Tlyapov
Digital Substation is an essential part of every electrical network. It is also a base ground for modern Smart Grid technologies. More than 4000 of IEC 61850 compatible substations operated in Europe, 20 000+ worldwide, each of the comprising communication and flow of gigawatts of electrical current between large power plants (thermoelectrical, hydroelectrical or even nuclear) and their respective consumers. Such consumers include cities, industrial objects and power plants themselves. During this talk we will focus on security analysis results of key Digital Substation component - Relay Protection Terminals. Protective relays are devices for detection of electrical faults. When such fault is detected relay device designed to trip a circuit breaker. Without them problems like over-current, over-voltage, reverse power flow, over-frequency, and under-frequency can lead to colorful and impressive pictures of giant electric arcs accompanied by bunch of sparks with total blackouts as a result.
Nowadays protective relays became digital devices with network access through which operators can access different services like self-testing, statistics, logs and others. More of it, electrical lines are also combined with fiber-optic lines for communications. Electrical part of such lines need minimal traffic, but protection against surges. So such lines can be leased to different organizations, exposing great target for attacker. All of services inside such networks are available through different industrial protocols like IEC 61850 (MMS, GOOSE), IEC104 and Modbus, a not very industrial protocols HTTP, FTP, SSH and everybody’s favorite proprietary protocols. We will show how to dig very deep inside Relay Protection Terminal and how to abuse numerous weaknesses and vulnerabilities inside.
Cybersecurity Assessment of Communication-Based Train Control systemsSergey Gordeychik
Recently published information on the cybersecurity assessment of railway computer and communication-based control systems (CBCS) identified several weaknesses and vulnerabilities, which allow threat agents to not only degrade system reliability and bypass safety mechanisms, but to carry out attacks which directly affect the rail traffic safety 1. Despite these findings, remarkably these systems meet all relevant IT security and functional safety requirements and have the required international, national and industrial certificates. To reduce the risks associated with cyberattacks against CBCS and their components, we recommend that system certification procedures be designed to include elements of security assessment and penetration testing.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
2. Group of security researchers focused on ICS/SCADA
to save Humanity from industrial disaster
and to keep Purity Of Essence
Alexander Timorin
Alexander Tlyapov
Alexander Zaitsev
Alexey Osipov
Andrey Medov
Artem Chaykin
Denis Baranov
Dmitry Efanov
Dmitry Nagibin
Dmitry Serebryannikov
Dmitry Sklyarov
Evgeny Ermakov
Gleb Gritsai
Ilya Karpov
Ivan Poliyanchuk
Kirill Nesterov
Roman Ilin
Roman Polushin
Sergey Bobrov
Sergey Drozdov
Sergey Gordeychik
Sergey Sidorov
Sergey Scherbel
Timur Yunusov
Valentin Shilnenkov
Vladimir Kochetkov
Vyacheslav Egoshin
Yuri Goltsev
Yuriy Dyachenko
3. Please note, that this talk is by SCADA
StrangeLove team. We don’t speak for our
employers. All the opinions and
information here are of our responsibility
(actually no one ever saw this talk before).
So, mistakes and bad jokes are all OUR
responsibilities.
7. Train Security (by Jakob Lyng Petersen)
Trains must not collide
Trains must not derail
Trains must not hit person working the tracks
Sadly, animals can’t handle the interview
Operating rules
Italy, Regolamento Segnali
UK, GE/RT8000 Rule Book
North America, GCOR and others
Russia, Rules of technical exploitation
8.
9. Santiago de Compostela
derailment
The accident occurred at
the site where transition
from the ETCS L1 system
to the system ASFA
(continuous train control
system without speed
control)
The observance of the
speed is carried out in
this mode by machinist
10. Wenzhou train
collision
Lightning strike led to
failure of the train
protection system (first
train stopped)
I/O fuse blown led to
wrong-side failure
Human factor: Long-
term coordination of
further actions
22. The train's signalling, control and train protection systems include a Transmission Voie-
Machine (TVM) signalling system, Controle de Vitesse par Balises (KVB) train protection
system, Transmission Beacon Locomotive (TBL) train protection system, Runback
Protection System (RPS), European Train Control System (ETCS), Automatic train
protection (ATP) system, Reactor Protection System (RPS) and train control system.
http://www.railway-technology.com/projects/eurostar-e320-high-speed-train/
KVB - a train protection system used in France
MEMOR - Belgian railway signaling
TVM - in-cab signaling originally deployed in
France
TBL - train protection system used in Belgium
RPS - Runback Protection
ATP - Great Britain implementations of a train
protection system
ETCS - European Train Control System
23. The train's signalling, control and train protection systems include a Transmission Voie-
Machine (TVM) signalling system, Controle de Vitesse par Balises (KVB) train protection
system, Transmission Beacon Locomotive (TBL) train protection system, Runback
Protection System (RPS), European Train Control System (ETCS), Automatic train
protection (ATP) system, Reactor Protection System (RPS) and train control system.
http://www.railway-technology.com/projects/eurostar-e320-high-speed-train/
KVB - a train protection system used in France
MEMOR - Belgian railway signaling
TVM - in-cab signaling originally deployed in
France
TBL - train protection system used in Belgium
RPS - Runback Protection
ATP - Great Britain implementations of a train
protection system
ETCS - European Train Control System
Reactor
Protection
System (RPS)
Train!
24. TCN (Train Communication Network)
WTB + MVB
ETB in future - Ethernet Train Backbone (IEC 61375-2-5)
WTB (Wire Train Bus)
Each coach, loco
MVB (Multifunction Vehicle Bus)
Links WTBs
MVB ~= FlexRay
CANopen
etc.
34. “Abusing the Train Communication Network or What could have derailed the Northeast Regional
#188?” by Moshe Zioni
no authentication
traffic is not
encrypted
37. MVB + MVB+ ... =
WTB(Train)
Elections by largest
number of nodes
Set LocStr to 256
If equal, first
Detect_Request wins
IEC61375
38. Loco’s internals
Traction control
Braking system
Cab signaling
Train protection system
Passenger Information and Entertainment
Software is not available in public
True for the all railroad software
Btw, hardware available in public, but as a part of Public Transportation
System
39. SIBAS 32
Eurostar e320 high-speed trains
class 120.1 locomotive of German Rail
S 252 of Spanish National Railways (RENFE)
LE 5600 of Portuguese Railways (CP)
EG 3100 in Sweden, Germany and Denmark
Velaro
class 182 2nd gene EuroSprinter
SIBAS PN
New DB ICE trains
40. SIBAS 32 updates to SIBAS PN
Proprietary SIBAS OS on VxWorks + WinAC RTX
WTB (Wire Train Bus) to ETB (Ethernet Train Bus)
And PROFINET
Goodbye weird executable formats and IS. Hello
ELF/PE and x86/ppc
S7 controllers to PC-based controllers with WinAC RTX
software
“configured and programmed with STEP 7 in exactly the same
way as a normal S7 controller”
41. SIBAS 32 updates to SIBAS PN
Proprietary SIBAS OS to VxWorks + WinAC RTX
WTB (Wire Train Bus) to ETB (Ethernet Train Bus)
And PROFINET
Goodbye weird executable formats and IS. Hello
ELF/PE and x86/ppc
S7 controllers to PC-based controllers with WinAC RTX
software
“configured and programmed with STEP 7 in exactly the same
way as a normal S7 controller”
42. Hardcodes
No, they are for the authentication
Known protocols
XML over HTTP, S7
Secure network facing services
Self-written web server
Self-written xml parser
Heavily based on WinCC code
2012-2015: 41 vuln
Runs on Windows x86
Vulnerabilities?
Probably
43. How to access PC-based
controllers (WinAC RTX)?
We don’t know
We don’t want to know
We will never know
Yet to not know
Yet to don’t know
Not yet to know
44. Driver Information Systems
Track profile, loco speed and location
(non-military GPS, GLONASS)
Interfaces
Server infrastructure for processing
External data feed
CAN to acquire data in loco
On the bus with whole train
Mobile operator to push data to the server
Data plan on Customer SIM card detected
Why build additional channels for other
systems?
45. Gateways
Diagnostic
Diagnostic of diagnostic
Services
Web, telnet, ftp, etc.
Proprietary service to rule
them all
Interfaces
GSM-R
And more when GSM-R is
too slow
At least no Wi-Fi, right?
56. Notation in a chart
RDA-RT Remote Data Access Train
Router
MSC Mobile Switching Center
RBC Radio Block Center
YW Yardmaster’s workstation
IG Integration gateway
TCC Train Control Center
CTC Centralized traffic control
CBI Computer-based
interlocking
57. Notation in a chart
RDA-RT Remote Data Access Train
Router
MSC Mobile Switching Center
RBC Radio Block Center
YW Yardmaster’s workstation
IG Integration gateway
TCC Train Control Center
CTC Centralized traffic control
CBI Computer-based
interlocking
58. Notation in a chart
RDA-RT Remote Data Access Train
Router
MSC Mobile Switching Center
RBC Radio Block Center
YW Yardmaster’s workstation
IG Integration gateway
TCC Train Control Center
CTC Centralized traffic control
CBI Computer-based
interlocking
59. Notation in a chart
RDA-RT Remote Data Access Train
Router
MSC Mobile Switching Center
RBC Radio Block Center
YW Yardmaster’s workstation
IG Integration gateway
TCC Train Control Center
CTC Centralized traffic control
CBI Computer-based
interlocking
60. Notation in a chart
RDA-RT Remote Data Access Train
Router
MSC Mobile Switching Center
RBC Radio Block Center
YW Yardmaster’s workstation
IG Integration gateway
TCC Train Control Center
CTC Centralized traffic control
CBI Computer-based
interlocking
61. Notation in a chart
RDA-RT Remote Data Access Train
Router
MSC Mobile Switching Center
RBC Radio Block Center
YW Yardmaster’s workstation
IG Integration gateway
TCC Train Control Center
CTC Centralized traffic control
CBI Computer-based
interlocking
62. Notation in a chart
RDA-RT Remote Data Access Train
Router
MSC Mobile Switching Center
RBC Radio Block Center
YW Yardmaster’s workstation
IG Integration gateway
TCC Train Control Center
CTC Centralized traffic control
CBI Computer-based
interlocking
63. 28C3: Stefan Katzenbeisser: Can trains be hacked?
Multiple trains make
use of the same
KMAC for a long
time
Using weak random
number generators
during the KSMAC
derivation
64. In areas where the European Train Control System (ETCS) Level 2 or
3 is used, the train maintains a circuit switched digital modem
connection to the train control centre at all times. … If the modem
connection is lost, the train will automatically stop.
65. moving "really fast and passed three stations without
stopping" …
"due to a fault on the train's antenna that ensures
trains stop accurately at each station"...
"The train was hence not able to pick up the signal to
stop at the next three stations”…
68. ― Remote data recovery (Kc, TIMSI)
• Chanel decryption (including A5/3)
• «Clone» the SIM and mobile station
― SIM “malware”
― Block SIM via PIN/PUK brute
― Extended OTA features (FOTA)
Karsten Nohl, https://srlabs.de/rooting-sim-cards/
Alexander Zaitsev, Sergey Gordeychik , Alexey Osipov, PacSec, Tokyo, Japan, 2014
90. …We explore... and you call us criminals. We seek
after knowledge... and you call us criminals. We exist
without skin color, without nationality, without
religious bias... and you call us criminals. You build
atomic bombs, you wage wars, you murder, cheat,
and lie to us and try to make us believe it's for our
own good, yet we're the criminals.
Yes, I am a criminal. My crime is that of curiosity…