Monday, June 18, 2012

SCADA Strangelove or: How I Learned to Start Worrying and Love Nuclear Plants


Our submission accepted @_defcon_. Special thanks to Nikita Kronenberg for write-up.

Special release for Def Con guys:



SCADA Strangelove or: How I Learned to Start Worrying and Love Nuclear Plants

SERGEY GORDEYCHIK
DENIS BARANOV
GLEB GRITSAI



Modern civilization unconditionally depends on information systems. It is paradoxical but true that SCADA systems are the most insecure systems in the world. From network to application, SCADA is full of configuration issues and vulnerabilities. During our report, we will demonstrate how to obtain full access to a plant via:

- a sniffer and a packet generator
- FTP and Telnet
- Metasploit and oslq
- a webserver and a browser

About 20 new vulnerabilities in common SCADA systems including Simatic WinCC will be revealed in the report.

Releases:
- modbuspatrol (mbpatrol) – free tool to discover and fingerprint PLC
- Simatic WinCC security checklist
- close to real-life exploit scenario for a Simatic WinCC based plant

Sergey Gordeychik: The main areas of Sergey’s work are the development of the compliance and vulnerability management systems, practical implementation of the GRC concept, and guidance of the team of professional ethical hackers.

Sergey Gordeychik has developed a number of training courses, including "Wireless Networks Security" and "Analysis and Security Assessment of Web Applications," published several dozens of articles in various titles and a book called "Wireless Networks Security." He is the Science Editor of the SecurityLab.ru portal, a member of the Web Application Security Consortium (WASC) Board of Directors and the RISSPA Council of Experts. Sergey Gordeychik is the Director and Scriptwriter of the Positive Hack Days forum.
http://www.phdays.com
http://sgordey.blogspot.com

Denis Baranov: The main areas of Denis work are web vulnerabilities research, source code analysis, and black SEO countermeasures. He is the author of "Modern Ways of DNS-Rebinding Exploitation ". He is a frequent speaker at security conferences in Russia, including Positive Hack Days and ZeroNights. He is also a member of the PHDays CTF development team.
Denis on LinkedIn

Gleb Gritsai is a leading penetration tester and principal security researcher at Moscow based security company. Main areas of Gleb’s work are protocol security analysis, fuzzing and reverse engineering. Areas of interest also cover security of enterprise software, telecom infrastructures and smart card security. He is a member of the PHDays CTF/challenges development team.

Twitter: @repdet
http://repdet.blogspot.com

1 comment: