Monday, May 27, 2013

SCADA StrangeLove @Positive Hack Days

At PHDays we has released two talks:
“How to build your own Stuxnet” by SCADA StrangeLove team
“Industrial protocols for pentesters” by Alexander Timorin and Dmitry Efanov.  You can find slides for second one below.
To play with PROFINET DCP Alexander released two tools:


-   profinet_scanner.py
-   profinet_set_fuzzer.py

You can guess by name…
Tool s7_password_hashes_extractor.py  to extract SHA-1 hashes from S7 1200 PLC firmware to simplify brute force or pass-the-hash attack published also.



 In addition, Gleb Gritsai, Ilya Karpov, Dmitry Efanov, Alexander Timorin and Roman Ilin
 manage awesome Choo Choo PWN challenge. Short video (Russian only, sorry).



 
 
 See you at PHDays 2014!
Few photos: https://vk.com/album8849651_174874651
+Windows File Uploading Outof the Box[post exploitation]. Vyacheslav Yegoshin

1 comment: