Monday, September 30, 2013

SCADA hacking @ Seoul

This year we will manage Choo Choo PWN ICS/SCADA/PLC hacking challange and workshop at Power of Community conference.

'Choo Choo Pwn' challenges the participants' skills in exploiting various vulnerabilities in industrial equipment which provides automation and control of technological processes. The contestants will be offered to choose from access to communication systems of industrial equipment or HMI systems access. The goal is to independently obtain access to a model of a system which controls a railroad and cargo loading by exploiting vulnerable industrial protocols or bypassing authentication of SCADA systems or industrial equipment web interfaces. The Industrial Control System (ISC) of the railroad will include video surveillance, and, as an additional task, the competitors will be offered to disable the surveillance system.

Hope to see you there.

Choo Choo PWN at 2:39.

Tuesday, September 10, 2013

XXE OOB strikes back

Microsoft just released patches MS13-072 and MS13-073 to fix CVE-2013-3159 and CVE-2013-3160 XML External Entities Resolution Vulnerability or XXE OOB issues. Details and tools for this and similar issues can be found at XML Out-Of-Band Data Retrieval Black Hat Talk by Timur Yunusov and Alexey Osipov.

So, hack XML, use XXOETA and be happy.