A Deep Dive Into Unconstrained Code Execution on Siemens S7 PLCs
Offered By: media.ccc.de via YouTube
Course Description
Overview
Syllabus
Intro
Process Automation
What we do with much more complex control loops?
Background on Siemens PLCs Market Share
S7-1200 v4 PLC hardware - SoC Decap
S7-1200 v4 Closer Look
M25P40/ Serial Flash Embedded Memory (bootloader)
D X-Ray Tomography
Siemens Bootloader, Startup Process
Siemens AG ADONIS RTOS Components
CoreSight in Siemens PLCs
Background on CoreSight
ARM CoreSight Sources
CoreSight in Siemens S7 PLC
Siemens Firmware Dump
Execution Mode Stack in S7-1200 v4
ADONIS MPU Configuration at Ox00040084
Siemens Firmware Boot Process
ADONIS Kernel
ADONIS File System
ADONIS TCP/IP Stack
Firmware Update Process On S7 PLC
Decompressed Firmware Update File Structure
MiniWeb Scripting Language (MWSL)
Special Access Feature
Ox80 Handler, Update Mode Function
Siemens S7-1200/S7-200 SMART Bootloader Arbitrary Code Execution
Siemens S7-1200 PLC Bootloader Arbitrary Code Execution
Slager Payload
DEMO
Ideas for Injecting Custom Code into the Firmware
What else is out there?
Conclusions
Questions?
Taught by
media.ccc.de
Related Courses
Breaking the Teeth of Bluetooth PadlocksYouTube Closing Keynote Lectures or Life Experiences Awareness Training that Works
YouTube Do You Want Educated Users Because This is How You Get Educated Users
YouTube Don't Blame That Checklist for Your Crappy Security Program
YouTube Managing Your MSSP
YouTube