Out of Control - Demonstrating SCADA Device Exploitation

Explore the vulnerabilities of SCADA systems in oil and gas pipelines through this Black Hat USA 2013 conference talk. Delve into the components of pipeline control systems, learn about industrial protocols, and understand the potential consequences of unauthorized access. Discover various attack vectors, including application server and engineering workstation compromises, protocol exploitation, and direct memory access. Examine safety logic implementations and their complications. Gain insights into remediation strategies and witness a live exploit demonstration showcasing the potential for catastrophic failure. Understand the critical importance of securing SCADA devices in the context of America's growing oil and gas industry and the widespread distribution of volatile materials through populated areas.

Intro
Agenda
Components
So I've just owned an Application Server
So I've just owned an Engineering Workstation
Industrial Protocols
At the end of the day, it's all just bits
Just ask nicely
Complications • Control Engineers implement safety logic
Solutions
Spoofing
Direct Memory Access
Scanning
Remediation
Exploit Demo
Catastrophic Failure