YoVDO

ICEFALL - Revisiting A Decade Of OT Insecure-By-Design Practices

Offered By: Hack In The Box Security Conference via YouTube

Tags

Hack In The Box Security Conference Courses Reverse Engineering Courses Remote Code Execution Courses Embedded Systems Security Courses

Course Description

Overview

Explore the persistent challenges of insecure-by-design practices in Operational Technology (OT) devices and protocols in this comprehensive conference talk from the Hack In The Box Security Conference. Delve into dozens of previously undisclosed issues affecting products from nearly 20 vendors across various industrial sectors. Gain insights into the quantitative overview of these vulnerabilities, ranging from security-certified products with inherent design flaws to unsuccessful attempts at improvement. Examine how the opacity and proprietary nature of OT systems, coupled with suboptimal vulnerability management and potentially misleading security certifications, complicate risk management efforts. Through technical deep-dives, understand how attackers can achieve remote code execution on critical Level 1 devices using only intended functionality, and consider the defensive implications. Analyze quantitative data on the research process, providing valuable information on the resources required to develop basic offensive capabilities and their potential impact on the threat landscape.

Syllabus

Intro
Insecure-by-design is a well-known issue, why revisit it?
Example: Segmentation & Hardening
Siemens WinCC OA SCADA (CVE-2022-33139)
Saia Burgess PG5 PCD PLC
Nuance: Supply Chains & Collisions
Example: ProConOS runtime
Nuance: Firmware Updates
Example: Emerson DeltaV DCS
Example: Honeywell Safety Manager (SC) SIS
Example: Emerson ControlWave PLC/RTU
Example: Honeywell Safety Manager SIS
Reverse Engineering
Mitigations
Conclusions


Taught by

Hack In The Box Security Conference

Related Courses

Dal Reverse engineering alla stampa 3D
University of Naples Federico II via Federica
Rapid Manufacturing
Indian Institute of Technology Kanpur via Swayam
Generative Design for Industrial Applications
Autodesk via Coursera
Fundamentos de Ciberseguridad: un enfoque práctico
Inter-American Development Bank via edX
Functional And Conceptual Design
Indian Institute of Technology Madras via Swayam