Nakatomi Space - Lateral Movement as L1 Post-Exploitation in OT

Explore lateral movement techniques in Operational Technology (OT) networks through this conference talk from the Hack In The Box Security Conference. Delve into the vulnerabilities of Purdue Reference Model Level 1 (L1) devices like PLCs and DCS controllers, and understand how they can be exploited to bypass security perimeters in interfaced Basic Process Control System (BPCS) and Safety Instrumented System (SIS) architectures. Examine real-world BPCS/SIS architectures and 3rd party package unit setups, focusing on lateral movement options at the lowest Purdue levels. Witness an in-depth demonstration of a multi-stage exploit chain, featuring previously undisclosed authentication bypass and RCE vulnerabilities in a widely used PLC. Gain insights into hardening strategies to mitigate attacker lateral movement at the lowest Purdue levels, enhancing overall OT network security.

#HITB2023AMS D1T1 - Nakatomi Space: Lateral Movement As L1 Post-Exploitation In OT - Jos Wetzels