Internet Facing PLCs A New Back Orifice

Channel:
United States All Hacking Cons
Subscribers:
5,970
Published on ● Video Link: https://www.youtube.com/watch?v=b1EkiFQPcns


Duration: 52:26
24 views
1

Pretty much everyone should have realized by now that our modern societies critically depend on industrial control systems (ICS) and that these systems are beginning to move into the focus of hacking attacks. A recent example that received comparatively little attention is a 2014 attack on a German steel production facility. The attack led to an uncontrolled shutdown of a blast furnace and caused damages in the millions. Reportedly, the attackers compromised the business IT first and worked their way to the actual control systems from there. Much simpler attack vectors frequently exist for those knowledgeable enough to use them. SHODAN is a case in point that a plethora of industrial control systems can be attacked directly.

In our talk, we will showcase novel tools and techniques to leverage one Internet-facing PLC, in order to explore and gain control over entire production networks. We use Siemens PLCs as our example. Our tools differ from what has been made public before in that we implement and run them directly on PLCs in their native STL language. Specifically, we explain and demonstrate in detail the following attack process. We automatically locate PLCs and automatically instrument the STL code of a running PLC, so that it provides additional functions in parallel to its original ones. One function we implemented is that of a UDP/SNMP scanner. Another one is that of a SOCKS5 proxy. Using these functions, adversaries can easily map, instrument and control any remaining PLCs on the network using existing tools. We demonstrate attacks on Siemens PLCs through our proxy connection using an existing Metasploit S7-300 Stop module and an exploit for CVE-2015-2177 that we disclosed to Siemens. As part of our demonstration, we explain why implementing a TCP scanner is impractical on Siemens PLCs.
PRESENTED BY
Johannes Klick, Stephan Lau, Daniel Marzin, Jan-Ole Malchow, Volker Roth

Black Hat - USA - 2015 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2022-01-03Bypass Control Flow Guard Comprehensively
2022-01-03Dom Flow Untangling The DOM For More Easy Juicy Bugs
2022-01-03How Vulnerable Are We To Scams
2022-01-03Bypass Surgery Abusing Content Delivery Networks With Ser Side Request Forgery
2022-01-03Information Access And Information Sharing Where We Are And Where We Are Going
2022-01-03Attacking ECMAScript Engines With Redefinition
2022-01-03Certifi gate Front Door Access To Pwning Millions Of Androids
2022-01-03Emanate Like A Boss Generalized Covert Data Exfiltration With Funtenna
2022-01-03Attacking Hypervisors Using Firmware And Hardware
2022-01-03Cloning 3G4G SIM Cards With A PC And An Oscilloscope Lessons Learned
2022-01-03Internet Facing PLCs A New Back Orifice
2022-01-03Exploiting Out of Order Execution For Covert Cross VM Communication
2022-01-03Commercial Mobile Spyware Detecting The Undetectable
2022-01-03Internet Plumbing Gor Security Professionals The State Of BGP Security
2022-01-03Automated Human Vulnerability Scanning With AVA
2022-01-03Exploiting The DRAM Rowhammer Bug To Gain Kernel Privileges
2022-01-03CrackLord Maximizing Password Cracking Boxes
2022-01-03Internet Scale File Analysis
2022-01-03BGP Stream
2022-01-03Back Doors And Front Doors Breaking The Unbreakable System
2022-01-03Exploiting XXE Vulnerabilities In File Parsing Functionality


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
information
hack
online
password
code
web
concept
thief
network
malware
secure
phishing
software
access
safety
theft
system
firewall
business
privacy
account
spy
spyware
hacked
hacking conference
conference
learn
how to
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Johannes Klick
Stephan Lau
Daniel Marzin
Jan-Ole Malchow
Volker Roth
PLCs
internet facing