Switches Get Stitches

Channel:
United States All Hacking Cons
Subscribers:
6,410
Published on ● Video Link: https://www.youtube.com/watch?v=ypxvmXS2Fg8


Duration: 49:28
1 views
0

This talk will introduce you to Industrial Ethernet Switches and their vulnerabilities. These are switches used in industrial environments, like substations, factories, refineries, ports, or other homes of industrial automation. In other words: DCS, PCS, ICS & SCADA switches. The researchers focus on attacking the management plane of these switches, because we all know that industrial system protocols lack authentication or cryptographic integrity. Thus, compromising any switch allows the creation of malicious firmwares for further MITM manipulation of a live process. Such MITM manipulation can lead to the plant or process shutting down (think: nuclear reactor SCRAM) or getting into a unknown and hazardous state (think: damaging a blast furnace at a steel mill). Not only will vulnerabilities be disclosed for the first time (exclusively at Black Hat), but the methods of finding those vulnerabilities will be shared. All vulnerabilities disclosed will be in the default configuration state of the devices. While these vulnerabilities have been responsibly disclosed to the vendors, SCADA/ICS patching in live environments tends to take 1-3 years. Because of this patching lag, the researchers will also be providing live mitigations that owner/operators can use immediately to protect themselves. At least four vendors switches will be examined: Siemens, GE, Garrettcom, and Opengear.
PRESENTED BY
Colin Cassidy, Robert Lee, Eireann Leverett

Black Hat - USA - 2015 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2022-01-04The Node js Highway Attacks Are At Full Throttle
2022-01-04Spread Spectrum Satcom Hacking Attacking The Globalstar Simplex Data Service
2022-01-04Panel How The Wassenaar Arrangement s Export Control Of Intrusion Soft Affect
2022-01-04Winning The Online Banking War
2022-01-04Optimized Fuzzing IOKit In IOS
2022-01-04The Memory Sinkhole Unleashing An X86 Design Flaw Allowing Universal Privilege
2022-01-04My Bro The ELK Obtaining Context From Security Events
2022-01-04Why Security Data Science Matters & How It's Different Pitfalls And Promises
2022-01-04Social Engineering The Windows Kernel Finding & Exploiting Token Handling Vulnerabilities
2022-01-04Most Ransomware Isn t As Complex As You Might Think
2022-01-03Switches Get Stitches
2022-01-03Repurposing OnionDuke A Single Case Study Around Reusing Nation State Malware
2022-01-03Assessing And Exploiting BigNum Vulnerabilities
2022-01-03Bypass Control Flow Guard Comprehensively
2022-01-03Dom Flow Untangling The DOM For More Easy Juicy Bugs
2022-01-03How Vulnerable Are We To Scams
2022-01-03Bypass Surgery Abusing Content Delivery Networks With Ser Side Request Forgery
2022-01-03Information Access And Information Sharing Where We Are And Where We Are Going
2022-01-03Attacking ECMAScript Engines With Redefinition
2022-01-03Certifi gate Front Door Access To Pwning Millions Of Androids
2022-01-03Emanate Like A Boss Generalized Covert Data Exfiltration With Funtenna


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
online
password
code
web
concept
protection
network
malware
secure
identity
criminal
phishing
software
access
safety
system
firewall
communication
business
privacy
binary
account
spy
programmer
program
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
google
securing
exploit
exploitation
recon
social engineering
Colin Cassidy
Robert Lee
Eireann Leverett