SlideShare ist ein Scribd-Unternehmen logo

Fingerprinting and Attacking a Healthcare Infrastructure

Als PPTX, PDF herunterladen
Positive Hack Days
Positive Hack Days

Anirudh Duggal

Technologie
1 von 66
Fingerprinting Healthcare Institutions - Anirudh Duggal Disclaimer: All the views / data presented are my own and do not reflect the opinions of my employer.
#whoAmI • Work with Philips healthcare • Hack anything • Sustainability enthusiast • Research on healthcare security – protocols, devices, infrastructure • Play guitar in free time • Hospitalsecurityproject.com
Agenda • Why healthcare? • Beyond phishing – targeted attacks • How to fingerprint? • EMR fingerprinting • Fingerprinting beyond servers • HL7 attacks (if time permits) • Q&A
Why healthcare? • Easy targets • High payoff • Still to mature on terms of security • Less awareness
Posted on 13th Feb 2016
Overall • Healthcare institutions are easy to fingerprint • They are “considerably less protected” • Many entry points • Quite many targets
What to expect?
And…
Inside a hospital
Text • Text • Text • Text Text • Text • Text • Text Network 1 Network 2 Healthcare centers and hospitals – ideal situation HVAC system Lighting system Hospital servers Waste management systems Medical devices Monitoring devices Computers, phones, tablets Water controls NAT / Bridged network with an IDS / IPS Other hospitals Vendor servers “service portals” Vendor servers Intranet Internet Encrypted communication Encrypted communication Encrypted communication Computers , phones, tablets
Text • Text • Text • Text Text • Text • Text • Text But what do we get? HVAC system Lighting system Hospital servers Waste management systems Medical devices Hospital computers Monitoring devices Tablets / phones Water controls “service portals” Security systems guests Internet
Basics of fingerprinting • Find unique but common headers • Be consistent • Use multiple tools – shodan, censys, matego • Verify manually • Use google
So what can you fingerprint? • Medical devices • Routers • Data center • EMR software • HVAC controls • Lighting controls
Finding hospitals • Generic searches • Name searches • Hospital name searches • Sometimes the name is too generic • Narrow down search parameters
Generic hospital searches • Hospital • Hospital* • Healthcare • Healthcare* • <name of the hospital> • <name of the software / protocol>
Generic searches
Narrowing the searches to regions • Narrow down searches by • Country • Technology (HTTP(S), NetBIOS ) • Type of infrastructure (VPN, cloud)
Healthcare “chains”
Narrowing down • Narrow down to FTP servers ;) • Port 80 will show interesting results
But… • Sometimes the names are too generic • Narrow down technology • Look at other parameters – don’t fall into honeypots • Use google - Search for address and verify
EMR solutions • “goldmine” for attackers • Easy to attack • High point of impact • Ransomware attacks
A typical hospital scenario EMR (electronic medical record)Patient monitors / healthcare devices LAN / WIFI/ Bluetooth/ Doctor's PC / Secretary PC Doctor's Mobile/ Nurse mobile Other hospitals
Fingerprinting EMR solutions • Use shodan / censys / maltego • Searches vary on what you're trying to find • How I started • Create a list of 200 popular EMR solutions • Start searching by name • Look for characteristics – deployment scenario, url constructs, technology • Look for manuals • Change language – Chinese, Russian • Find bugs ;)
Shodan • Can search using name • Less false positives • Shows ready exploits for OS
Search by exploring EMR structures • Look at unique parameters • Filter by name
Problem • Results not constant • Need more access to data • You can’t find some systems
Thinking beyond Shodan • Shodan (Shodan.io) • Easiest deep web tools • Cache information • Due to the paid nature, results may vary • Lacks multi lingual capabilities • Censys (censys.io) • Provides raw data for research • Support Regex and can concatenate different parameters • Maltego (thick client) • For advanced recon • Can fingerprint infrastructure
Searching by names
Multi – lingual search -Russian
Multi – lingual search -Chinese
Multi – lingual search - Arabic
Using censys efficiently
Combining searches with google results • Google gives better results with specific headers
Running Maltego
When everything fails • Some systems could not be found at all • Find the manual!
Easy way - visit the vendor website site ;)
Logging on the PACS system
Cloud based EMR • Easy to find • “scalable and reliable” • Many entry points – web, mobile, IOT devices • Google is very effective in searching such solutions
In a nutshell • Finding EMR is easy • Your EMR might be secure, other infrastructure might be not • Attacks go beyond your audits and process
Besides servers
Routers and internet access points
Cams – smile ;)
HVAC controls!
Insider attacks • Generic system attacks – MITM , BSOD , Network exploits • HL7 exploits
Potential entry points • Hardware • Wifi / Lan • Serial ports • USB - Firmware • The sensors • Keyboard / mouse • Firewire • Software –Protocols and OS
What is HL7? • Health level standards • Most popular in healthcare devices (HL7 2.x) • Quite old – designed in 1989 • FHIR is the next gen
HL7 2.x • Most popular HL7 version • New messages / fields added
HL7 2.x HL7
Things to know • || is a delimiter / field • MSH – message header segment • The standards define the messages – not the implementation
An HL7 message MSH|^~&||STI SQESERV3|||||ORU^R01|HP1304538180456|P|2.3||||||8859/1 PID|||MRN-3M31^^^^MR~Encounter-3M31FF^^^^VN~AlternatiFF-3M31^^^^U||3M31LastUpdate^Test-FirstUpdate^Middle-Update||19330808|F PV1||I|OR^^OR9&0&0||||||||||||||||Encounter-3M31FF OBR|||||||20110504154300 OBX||TX|6^Soft Inop^MDIL-ALERT|1|ALL ARRH ALRMS OFF||||||F OBX||ST|0002-d006^EctSta^MDIL|0|""||||||F OBX||ST|0002-d007^RhySta^MDIL|0|SV Rhythm||||||F OBX||NM|0002-4bb8^SpO2^MDIL|0|100|0004-0220^%^MDIL|||||F OBX||NM|0002-0302^ST-II^MDIL|0|-1.0|0004-0512^mm^MDIL|||||F OBX||NM|0002-0304^ST-V2^MDIL|0|0.6|0004-0512^mm^MDIL|||||F OBX||NM|0002-f125^pNN50^MDIL|0|0.00|0004-0220^%^MDIL|||||F OBX||NM|0002-4182^HR^MDIL|0|80|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-4a15^ABPs^MDIL|0|120|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4a16^ABPd^MDIL|0|70|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4a17^ABPm^MDIL|0|91|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4261^PVC^MDIL|0|0|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-5012^awRR^MDIL|0|25|0004-0ae0^rpm^MDIL|||||F OBX||NM|0002-e014^Tblood^MDIL|0|37.0|0004-17a0^°C^MDIL|||||F OBX||NM|0002-4822^Pulse^MDIL|0|60|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-50b0^etCO2^MDIL|0|40|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-50ba^imCO2^MDIL|0|0|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-f0c7^T1^MDIL|0|40.0|0004-17a0^°C^MDIL|||||F OBX||NM|0002-f081^SD NN^MDIL|0|0.00|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-f03d^STindx^MDIL|0|3.5|0004-0512^mm^MDIL|||||F
MSH|^~&||STI SQESERV3|||||ORU^R01|HP1304538180456|P|2.3||||||8859/1 PID|||MRN-3M31^^^^MR~Encounter-3M31FF^^^^VN~AlternatiFF-3M31^^^^U||3M31LastUpdate^Test- FirstUpdate^Middle-Update||19330808|F PV1||I|OR^^OR9&0&0||||||||||||||||Encounter-3M31FF OBR|||||||20110504154300 OBX||TX|6^Soft Inop^MDIL-ALERT|1|ALL ARRH ALRMS OFF||||||F OBX||ST|0002-d006^EctSta^MDIL|0|""||||||F OBX||ST|0002-d007^RhySta^MDIL|0|SV Rhythm||||||F OBX||NM|0002-4bb8^SpO2^MDIL|0|100|0004-0220^%^MDIL|||||F OBX||NM|0002-0302^ST-II^MDIL|0|-1.0|0004-0512^mm^MDIL|||||F OBX||NM|0002-0304^ST-V2^MDIL|0|0.6|0004-0512^mm^MDIL|||||F OBX||NM|0002-f125^pNN50^MDIL|0|0.00|0004-0220^%^MDIL|||||F OBX||NM|0002-4182^HR^MDIL|0|80|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-4a15^ABPs^MDIL|0|120|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4a16^ABPd^MDIL|0|70|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4a17^ABPm^MDIL|0|91|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4261^PVC^MDIL|0|0|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-5012^awRR^MDIL|0|25|0004-0ae0^rpm^MDIL|||||F OBX||NM|0002-e014^Tblood^MDIL|0|37.0|0004-17a0^°C^MDIL|||||F OBX||NM|0002-4822^Pulse^MDIL|0|60|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-50b0^etCO2^MDIL|0|40|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-50ba^imCO2^MDIL|0|0|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-f0c7^T1^MDIL|0|40.0|0004-17a0^°C^MDIL|||||F OBX||NM|0002-f081^SD NN^MDIL|0|0.00|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-f03d^STindx^MDIL|0|3.5|0004-0512^mm^MDIL|||||F
MSH|^~&||STI SQESERV3|||||ORU^R01|HP1304538180456|P|2.3||||||8859/1 PID|||MRN-3M31^^^^MR~Encounter-3M31FF^^^^VN~AlternatiFF-3M31^^^^U||3M31LastUpdate^Test- FirstUpdate^Middle-Update||19330808|F PV1||I|OR^^OR9&0&0||||||||||||||||Encounter-3M31FF OBR|||||||20110504154300 OBX||TX|6^Soft Inop^MDIL-ALERT|1|ALL ARRH ALRMS OFF||||||F OBX||ST|0002-d006^EctSta^MDIL|0|""||||||F OBX||ST|0002-d007^RhySta^MDIL|0|SV Rhythm||||||F OBX||NM|0002-4bb8^SpO2^MDIL|0|100|0004-0220^%^MDIL|||||F OBX||NM|0002-0302^ST-II^MDIL|0|-1.0|0004-0512^mm^MDIL|||||F OBX||NM|0002-0304^ST-V2^MDIL|0|0.6|0004-0512^mm^MDIL|||||F OBX||NM|0002-f125^pNN50^MDIL|0|0.00|0004-0220^%^MDIL|||||F OBX||NM|0002-4182^HR^MDIL|0|80|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-4a15^ABPs^MDIL|0|120|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4a16^ABPd^MDIL|0|70|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4a17^ABPm^MDIL|0|91|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4261^PVC^MDIL|0|0|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-5012^awRR^MDIL|0|25|0004-0ae0^rpm^MDIL|||||F OBX||NM|0002-e014^Tblood^MDIL|0|37.0|0004-17a0^°C^MDIL|||||F OBX||NM|0002-4822^Pulse^MDIL|0|60|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-50b0^etCO2^MDIL|0|40|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-50ba^imCO2^MDIL|0|0|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-f0c7^T1^MDIL|0|40.0|0004-17a0^°C^MDIL|||||F OBX||NM|0002-f081^SD NN^MDIL|0|0.00|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-f03d^STindx^MDIL|0|3.5|0004-0512^mm^MDIL|||||F Patient identifier Message type and HL7 identifier Message fields
MSH|^~&||STI SQESERV3|||||ORU^R01|HP1304538180456|P|2.3||||||8859/1 PID|||MRN-3M31^^^^MR~Encounter-3M31FF^^^^VN~AlternatiFF-3M31^^^^U||3M31LastUpdate^Test- FirstUpdate^Middle-Update||19330808|F PV1||I|OR^^OR9&0&0||||||||||||||||Encounter-3M31FF OBR|||||||20110504154300 OBX||TX|6^Soft Inop^MDIL-ALERT|1|ALL ARRH ALRMS OFF||||||F OBX||ST|0002-d006^EctSta^MDIL|0|""||||||F OBX||ST|0002-d007^RhySta^MDIL|0|SV Rhythm||||||F OBX||NM|0002-4bb8^SpO2^MDIL|0|100|0004-0220^%^MDIL|||||F OBX||NM|0002-0302^ST-II^MDIL|0|-1.0|0004-0512^mm^MDIL|||||F OBX||NM|0002-0304^ST-V2^MDIL|0|0.6|0004-0512^mm^MDIL|||||F OBX||NM|0002-f125^pNN50^MDIL|0|0.00|0004-0220^%^MDIL|||||F OBX||NM|0002-4182^HR^MDIL|0|80|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-4a15^ABPs^MDIL|0|120|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4a16^ABPd^MDIL|0|70|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4a17^ABPm^MDIL|0|91|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4261^PVC^MDIL|0|0|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-5012^awRR^MDIL|0|25|0004-0ae0^rpm^MDIL|||||F OBX||NM|0002-e014^Tblood^MDIL|0|37.0|0004-17a0^°C^MDIL|||||F OBX||NM|0002-4822^Pulse^MDIL|0|60|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-50b0^etCO2^MDIL|0|40|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-50ba^imCO2^MDIL|0|0|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-f0c7^T1^MDIL|0|40.0|0004-17a0^°C^MDIL|||||F OBX||NM|0002-f081^SD NN^MDIL|0|0.00|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-f03d^STindx^MDIL|0|3.5|0004-0512^mm^MDIL|||||F Potential Entry Point
MSH|^~&||STI SQESERV3|||||ORU^R01|HP1304538180456|P|2.3||||||8859/1 PID|||MRN-3M31^^^^MR~Encounter-3M31FF^^^^VN~AlternatiFF-3M31^^^^U||3M31LastUpdate^Test- FirstUpdate^Middle-Update||19330808|F PV1||I|OR^^OR9&0&0||||||||||||||||Encounter-3M31FF OBR|||||||20110504154300 OBX||TX|6^Soft Inop^MDIL-ALERT|1|ALL ARRH ALRMS OFF||||||F OBX||ST|0002-d006^EctSta^MDIL|0|""||||||F OBX||ST|0002-d007^RhySta^MDIL|0|SV Rhythm||||||F OBX||NM|0002-4bb8^SpO2^MDIL|0|100|0004-0220^%^MDIL|||||F OBX||NM|0002-0302^ST-II^MDIL|0|-1.0|0004-0512^mm^MDIL|||||F OBX||NM|0002-0304^ST-V2^MDIL|0|0.6|0004-0512^mm^MDIL|||||F OBX||NM|’;’;’;’;;anisdlasdkals<‘’---’;’;’;’;;anisdlasdkals<‘’---’;’;’;’;;anisdlasdkals<‘’---’;’;’;’;;anisdlasdkals<‘’--- ’;’;’;’;;anisdlasdkals<‘’---||0|0.00|0004-0220^%^MDIL|||||F OBX||NM|0002-4182^HR^MDIL|0|80|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-4a15^ABPs^MDIL|0|120|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4a16^ABPd^MDIL|0|70|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4a17^ABPm^MDIL|0|91|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4261^PVC^MDIL|0|0|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-5012^awRR^MDIL|0|25|0004-0ae0^rpm^MDIL|||||F OBX||NM|0002-e014^Tblood^MDIL|0|37.0|0004-17a0^°C^MDIL|||||F OBX||NM|0002-4822^Pulse^MDIL|0|60|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-50b0^etCO2^MDIL|0|40|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-50ba^imCO2^MDIL|0|0|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-f0c7^T1^MDIL|0|40.0|0004-17a0^°C^MDIL|||||F OBX||NM|0002-f081^SD NN^MDIL|0|0.00|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-f03d^STindx^MDIL|0|3.5|0004-0512^mm^MDIL|||||F
Defending hospitals • Secure networks • Have Public and Private networks • Harden routers and firewalls – have a patching policy • Look out for shodan and censys • Assume the network will be compromised • Isolate high value components • Encrypt and Backup • Know your devices –vendor management
Thank you Minatee Mishra Michael Mc Neil Ben Kokx Jiggyasu Sharma Sanjog Panda Pardhiv Reddy Ajay Pratap Singh Neelesh Swami Archita Aparichita Sagar Popat Narendra Makkena Kartik Lalan Pratap Chandra Ashish Shroff Swaroop Yermalkar
Questions? • anirudhduggal@gmail.com • Anirudh Duggal – facebook • @Duggal_anirudh– twitter ; @secure_hospital • Hospitalsecurityproject.com
Thank you

Empfohlen

Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Positive Hack Days
 
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблюNFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблюPositive Hack Days
 
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Positive Hack Days
 
Defcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopDefcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopPriyanka Aash
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Hykeos
 
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02PacSecJP
 
Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems Ollie Whitehouse
 
Incubation of ICS Malware (English)
Incubation of ICS Malware (English)Incubation of ICS Malware (English)
Incubation of ICS Malware (English)Digital Bond
 

Empfohlen

Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Positive Hack Days
 
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблюNFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблюPositive Hack Days
 
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Positive Hack Days
 
Defcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopDefcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopPriyanka Aash
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Hykeos
 
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02PacSecJP
 
Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems Ollie Whitehouse
 
Incubation of ICS Malware (English)
Incubation of ICS Malware (English)Incubation of ICS Malware (English)
Incubation of ICS Malware (English)Digital Bond
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)Digital Bond
 
Defcon 22-cesar-cerrudo-hacking-traffic-control-systems
Defcon 22-cesar-cerrudo-hacking-traffic-control-systemsDefcon 22-cesar-cerrudo-hacking-traffic-control-systems
Defcon 22-cesar-cerrudo-hacking-traffic-control-systemsPriyanka Aash
 
Fault Injection on Automotive Diagnosis Protocols
Fault Injection on Automotive Diagnosis ProtocolsFault Injection on Automotive Diagnosis Protocols
Fault Injection on Automotive Diagnosis ProtocolsRiscure
 
Why is it so hard to make secure chips?
Why is it so hard to make secure chips?Why is it so hard to make secure chips?
Why is it so hard to make secure chips?Riscure
 
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Security Weekly
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesST_World
 
Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)Digital Bond
 
How to secure HCE
How to secure HCEHow to secure HCE
How to secure HCERiscure
 
Kavya racharla ndh-naropanth_fin
Kavya racharla ndh-naropanth_finKavya racharla ndh-naropanth_fin
Kavya racharla ndh-naropanth_finPacSecJP
 
My Keynote from BSidesTampa 2015 (video in description)
My Keynote from BSidesTampa 2015 (video in description)My Keynote from BSidesTampa 2015 (video in description)
My Keynote from BSidesTampa 2015 (video in description)Andrew Case
 
Inria Tech Talk IoT - 28 Mars 2018
Inria Tech Talk IoT - 28 Mars 2018Inria Tech Talk IoT - 28 Mars 2018
Inria Tech Talk IoT - 28 Mars 2018FrenchTechCentral
 
Defcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networksDefcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networksPriyanka Aash
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingANURAG CHAKRABORTY
 
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Digital Bond
 
Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008guest642391
 
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLBreaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLiphonepentest
 
Managing Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityManaging Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityPriyanka Aash
 
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareUsing Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareLastline, Inc.
 
Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...
Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...
Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...HITCON GIRLS
 
NextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesNextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesAtif Ghauri
 
Восток — дело тонкое, или Уязвимости медицинского и индустриального ПО
Восток — дело тонкое, или Уязвимости медицинского и индустриального ПОВосток — дело тонкое, или Уязвимости медицинского и индустриального ПО
Восток — дело тонкое, или Уязвимости медицинского и индустриального ПОPositive Hack Days
 
Аспекты деятельности инсайдеров на предприятии
Аспекты деятельности инсайдеров на предприятииАспекты деятельности инсайдеров на предприятии
Аспекты деятельности инсайдеров на предприятииPositive Hack Days
 

Weitere ähnliche Inhalte

Was ist angesagt?

ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)Digital Bond
 
Defcon 22-cesar-cerrudo-hacking-traffic-control-systems
Defcon 22-cesar-cerrudo-hacking-traffic-control-systemsDefcon 22-cesar-cerrudo-hacking-traffic-control-systems
Defcon 22-cesar-cerrudo-hacking-traffic-control-systemsPriyanka Aash
 
Fault Injection on Automotive Diagnosis Protocols
Fault Injection on Automotive Diagnosis ProtocolsFault Injection on Automotive Diagnosis Protocols
Fault Injection on Automotive Diagnosis ProtocolsRiscure
 
Why is it so hard to make secure chips?
Why is it so hard to make secure chips?Why is it so hard to make secure chips?
Why is it so hard to make secure chips?Riscure
 
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Security Weekly
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesST_World
 
Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)Digital Bond
 
How to secure HCE
How to secure HCEHow to secure HCE
How to secure HCERiscure
 
Kavya racharla ndh-naropanth_fin
Kavya racharla ndh-naropanth_finKavya racharla ndh-naropanth_fin
Kavya racharla ndh-naropanth_finPacSecJP
 
My Keynote from BSidesTampa 2015 (video in description)
My Keynote from BSidesTampa 2015 (video in description)My Keynote from BSidesTampa 2015 (video in description)
My Keynote from BSidesTampa 2015 (video in description)Andrew Case
 
Inria Tech Talk IoT - 28 Mars 2018
Inria Tech Talk IoT - 28 Mars 2018Inria Tech Talk IoT - 28 Mars 2018
Inria Tech Talk IoT - 28 Mars 2018FrenchTechCentral
 
Defcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networksDefcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networksPriyanka Aash
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingANURAG CHAKRABORTY
 
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Digital Bond
 
Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008guest642391
 
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLBreaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLiphonepentest
 
Managing Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityManaging Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityPriyanka Aash
 
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareUsing Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareLastline, Inc.
 
Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...
Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...
Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...HITCON GIRLS
 
NextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesNextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesAtif Ghauri
 

Was ist angesagt? (20)

ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
 
Defcon 22-cesar-cerrudo-hacking-traffic-control-systems
Defcon 22-cesar-cerrudo-hacking-traffic-control-systemsDefcon 22-cesar-cerrudo-hacking-traffic-control-systems
Defcon 22-cesar-cerrudo-hacking-traffic-control-systems
 
Fault Injection on Automotive Diagnosis Protocols
Fault Injection on Automotive Diagnosis ProtocolsFault Injection on Automotive Diagnosis Protocols
Fault Injection on Automotive Diagnosis Protocols
 
Why is it so hard to make secure chips?
Why is it so hard to make secure chips?Why is it so hard to make secure chips?
Why is it so hard to make secure chips?
 
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
 
Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)
 
How to secure HCE
How to secure HCEHow to secure HCE
How to secure HCE
 
Kavya racharla ndh-naropanth_fin
Kavya racharla ndh-naropanth_finKavya racharla ndh-naropanth_fin
Kavya racharla ndh-naropanth_fin
 
My Keynote from BSidesTampa 2015 (video in description)
My Keynote from BSidesTampa 2015 (video in description)My Keynote from BSidesTampa 2015 (video in description)
My Keynote from BSidesTampa 2015 (video in description)
 
Inria Tech Talk IoT - 28 Mars 2018
Inria Tech Talk IoT - 28 Mars 2018Inria Tech Talk IoT - 28 Mars 2018
Inria Tech Talk IoT - 28 Mars 2018
 
Defcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networksDefcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networks
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
 
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
 
Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008
 
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLBreaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
 
Managing Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityManaging Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber Security
 
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareUsing Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
 
Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...
Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...
Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...
 
NextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesNextGen Endpoint Security for Dummies
NextGen Endpoint Security for Dummies
 

Andere mochten auch

Восток — дело тонкое, или Уязвимости медицинского и индустриального ПО
Восток — дело тонкое, или Уязвимости медицинского и индустриального ПОВосток — дело тонкое, или Уязвимости медицинского и индустриального ПО
Восток — дело тонкое, или Уязвимости медицинского и индустриального ПОPositive Hack Days
 
Аспекты деятельности инсайдеров на предприятии
Аспекты деятельности инсайдеров на предприятииАспекты деятельности инсайдеров на предприятии
Аспекты деятельности инсайдеров на предприятииPositive Hack Days
 
Janitor to CISO in 360 Seconds: Exploiting Mechanical Privilege Escalation
Janitor to CISO in 360 Seconds: Exploiting Mechanical Privilege EscalationJanitor to CISO in 360 Seconds: Exploiting Mechanical Privilege Escalation
Janitor to CISO in 360 Seconds: Exploiting Mechanical Privilege EscalationPositive Hack Days
 
Эксплуатируем неэксплуатируемые уязвимости SAP
Эксплуатируем неэксплуатируемые уязвимости SAPЭксплуатируем неэксплуатируемые уязвимости SAP
Эксплуатируем неэксплуатируемые уязвимости SAPPositive Hack Days
 
Magic Box, или Как пришлось сломать банкоматы, чтобы их спасти
Magic Box, или Как пришлось сломать банкоматы, чтобы их спастиMagic Box, или Как пришлось сломать банкоматы, чтобы их спасти
Magic Box, или Как пришлось сломать банкоматы, чтобы их спастиPositive Hack Days
 
Боремся с читингом в онлайн-играх
Боремся с читингом в онлайн-играхБоремся с читингом в онлайн-играх
Боремся с читингом в онлайн-играхPositive Hack Days
 
Ковбой Энди, Рик Декард и другие охотники за наградой
Ковбой Энди, Рик Декард и другие охотники за наградойКовбой Энди, Рик Декард и другие охотники за наградой
Ковбой Энди, Рик Декард и другие охотники за наградойPositive Hack Days
 
DNS как линия защиты/DNS as a Defense Vector
DNS как линия защиты/DNS as a Defense VectorDNS как линия защиты/DNS as a Defense Vector
DNS как линия защиты/DNS as a Defense VectorPositive Hack Days
 
Вирусы есть? А если найду?
Вирусы есть? А если найду?Вирусы есть? А если найду?
Вирусы есть? А если найду?Positive Hack Days
 
Обратная разработка бинарных форматов с помощью Kaitai Struct
Обратная разработка бинарных форматов с помощью Kaitai StructОбратная разработка бинарных форматов с помощью Kaitai Struct
Обратная разработка бинарных форматов с помощью Kaitai StructPositive Hack Days
 
Использование KASan для автономного гипервизора
Использование KASan для автономного гипервизораИспользование KASan для автономного гипервизора
Использование KASan для автономного гипервизораPositive Hack Days
 
john-devkit: 100 типов хешей спустя / john-devkit: 100 Hash Types Later
john-devkit: 100 типов хешей спустя / john-devkit: 100 Hash Types Laterjohn-devkit: 100 типов хешей спустя / john-devkit: 100 Hash Types Later
john-devkit: 100 типов хешей спустя / john-devkit: 100 Hash Types LaterPositive Hack Days
 
Псевдобезопасность NFC-сервисов
Псевдобезопасность NFC-сервисовПсевдобезопасность NFC-сервисов
Псевдобезопасность NFC-сервисовPositive Hack Days
 
Application security? Firewall it!
Application security? Firewall it!Application security? Firewall it!
Application security? Firewall it!Positive Hack Days
 
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...Positive Hack Days
 
Строим ханипот и выявляем DDoS-атаки
Строим ханипот и выявляем DDoS-атакиСтроим ханипот и выявляем DDoS-атаки
Строим ханипот и выявляем DDoS-атакиPositive Hack Days
 
Безопасность бумажная и техническая: им не жить друг без друга
Безопасность бумажная и техническая: им не жить друг без другаБезопасность бумажная и техническая: им не жить друг без друга
Безопасность бумажная и техническая: им не жить друг без другаPositive Hack Days
 
Метод машинного обучения для распознавания сгенерированных доменных имен
Метод машинного обучения для распознавания сгенерированных доменных именМетод машинного обучения для распознавания сгенерированных доменных имен
Метод машинного обучения для распознавания сгенерированных доменных именPositive Hack Days
 
Страх и ненависть в телеком-операторах
Страх и ненависть в телеком-операторахСтрах и ненависть в телеком-операторах
Страх и ненависть в телеком-операторахPositive Hack Days
 
Мобильная связь небезопасна. Аргументы, подкрепленные фактами
Мобильная связь небезопасна. Аргументы, подкрепленные фактамиМобильная связь небезопасна. Аргументы, подкрепленные фактами
Мобильная связь небезопасна. Аргументы, подкрепленные фактамиPositive Hack Days
 

Andere mochten auch (20)

Восток — дело тонкое, или Уязвимости медицинского и индустриального ПО
Восток — дело тонкое, или Уязвимости медицинского и индустриального ПОВосток — дело тонкое, или Уязвимости медицинского и индустриального ПО
Восток — дело тонкое, или Уязвимости медицинского и индустриального ПО
 
Аспекты деятельности инсайдеров на предприятии
Аспекты деятельности инсайдеров на предприятииАспекты деятельности инсайдеров на предприятии
Аспекты деятельности инсайдеров на предприятии
 
Janitor to CISO in 360 Seconds: Exploiting Mechanical Privilege Escalation
Janitor to CISO in 360 Seconds: Exploiting Mechanical Privilege EscalationJanitor to CISO in 360 Seconds: Exploiting Mechanical Privilege Escalation
Janitor to CISO in 360 Seconds: Exploiting Mechanical Privilege Escalation
 
Эксплуатируем неэксплуатируемые уязвимости SAP
Эксплуатируем неэксплуатируемые уязвимости SAPЭксплуатируем неэксплуатируемые уязвимости SAP
Эксплуатируем неэксплуатируемые уязвимости SAP
 
Magic Box, или Как пришлось сломать банкоматы, чтобы их спасти
Magic Box, или Как пришлось сломать банкоматы, чтобы их спастиMagic Box, или Как пришлось сломать банкоматы, чтобы их спасти
Magic Box, или Как пришлось сломать банкоматы, чтобы их спасти
 
Боремся с читингом в онлайн-играх
Боремся с читингом в онлайн-играхБоремся с читингом в онлайн-играх
Боремся с читингом в онлайн-играх
 
Ковбой Энди, Рик Декард и другие охотники за наградой
Ковбой Энди, Рик Декард и другие охотники за наградойКовбой Энди, Рик Декард и другие охотники за наградой
Ковбой Энди, Рик Декард и другие охотники за наградой
 
DNS как линия защиты/DNS as a Defense Vector
DNS как линия защиты/DNS as a Defense VectorDNS как линия защиты/DNS as a Defense Vector
DNS как линия защиты/DNS as a Defense Vector
 
Вирусы есть? А если найду?
Вирусы есть? А если найду?Вирусы есть? А если найду?
Вирусы есть? А если найду?
 
Обратная разработка бинарных форматов с помощью Kaitai Struct
Обратная разработка бинарных форматов с помощью Kaitai StructОбратная разработка бинарных форматов с помощью Kaitai Struct
Обратная разработка бинарных форматов с помощью Kaitai Struct
 
Использование KASan для автономного гипервизора
Использование KASan для автономного гипервизораИспользование KASan для автономного гипервизора
Использование KASan для автономного гипервизора
 
john-devkit: 100 типов хешей спустя / john-devkit: 100 Hash Types Later
john-devkit: 100 типов хешей спустя / john-devkit: 100 Hash Types Laterjohn-devkit: 100 типов хешей спустя / john-devkit: 100 Hash Types Later
john-devkit: 100 типов хешей спустя / john-devkit: 100 Hash Types Later
 
Псевдобезопасность NFC-сервисов
Псевдобезопасность NFC-сервисовПсевдобезопасность NFC-сервисов
Псевдобезопасность NFC-сервисов
 
Application security? Firewall it!
Application security? Firewall it!Application security? Firewall it!
Application security? Firewall it!
 
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
 
Строим ханипот и выявляем DDoS-атаки
Строим ханипот и выявляем DDoS-атакиСтроим ханипот и выявляем DDoS-атаки
Строим ханипот и выявляем DDoS-атаки
 
Безопасность бумажная и техническая: им не жить друг без друга
Безопасность бумажная и техническая: им не жить друг без другаБезопасность бумажная и техническая: им не жить друг без друга
Безопасность бумажная и техническая: им не жить друг без друга
 
Метод машинного обучения для распознавания сгенерированных доменных имен
Метод машинного обучения для распознавания сгенерированных доменных именМетод машинного обучения для распознавания сгенерированных доменных имен
Метод машинного обучения для распознавания сгенерированных доменных имен
 
Страх и ненависть в телеком-операторах
Страх и ненависть в телеком-операторахСтрах и ненависть в телеком-операторах
Страх и ненависть в телеком-операторах
 
Мобильная связь небезопасна. Аргументы, подкрепленные фактами
Мобильная связь небезопасна. Аргументы, подкрепленные фактамиМобильная связь небезопасна. Аргументы, подкрепленные фактами
Мобильная связь небезопасна. Аргументы, подкрепленные фактами
 

Ähnlich wie Fingerprinting and Attacking a Healthcare Infrastructure

Fingerprinting healthcare institutions
Fingerprinting healthcare institutionsFingerprinting healthcare institutions
Fingerprinting healthcare institutionssecurityxploded
 
Fingerprinting healthcare institutions
Fingerprinting healthcare institutionsFingerprinting healthcare institutions
Fingerprinting healthcare institutionsanirudh duggal
 
Competitive cyber security
Competitive cyber securityCompetitive cyber security
Competitive cyber securityWilliam Mathews
 
Internet Etiqute
Internet EtiquteInternet Etiqute
Internet EtiquteAnay Mishra
 
Reducing Human Error in GMP with Automation
Reducing Human Error in GMP with AutomationReducing Human Error in GMP with Automation
Reducing Human Error in GMP with AutomationSafetyChain Software
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version Brian Pichman
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence AnalysisDistributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence AnalysisJason Trost
 
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Sean Whalen
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)Aj Maurya
 
Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceBrian Pichman
 
Cyber Security Overview for Small Businesses
Cyber Security Overview for Small BusinessesCyber Security Overview for Small Businesses
Cyber Security Overview for Small BusinessesCharles Cline
 
Remote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftRemote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftDamir Delija
 
Big Data Approaches to Cloud Security
Big Data Approaches to Cloud SecurityBig Data Approaches to Cloud Security
Big Data Approaches to Cloud SecurityPaul Morse
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iPrecisely
 
Information Technology at IMS
Information Technology at IMSInformation Technology at IMS
Information Technology at IMSCharles Stevenson
 

Ähnlich wie Fingerprinting and Attacking a Healthcare Infrastructure (20)

Fingerprinting healthcare institutions
Fingerprinting healthcare institutionsFingerprinting healthcare institutions
Fingerprinting healthcare institutions
 
Fingerprinting healthcare institutions
Fingerprinting healthcare institutions Fingerprinting healthcare institutions
Fingerprinting healthcare institutions
 
Fingerprinting healthcare institutions
Fingerprinting healthcare institutionsFingerprinting healthcare institutions
Fingerprinting healthcare institutions
 
Competitive cyber security
Competitive cyber securityCompetitive cyber security
Competitive cyber security
 
Competitive Cyber Security
Competitive Cyber SecurityCompetitive Cyber Security
Competitive Cyber Security
 
Email Security: Alligators In The Swamp
Email Security: Alligators In The SwampEmail Security: Alligators In The Swamp
Email Security: Alligators In The Swamp
 
Internet Etiqute
Internet EtiquteInternet Etiqute
Internet Etiqute
 
Reducing Human Error in GMP with Automation
Reducing Human Error in GMP with AutomationReducing Human Error in GMP with Automation
Reducing Human Error in GMP with Automation
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence AnalysisDistributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
 
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
 
Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day Conference
 
Cyber Security Overview for Small Businesses
Cyber Security Overview for Small BusinessesCyber Security Overview for Small Businesses
Cyber Security Overview for Small Businesses
 
IT infrastructure security 101
IT infrastructure security 101IT infrastructure security 101
IT infrastructure security 101
 
Remote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftRemote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draft
 
Big Data Approaches to Cloud Security
Big Data Approaches to Cloud SecurityBig Data Approaches to Cloud Security
Big Data Approaches to Cloud Security
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
 
Information Technology at IMS
Information Technology at IMSInformation Technology at IMS
Information Technology at IMS
 

Mehr von Positive Hack Days

Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesИнструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesPositive Hack Days
 
Как мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerКак мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerPositive Hack Days
 
Типовая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesТиповая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesPositive Hack Days
 
Аналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikАналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikPositive Hack Days
 
Использование анализатора кода SonarQube
Использование анализатора кода SonarQubeИспользование анализатора кода SonarQube
Использование анализатора кода SonarQubePositive Hack Days
 
Развитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityРазвитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityPositive Hack Days
 
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Positive Hack Days
 
Автоматизация построения правил для Approof
Автоматизация построения правил для ApproofАвтоматизация построения правил для Approof
Автоматизация построения правил для ApproofPositive Hack Days
 
Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Positive Hack Days
 
Формальные методы защиты приложений
Формальные методы защиты приложенийФормальные методы защиты приложений
Формальные методы защиты приложенийPositive Hack Days
 
Эвристические методы защиты приложений
Эвристические методы защиты приложенийЭвристические методы защиты приложений
Эвристические методы защиты приложенийPositive Hack Days
 
Теоретические основы Application Security
Теоретические основы Application SecurityТеоретические основы Application Security
Теоретические основы Application SecurityPositive Hack Days
 
От экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летОт экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летPositive Hack Days
 
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиУязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиPositive Hack Days
 
Требования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОТребования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОPositive Hack Days
 
Формальная верификация кода на языке Си
Формальная верификация кода на языке СиФормальная верификация кода на языке Си
Формальная верификация кода на языке СиPositive Hack Days
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CorePositive Hack Days
 
SOC для КИИ: израильский опыт
SOC для КИИ: израильский опытSOC для КИИ: израильский опыт
SOC для КИИ: израильский опытPositive Hack Days
 
Honeywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterHoneywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterPositive Hack Days
 
Credential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиCredential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиPositive Hack Days
 

Mehr von Positive Hack Days (20)

Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesИнструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release Notes
 
Как мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerКак мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows Docker
 
Типовая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesТиповая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive Technologies
 
Аналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikАналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + Qlik
 
Использование анализатора кода SonarQube
Использование анализатора кода SonarQubeИспользование анализатора кода SonarQube
Использование анализатора кода SonarQube
 
Развитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityРазвитие сообщества Open DevOps Community
Развитие сообщества Open DevOps Community
 
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
 
Автоматизация построения правил для Approof
Автоматизация построения правил для ApproofАвтоматизация построения правил для Approof
Автоматизация построения правил для Approof
 
Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»
 
Формальные методы защиты приложений
Формальные методы защиты приложенийФормальные методы защиты приложений
Формальные методы защиты приложений
 
Эвристические методы защиты приложений
Эвристические методы защиты приложенийЭвристические методы защиты приложений
Эвристические методы защиты приложений
 
Теоретические основы Application Security
Теоретические основы Application SecurityТеоретические основы Application Security
Теоретические основы Application Security
 
От экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летОт экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 лет
 
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиУязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на грабли
 
Требования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОТребования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПО
 
Формальная верификация кода на языке Си
Формальная верификация кода на языке СиФормальная верификация кода на языке Си
Формальная верификация кода на языке Си
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET Core
 
SOC для КИИ: израильский опыт
SOC для КИИ: израильский опытSOC для КИИ: израильский опыт
SOC для КИИ: израильский опыт
 
Honeywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterHoneywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services Center
 
Credential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиCredential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атаки
 

Kürzlich hochgeladen

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Kürzlich hochgeladen (20)

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

Fingerprinting and Attacking a Healthcare Infrastructure

  • 1. Fingerprinting Healthcare Institutions - Anirudh Duggal Disclaimer: All the views / data presented are my own and do not reflect the opinions of my employer.
  • 2. #whoAmI • Work with Philips healthcare • Hack anything • Sustainability enthusiast • Research on healthcare security – protocols, devices, infrastructure • Play guitar in free time • Hospitalsecurityproject.com
  • 3. Agenda • Why healthcare? • Beyond phishing – targeted attacks • How to fingerprint? • EMR fingerprinting • Fingerprinting beyond servers • HL7 attacks (if time permits) • Q&A
  • 4. Why healthcare? • Easy targets • High payoff • Still to mature on terms of security • Less awareness
  • 5. Posted on 13th Feb 2016
  • 6. Overall • Healthcare institutions are easy to fingerprint • They are “considerably less protected” • Many entry points • Quite many targets
  • 10. Text • Text • Text • Text Text • Text • Text • Text Network 1 Network 2 Healthcare centers and hospitals – ideal situation HVAC system Lighting system Hospital servers Waste management systems Medical devices Monitoring devices Computers, phones, tablets Water controls NAT / Bridged network with an IDS / IPS Other hospitals Vendor servers “service portals” Vendor servers Intranet Internet Encrypted communication Encrypted communication Encrypted communication Computers , phones, tablets
  • 11. Text • Text • Text • Text Text • Text • Text • Text But what do we get? HVAC system Lighting system Hospital servers Waste management systems Medical devices Hospital computers Monitoring devices Tablets / phones Water controls “service portals” Security systems guests Internet
  • 12. Basics of fingerprinting • Find unique but common headers • Be consistent • Use multiple tools – shodan, censys, matego • Verify manually • Use google
  • 13. So what can you fingerprint? • Medical devices • Routers • Data center • EMR software • HVAC controls • Lighting controls
  • 14. Finding hospitals • Generic searches • Name searches • Hospital name searches • Sometimes the name is too generic • Narrow down search parameters
  • 15. Generic hospital searches • Hospital • Hospital* • Healthcare • Healthcare* • <name of the hospital> • <name of the software / protocol>
  • 17. Narrowing the searches to regions • Narrow down searches by • Country • Technology (HTTP(S), NetBIOS ) • Type of infrastructure (VPN, cloud)
  • 19. Narrowing down • Narrow down to FTP servers ;) • Port 80 will show interesting results
  • 20. But… • Sometimes the names are too generic • Narrow down technology • Look at other parameters – don’t fall into honeypots • Use google - Search for address and verify
  • 21. EMR solutions • “goldmine” for attackers • Easy to attack • High point of impact • Ransomware attacks
  • 22. A typical hospital scenario EMR (electronic medical record)Patient monitors / healthcare devices LAN / WIFI/ Bluetooth/ Doctor's PC / Secretary PC Doctor's Mobile/ Nurse mobile Other hospitals
  • 23. Fingerprinting EMR solutions • Use shodan / censys / maltego • Searches vary on what you're trying to find • How I started • Create a list of 200 popular EMR solutions • Start searching by name • Look for characteristics – deployment scenario, url constructs, technology • Look for manuals • Change language – Chinese, Russian • Find bugs ;)
  • 24. Shodan • Can search using name • Less false positives • Shows ready exploits for OS
  • 25.
  • 26.
  • 27.
  • 28.
  • 29. Search by exploring EMR structures • Look at unique parameters • Filter by name
  • 30.
  • 31.
  • 32. Problem • Results not constant • Need more access to data • You can’t find some systems
  • 33. Thinking beyond Shodan • Shodan (Shodan.io) • Easiest deep web tools • Cache information • Due to the paid nature, results may vary • Lacks multi lingual capabilities • Censys (censys.io) • Provides raw data for research • Support Regex and can concatenate different parameters • Maltego (thick client) • For advanced recon • Can fingerprint infrastructure
  • 35. Multi – lingual search -Russian
  • 36. Multi – lingual search -Chinese
  • 37. Multi – lingual search - Arabic
  • 39. Combining searches with google results • Google gives better results with specific headers
  • 41. When everything fails • Some systems could not be found at all • Find the manual!
  • 42.
  • 43.
  • 44. Easy way - visit the vendor website site ;)
  • 45. Logging on the PACS system
  • 46. Cloud based EMR • Easy to find • “scalable and reliable” • Many entry points – web, mobile, IOT devices • Google is very effective in searching such solutions
  • 47. In a nutshell • Finding EMR is easy • Your EMR might be secure, other infrastructure might be not • Attacks go beyond your audits and process
  • 49. Routers and internet access points
  • 52. Insider attacks • Generic system attacks – MITM , BSOD , Network exploits • HL7 exploits
  • 53. Potential entry points • Hardware • Wifi / Lan • Serial ports • USB - Firmware • The sensors • Keyboard / mouse • Firewire • Software –Protocols and OS
  • 54. What is HL7? • Health level standards • Most popular in healthcare devices (HL7 2.x) • Quite old – designed in 1989 • FHIR is the next gen
  • 55. HL7 2.x • Most popular HL7 version • New messages / fields added
  • 57. Things to know • || is a delimiter / field • MSH – message header segment • The standards define the messages – not the implementation
  • 58. An HL7 message MSH|^~&||STI SQESERV3|||||ORU^R01|HP1304538180456|P|2.3||||||8859/1 PID|||MRN-3M31^^^^MR~Encounter-3M31FF^^^^VN~AlternatiFF-3M31^^^^U||3M31LastUpdate^Test-FirstUpdate^Middle-Update||19330808|F PV1||I|OR^^OR9&0&0||||||||||||||||Encounter-3M31FF OBR|||||||20110504154300 OBX||TX|6^Soft Inop^MDIL-ALERT|1|ALL ARRH ALRMS OFF||||||F OBX||ST|0002-d006^EctSta^MDIL|0|""||||||F OBX||ST|0002-d007^RhySta^MDIL|0|SV Rhythm||||||F OBX||NM|0002-4bb8^SpO2^MDIL|0|100|0004-0220^%^MDIL|||||F OBX||NM|0002-0302^ST-II^MDIL|0|-1.0|0004-0512^mm^MDIL|||||F OBX||NM|0002-0304^ST-V2^MDIL|0|0.6|0004-0512^mm^MDIL|||||F OBX||NM|0002-f125^pNN50^MDIL|0|0.00|0004-0220^%^MDIL|||||F OBX||NM|0002-4182^HR^MDIL|0|80|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-4a15^ABPs^MDIL|0|120|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4a16^ABPd^MDIL|0|70|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4a17^ABPm^MDIL|0|91|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4261^PVC^MDIL|0|0|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-5012^awRR^MDIL|0|25|0004-0ae0^rpm^MDIL|||||F OBX||NM|0002-e014^Tblood^MDIL|0|37.0|0004-17a0^°C^MDIL|||||F OBX||NM|0002-4822^Pulse^MDIL|0|60|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-50b0^etCO2^MDIL|0|40|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-50ba^imCO2^MDIL|0|0|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-f0c7^T1^MDIL|0|40.0|0004-17a0^°C^MDIL|||||F OBX||NM|0002-f081^SD NN^MDIL|0|0.00|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-f03d^STindx^MDIL|0|3.5|0004-0512^mm^MDIL|||||F
  • 59. MSH|^~&||STI SQESERV3|||||ORU^R01|HP1304538180456|P|2.3||||||8859/1 PID|||MRN-3M31^^^^MR~Encounter-3M31FF^^^^VN~AlternatiFF-3M31^^^^U||3M31LastUpdate^Test- FirstUpdate^Middle-Update||19330808|F PV1||I|OR^^OR9&0&0||||||||||||||||Encounter-3M31FF OBR|||||||20110504154300 OBX||TX|6^Soft Inop^MDIL-ALERT|1|ALL ARRH ALRMS OFF||||||F OBX||ST|0002-d006^EctSta^MDIL|0|""||||||F OBX||ST|0002-d007^RhySta^MDIL|0|SV Rhythm||||||F OBX||NM|0002-4bb8^SpO2^MDIL|0|100|0004-0220^%^MDIL|||||F OBX||NM|0002-0302^ST-II^MDIL|0|-1.0|0004-0512^mm^MDIL|||||F OBX||NM|0002-0304^ST-V2^MDIL|0|0.6|0004-0512^mm^MDIL|||||F OBX||NM|0002-f125^pNN50^MDIL|0|0.00|0004-0220^%^MDIL|||||F OBX||NM|0002-4182^HR^MDIL|0|80|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-4a15^ABPs^MDIL|0|120|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4a16^ABPd^MDIL|0|70|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4a17^ABPm^MDIL|0|91|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4261^PVC^MDIL|0|0|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-5012^awRR^MDIL|0|25|0004-0ae0^rpm^MDIL|||||F OBX||NM|0002-e014^Tblood^MDIL|0|37.0|0004-17a0^°C^MDIL|||||F OBX||NM|0002-4822^Pulse^MDIL|0|60|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-50b0^etCO2^MDIL|0|40|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-50ba^imCO2^MDIL|0|0|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-f0c7^T1^MDIL|0|40.0|0004-17a0^°C^MDIL|||||F OBX||NM|0002-f081^SD NN^MDIL|0|0.00|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-f03d^STindx^MDIL|0|3.5|0004-0512^mm^MDIL|||||F
  • 60. MSH|^~&||STI SQESERV3|||||ORU^R01|HP1304538180456|P|2.3||||||8859/1 PID|||MRN-3M31^^^^MR~Encounter-3M31FF^^^^VN~AlternatiFF-3M31^^^^U||3M31LastUpdate^Test- FirstUpdate^Middle-Update||19330808|F PV1||I|OR^^OR9&0&0||||||||||||||||Encounter-3M31FF OBR|||||||20110504154300 OBX||TX|6^Soft Inop^MDIL-ALERT|1|ALL ARRH ALRMS OFF||||||F OBX||ST|0002-d006^EctSta^MDIL|0|""||||||F OBX||ST|0002-d007^RhySta^MDIL|0|SV Rhythm||||||F OBX||NM|0002-4bb8^SpO2^MDIL|0|100|0004-0220^%^MDIL|||||F OBX||NM|0002-0302^ST-II^MDIL|0|-1.0|0004-0512^mm^MDIL|||||F OBX||NM|0002-0304^ST-V2^MDIL|0|0.6|0004-0512^mm^MDIL|||||F OBX||NM|0002-f125^pNN50^MDIL|0|0.00|0004-0220^%^MDIL|||||F OBX||NM|0002-4182^HR^MDIL|0|80|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-4a15^ABPs^MDIL|0|120|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4a16^ABPd^MDIL|0|70|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4a17^ABPm^MDIL|0|91|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4261^PVC^MDIL|0|0|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-5012^awRR^MDIL|0|25|0004-0ae0^rpm^MDIL|||||F OBX||NM|0002-e014^Tblood^MDIL|0|37.0|0004-17a0^°C^MDIL|||||F OBX||NM|0002-4822^Pulse^MDIL|0|60|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-50b0^etCO2^MDIL|0|40|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-50ba^imCO2^MDIL|0|0|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-f0c7^T1^MDIL|0|40.0|0004-17a0^°C^MDIL|||||F OBX||NM|0002-f081^SD NN^MDIL|0|0.00|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-f03d^STindx^MDIL|0|3.5|0004-0512^mm^MDIL|||||F Patient identifier Message type and HL7 identifier Message fields
  • 61. MSH|^~&||STI SQESERV3|||||ORU^R01|HP1304538180456|P|2.3||||||8859/1 PID|||MRN-3M31^^^^MR~Encounter-3M31FF^^^^VN~AlternatiFF-3M31^^^^U||3M31LastUpdate^Test- FirstUpdate^Middle-Update||19330808|F PV1||I|OR^^OR9&0&0||||||||||||||||Encounter-3M31FF OBR|||||||20110504154300 OBX||TX|6^Soft Inop^MDIL-ALERT|1|ALL ARRH ALRMS OFF||||||F OBX||ST|0002-d006^EctSta^MDIL|0|""||||||F OBX||ST|0002-d007^RhySta^MDIL|0|SV Rhythm||||||F OBX||NM|0002-4bb8^SpO2^MDIL|0|100|0004-0220^%^MDIL|||||F OBX||NM|0002-0302^ST-II^MDIL|0|-1.0|0004-0512^mm^MDIL|||||F OBX||NM|0002-0304^ST-V2^MDIL|0|0.6|0004-0512^mm^MDIL|||||F OBX||NM|0002-f125^pNN50^MDIL|0|0.00|0004-0220^%^MDIL|||||F OBX||NM|0002-4182^HR^MDIL|0|80|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-4a15^ABPs^MDIL|0|120|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4a16^ABPd^MDIL|0|70|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4a17^ABPm^MDIL|0|91|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4261^PVC^MDIL|0|0|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-5012^awRR^MDIL|0|25|0004-0ae0^rpm^MDIL|||||F OBX||NM|0002-e014^Tblood^MDIL|0|37.0|0004-17a0^°C^MDIL|||||F OBX||NM|0002-4822^Pulse^MDIL|0|60|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-50b0^etCO2^MDIL|0|40|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-50ba^imCO2^MDIL|0|0|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-f0c7^T1^MDIL|0|40.0|0004-17a0^°C^MDIL|||||F OBX||NM|0002-f081^SD NN^MDIL|0|0.00|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-f03d^STindx^MDIL|0|3.5|0004-0512^mm^MDIL|||||F Potential Entry Point
  • 62. MSH|^~&||STI SQESERV3|||||ORU^R01|HP1304538180456|P|2.3||||||8859/1 PID|||MRN-3M31^^^^MR~Encounter-3M31FF^^^^VN~AlternatiFF-3M31^^^^U||3M31LastUpdate^Test- FirstUpdate^Middle-Update||19330808|F PV1||I|OR^^OR9&0&0||||||||||||||||Encounter-3M31FF OBR|||||||20110504154300 OBX||TX|6^Soft Inop^MDIL-ALERT|1|ALL ARRH ALRMS OFF||||||F OBX||ST|0002-d006^EctSta^MDIL|0|""||||||F OBX||ST|0002-d007^RhySta^MDIL|0|SV Rhythm||||||F OBX||NM|0002-4bb8^SpO2^MDIL|0|100|0004-0220^%^MDIL|||||F OBX||NM|0002-0302^ST-II^MDIL|0|-1.0|0004-0512^mm^MDIL|||||F OBX||NM|0002-0304^ST-V2^MDIL|0|0.6|0004-0512^mm^MDIL|||||F OBX||NM|’;’;’;’;;anisdlasdkals<‘’---’;’;’;’;;anisdlasdkals<‘’---’;’;’;’;;anisdlasdkals<‘’---’;’;’;’;;anisdlasdkals<‘’--- ’;’;’;’;;anisdlasdkals<‘’---||0|0.00|0004-0220^%^MDIL|||||F OBX||NM|0002-4182^HR^MDIL|0|80|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-4a15^ABPs^MDIL|0|120|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4a16^ABPd^MDIL|0|70|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4a17^ABPm^MDIL|0|91|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-4261^PVC^MDIL|0|0|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-5012^awRR^MDIL|0|25|0004-0ae0^rpm^MDIL|||||F OBX||NM|0002-e014^Tblood^MDIL|0|37.0|0004-17a0^°C^MDIL|||||F OBX||NM|0002-4822^Pulse^MDIL|0|60|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-50b0^etCO2^MDIL|0|40|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-50ba^imCO2^MDIL|0|0|0004-0f20^mmHg^MDIL|||||F OBX||NM|0002-f0c7^T1^MDIL|0|40.0|0004-17a0^°C^MDIL|||||F OBX||NM|0002-f081^SD NN^MDIL|0|0.00|0004-0aa0^bpm^MDIL|||||F OBX||NM|0002-f03d^STindx^MDIL|0|3.5|0004-0512^mm^MDIL|||||F
  • 63. Defending hospitals • Secure networks • Have Public and Private networks • Harden routers and firewalls – have a patching policy • Look out for shodan and censys • Assume the network will be compromised • Isolate high value components • Encrypt and Backup • Know your devices –vendor management
  • 64. Thank you Minatee Mishra Michael Mc Neil Ben Kokx Jiggyasu Sharma Sanjog Panda Pardhiv Reddy Ajay Pratap Singh Neelesh Swami Archita Aparichita Sagar Popat Narendra Makkena Kartik Lalan Pratap Chandra Ashish Shroff Swaroop Yermalkar
  • 65. Questions? • anirudhduggal@gmail.com • Anirudh Duggal – facebook • @Duggal_anirudh– twitter ; @secure_hospital • Hospitalsecurityproject.com

Hinweis der Redaktion

  1. Posted on 13th Feb, 2016
  2. Image from: http://healthcorrelator.blogspot.in/2014/09/will-your-wireless-router-give-you.html
  3. An ideal network infrastructure that we see.
  4. This is a chain of hospitals in India and Indonesia.
  5. One of the hospital name that was too generic
  6. This is just a general observation, some hospital do have sophisticated environments, but a majority of them do not. The focus here is more on the ease of setup and maintenance rather than having a secure setup in place.
  7. An arbitrary search on one of the biggest EMR solution provider.
  8. Showing NETBIOS Exposed
  9. Anonymous login successful
  10. Now if you goto shodan and search for this vendor with filter as windows server 2003 you get and EMR!
  11. To compare them to an IOT device but with much enhanced capacity, these RTOS devices have a dedicated program and usually does not run an off the shelf OS.