Positive Hack Days. Komarov. SCADA Security Analysis

•Als PPTX, PDF herunterladen•

1 gefällt mir•1,554 views

A participant will acquire practical experience of searching for vulnerabilities and analyzing SCADA security. The masterclass will cover both common network vulnerabilities, and exceptive cases that can be detected in the process of security assessment of real networks.

Technologie Business

Master class(Positive Hack Days)«Analysis of SCADA security protection» Andrey Komarov(technical manager)

SCADA protection analysis – «what for», «how» and «why»? Regulations (USA, СК) Security «Compliance» audit Prevent security incidents in SCADA Detect and specify security threats in SCADA Improvement of software and hardwareсредств Actualize regulation rules Consider attacker’s actions and tendency Improve efficiency of used protection measures

All checks and coverage area System software (OS, ОСРВ) SCADA Application software Network software Data transferring channels Hardware

Used techniques Application software(SCADA,RTU) System software(OS, ОСРВ) Data transferring channels and techniques(Industrial Ethernet, Modbus, DNP3, Profibus, etc.)

Used instruments («Click and Hack» type) «/exploits/scada» «+» «CLICK and HACK» model «-» there are only 5 vulnerabilities «-» limited set of features «SCADA» «+» «CLICK and HACK» model «-» there are only 15 vulnerabilities

Used instruments (specialized utilities) Analysis of available NetDDE resources - Neutralbit’snbDDE tool Network DDE (NetDDE) is designed by Wonderware company and is an add-on to MicrosoftWindows DDE that implements data exchangebetween computers in LAN

Are there any difficulties? Web application vulnerabilities (SQL-injection) User ID = 1' or 1=(select top 1 password from Users)—Password = blank

Active and passive network “secret service” Available resources «The Registered Ports» chapter (Internet Assigned Numbers Authority)ibm-mqisdp 1883/tcpIBM MQSeries SCADAibm-mqisdp 1883/udpIBM MQSeries SCADApnbscada3875/tcpPNBSCADA pnbscada3875/udp PNBSCADA d-s-n 8086/tcpDistributed SCADA Networking Rendezvous Port Active detection - SNMP server scanning results;- detection of solution features (web servers, logged services) Passive detection - interception of network traffic to find specificrequests/responses;(application and network software);- detection of SCADA protocols in available network traffic (DNP3 over an Ethernet, Modbus-TCP);- direct analysis of productive protocols. (by special analyzers, analysis of signal propagation medium).

Testing of reliability Stress-test (ICMPPing Flood implementation)– «Reg Tiger Security» #denial of service, then recovery ( idle time - 1 minute)ping -f -s 60601 packets transmitted, 150 packets received, 75% packet loss #denial of service, then recovery (idle time - 1 minute)ping -f -s 600497 packets transmitted, 32 packets received, 93% packet loss #denial of service, without recovery (have to reload)ping -f -s 6000518 packets transmitted, 0 packets received, 100% packet loss #denial of service, without recovery (have to reload)ping -f -s 6000 819 packets transmitted, 0 packets received, 100% packet loss

Borrowed application software components in SCADA

Реализация отказа в обслуживании в отношении встроенного WEB-сервера

Denial of service implementation against imbedded web server

Thank you for your attention! http://ITDEFENCE.ruGroup inLinkedIn «Industrial Automation Security»We discuss SCADA security questions

Weitere ähnliche Inhalte

Mehr von Positive Hack Days

Инструмент ChangelogBuilder для автоматической подготовки Release Notes

Positive Hack Days

Как мы собираем проекты в выделенном окружении в Windows Docker

Positive Hack Days

Типовая сборка и деплой продуктов в Positive Technologies

Positive Hack Days

1. Что такое BI. Зачем он нужен. 2. Что такое Qlik View / Sense 3. Способ интеграции. Как это работает. 4. Метрики, KPI, планирование ресурсов команд, ретроспектива релиза продукта, тренды. 5. Подключение внешних источников данных (Excel, БД СКУД, переговорные комнаты).

Аналитика в проектах: TFS + Qlik

Positive Hack Days

Использование анализатора кода SonarQube

Positive Hack Days

Развитие сообщества Open DevOps Community

Positive Hack Days

Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...

Positive Hack Days

Approof — статический анализатор кода для проверки веб-приложений на наличие уязвимых компонентов. В своей работе анализатор основывается на правилах, хранящих сигнатуры искомых компонентов. В докладе рассматривается базовая структура правила для Approof и процесс автоматизации его создания.

Автоматизация построения правил для Approof

Positive Hack Days

Задумывались ли вы когда-нибудь о том, как устроены современные механизмы защиты приложений? Какая теория стоит за реализацией WAF и SAST? Каковы пределы их возможностей? Насколько их можно подвинуть за счет более широкого взгляда на проблематику безопасности приложений? На мастер-классе будут рассмотрены основные методы и алгоритмы двух основополагающих технологий защиты приложений — межсетевого экранирования уровня приложения и статического анализа кода. На примерах конкретных инструментов с открытым исходным кодом, разработанных специально для этого мастер-класса, будут рассмотрены проблемы, возникающие на пути у разработчиков средств защиты приложений, и возможные пути их решения, а также даны ответы на все упомянутые вопросы.

Мастер-класс «Трущобы Application Security»

Positive Hack Days

Формальные методы защиты приложений

Positive Hack Days

Эвристические методы защиты приложений

Positive Hack Days

Теоретические основы Application Security

Positive Hack Days

Разработка наукоемкого программного обеспечения отличается тем, что нет ни четкой постановки задачи, ни понимания, что получится в результате. Однако даже этом надо программировать то, что надо, и как надо. Докладчик расскажет о том, как ее команда успешно разработала и вывела в промышленную эксплуатацию несколько наукоемких продуктов, пройдя непростой путь от эксперимента, результатом которого был прототип, до промышленных версий, которые успешно продаются как на российском, так и на зарубежном рынках. Этот путь был насыщен сложностями и качественными управленческими решениями, которыми поделится докладчик

От экспериментального программирования к промышленному: путь длиной в 10 лет

Positive Hack Days

Немногие разработчики закладывают безопасность в архитектуру приложения на этапе проектирования. Часто для этого нет ни денег, ни времени. Еще меньше — понимания моделей нарушителя и моделей угроз. Защита приложения выходит на передний план, когда уязвимости начинают стоить денег. К этому времени приложение уже работает и внесение существенных изменений в код становится нелегкой задачей. К счастью, разработчики тоже люди, и в коде разных приложений можно встретить однотипные недостатки. В докладе речь пойдет об опасных ошибках, которые чаще всего допускают разработчики Android-приложений. Затрагиваются особенности ОС Android, приводятся примеры реальных приложений и уязвимостей в них, описываются способы устранения.

Уязвимое Android-приложение: N проверенных способов наступить на грабли

Positive Hack Days

Разработка любого софта так или иначе базируется на требованиях. Полный перечень составляют бизнес-цели приложения, различные ограничения и ожидания по качеству (их еще называют NFR). Требования к безопасности ПО относятся к последнему пункту. В ходе доклада будут рассматриваться появление этих требований, управление ими и выбор наиболее важных. Отдельно будут освещены принципы построения архитектуры приложения, при наличии таких требований и без, и продемонстрировано, как современные (и хорошо известные) подходы к проектированию приложения помогают лучше строить архитектуру приложения для минимизации ландшафта угроз.

Требования по безопасности в архитектуре ПО

Positive Hack Days

Доклад посвящен разработке корректного программного обеспечения с применением одного из видов статического анализа кода. Будут освещены вопросы применения подобных методов, их слабые стороны и ограничения, а также рассмотрены результаты, которые они могут дать. На конкретных примерах будет продемонстрировано, как выглядят разработка спецификаций для кода на языке Си и доказательство соответствия кода спецификациям.

Формальная верификация кода на языке Си

Positive Hack Days

Механизмы предотвращения атак в ASP.NET Core

Positive Hack Days

SOC для КИИ: израильский опыт

Positive Hack Days

Honeywell Industrial Cyber Security Lab & Services Center

Positive Hack Days

Credential stuffing и брутфорс-атаки

Positive Hack Days

Mehr von Positive Hack Days (20)

Инструмент ChangelogBuilder для автоматической подготовки Release Notes

Как мы собираем проекты в выделенном окружении в Windows Docker

Типовая сборка и деплой продуктов в Positive Technologies

Аналитика в проектах: TFS + Qlik

Использование анализатора кода SonarQube

Развитие сообщества Open DevOps Community

Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...

Автоматизация построения правил для Approof

Мастер-класс «Трущобы Application Security»

Формальные методы защиты приложений

Эвристические методы защиты приложений

Теоретические основы Application Security

От экспериментального программирования к промышленному: путь длиной в 10 лет

Уязвимое Android-приложение: N проверенных способов наступить на грабли

Требования по безопасности в архитектуре ПО

Формальная верификация кода на языке Си

Механизмы предотвращения атак в ASP.NET Core

SOC для КИИ: израильский опыт

Honeywell Industrial Cyber Security Lab & Services Center

Credential stuffing и брутфорс-атаки

Kürzlich hochgeladen

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

The action of the next cyber saga takes place in the mystical lands of the Asia-Pacific region, where the main characters began their digital activities in the middle of 2021 and qualitatively strengthened it in 2022. Corporate espionage, document theft, audio recordings, and data leaks from messaging platforms were all a matter of one day for Dark Pink. Their geographical focus may have started in the Asia-Pacific region, but their ambitions knew no bounds, targeting a European government ministry in a bold move to expand their portfolio. Their victim profile was as diverse as a UN meeting, targeting military organizations, government agencies, and even a religious organization. Because discrimination is not a fashionable agenda. In the world of cybercrime, they serve as a reminder that sometimes the most serious threats come in the most unassuming packages with a pink bow.

Cyberprint. Dark Pink Apt Group [EN].pdf

Overkill Security

Tracing the root cause of a performance issue requires a lot of patience, experience, and focus. It’s so hard that we sometimes attempt to guess by trying out tentative fixes, but that usually results in frustration, messy code, and a considerable waste of time and money. This talk explains how to correctly zoom in on a performance bottleneck using three levels of profiling: distributed tracing, metrics, and method profiling. After we learn to read the JVM profiler output as a flame graph, we explore a series of bottlenecks typical for backend systems, like connection/thread pool starvation, invisible aspects, blocking code, hot CPU methods, lock contention, and Virtual Thread pinning, and we learn to trace them even if they occur in library code you are not familiar with. Attend this talk and prepare for the performance issues that will eventually hit any successful system. About authorWith two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Victor Rentea

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Architecting Cloud Native Applications

WSO2

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

Manulife - Insurer Transformation Award 2024

The Digital Insurer

CNIC Information System with Pakdata Cf In Pakistan

danishmna97

When you’re building (micro)services, you have lots of framework options. Spring Boot is no doubt a popular choice. But there’s more! Take Quarkus, a framework that’s considered the rising star for Kubernetes-native Java. It always depends on what's best for your situation, but how to choose the best solution if you're comparing 2 frameworks? Both Spring Boot and Quarkus have their positives and negatives. Let us compare the two by live coding a couple of common use cases in Spring Boot and Quarkus. After this talk, you’ll be ready to get started with Quarkus yourself, and know when to select Quarkus or Spring Boot.

Spring Boot vs Quarkus the ultimate battle - DevoxxUK

Jago de Vreede

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

apidays

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

ICT role in 21st century education and its challenges

rafiqahmad00786416

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Kürzlich hochgeladen (20)

Corporate and higher education May webinar.pptx

Strategies for Landing an Oracle DBA Job as a Fresher

Boost Fertility New Invention Ups Success Rates.pdf

Cyberprint. Dark Pink Apt Group [EN].pdf

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Apidays New York 2024 - The value of a flexible API Management solution for O...

Architecting Cloud Native Applications

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

Manulife - Insurer Transformation Award 2024

CNIC Information System with Pakdata Cf In Pakistan

Spring Boot vs Quarkus the ultimate battle - DevoxxUK

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

MS Copilot expands with MS Graph connectors

Exploring the Future Potential of AI-Enabled Smartphone Processors

Artificial Intelligence Chap.5 : Uncertainty

ICT role in 21st century education and its challenges

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Positive Hack Days. Komarov. SCADA Security Analysis

1. Master class(Positive Hack Days)«Analysis of SCADA security protection» Andrey Komarov(technical manager)

2. SCADA protection analysis – «what for», «how» and «why»? Regulations (USA, СК) Security «Compliance» audit Prevent security incidents in SCADA Detect and specify security threats in SCADA Improvement of software and hardwareсредств Actualize regulation rules Consider attacker’s actions and tendency Improve efficiency of used protection measures

3. Mismatches in regulations

4. All checks and coverage area System software (OS, ОСРВ) SCADA Application software Network software Data transferring channels Hardware

5. Used techniques Application software(SCADA,RTU) System software(OS, ОСРВ) Data transferring channels and techniques(Industrial Ethernet, Modbus, DNP3, Profibus, etc.)

9. Used instruments («Click and Hack» type) «/exploits/scada» «+» «CLICK and HACK» model «-» there are only 5 vulnerabilities «-» limited set of features «SCADA» «+» «CLICK and HACK» model «-» there are only 15 vulnerabilities

10. Used instruments (specialized utilities) Analysis of available NetDDE resources - Neutralbit’snbDDE tool Network DDE (NetDDE) is designed by Wonderware company and is an add-on to MicrosoftWindows DDE that implements data exchangebetween computers in LAN

11. Are there any difficulties? Web application vulnerabilities (SQL-injection) User ID = 1' or 1=(select top 1 password from Users)—Password = blank

12. Active and passive network “secret service” Available resources «The Registered Ports» chapter (Internet Assigned Numbers Authority)ibm-mqisdp 1883/tcpIBM MQSeries SCADAibm-mqisdp 1883/udpIBM MQSeries SCADApnbscada3875/tcpPNBSCADA pnbscada3875/udp PNBSCADA d-s-n 8086/tcpDistributed SCADA Networking Rendezvous Port Active detection - SNMP server scanning results;- detection of solution features (web servers, logged services) Passive detection - interception of network traffic to find specificrequests/responses;(application and network software);- detection of SCADA protocols in available network traffic (DNP3 over an Ethernet, Modbus-TCP);- direct analysis of productive protocols. (by special analyzers, analysis of signal propagation medium).

13. Detected SCASA object - SIEMENS SIMATIC

14. Testing of reliability Stress-test (ICMPPing Flood implementation)– «Reg Tiger Security» #denial of service, then recovery ( idle time - 1 minute)ping -f -s 60601 packets transmitted, 150 packets received, 75% packet loss #denial of service, then recovery (idle time - 1 minute)ping -f -s 600497 packets transmitted, 32 packets received, 93% packet loss #denial of service, without recovery (have to reload)ping -f -s 6000518 packets transmitted, 0 packets received, 100% packet loss #denial of service, without recovery (have to reload)ping -f -s 6000 819 packets transmitted, 0 packets received, 100% packet loss

15.

16. «US Blackout»

17. Borrowed application software components in SCADA

18. Реализация отказа в обслуживании в отношении встроенного WEB-сервера

19.

20. Реализация отказа в обслуживании в отношении встроенного WEB-сервера

21. Реализация отказа в обслуживании в отношении встроенного WEB-сервера

22. Denial of service implementation against imbedded web server

23. Thank you for your attention! http://ITDEFENCE.ruGroup inLinkedIn «Industrial Automation Security»We discuss SCADA security questions

Positive Hack Days. Komarov. SCADA Security Analysis

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Mehr von Positive Hack Days

Mehr von Positive Hack Days (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Positive Hack Days. Komarov. SCADA Security Analysis