We just published the conference lineup.
Workshops, Hardware village and OSINT village coming soon!
Project Memoria and OT:ICEFALL : Finding and Exploiting Vulnerabilities in OT networks 🇫🇷
In this talk, we will discuss two large vulnerability research projects we did in the past few years and how they come together in the form of sophisticated OT/ICS attacks.
Project Memoria was the largest study into the security of embedded TCP/IP stacks. These stacks are used by hundreds of IT, OT and IoT vendors. We identified close to 100 vulnerabilities on popular open and closed-source implementations, leading to unauthenticated denials of service and remote code execution on many critical devices such as PLCs and RTUs.
OT:ICEFALL was a study into insecurity by design in OT. We identified 59 vulnerabilities affecting devices from 12 major OT vendors, divided into four main categories: insecure engineering protocols, weak cryptography or broken authentication schemes, insecure firmware updates and remote code execution via native functionality. Abusing insecure-by-design native capabilities of OT equipment is the preferred modus operandi of real-world ICS attackers (e.g., Industroyer2, TRITON, and INCONTROLLER).
Exploiting these vulnerabilities, attackers with network access to target devices can remotely execute code, change the logic, files or firmware of OT devices, bypass authentication, compromise credentials, cause denials of service or have a variety of operational impacts.
Putting together exploits from both projects, we show how attackers can achieve deep lateral movement – the ability to move laterally between devices at OT level 1, such as PLCs, to achieve granular control and increased impacts.