Completed
Intro
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
A Deep Dive Into Unconstrained Code Execution on Siemens S7 PLCs
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Process Automation
- 3 What we do with much more complex control loops?
- 4 Background on Siemens PLCs Market Share
- 5 S7-1200 v4 PLC hardware - SoC Decap
- 6 S7-1200 v4 Closer Look
- 7 M25P40/ Serial Flash Embedded Memory (bootloader)
- 8 D X-Ray Tomography
- 9 Siemens Bootloader, Startup Process
- 10 Siemens AG ADONIS RTOS Components
- 11 CoreSight in Siemens PLCs
- 12 Background on CoreSight
- 13 ARM CoreSight Sources
- 14 CoreSight in Siemens S7 PLC
- 15 Siemens Firmware Dump
- 16 Execution Mode Stack in S7-1200 v4
- 17 ADONIS MPU Configuration at Ox00040084
- 18 Siemens Firmware Boot Process
- 19 ADONIS Kernel
- 20 ADONIS File System
- 21 ADONIS TCP/IP Stack
- 22 Firmware Update Process On S7 PLC
- 23 Decompressed Firmware Update File Structure
- 24 MiniWeb Scripting Language (MWSL)
- 25 Special Access Feature
- 26 Ox80 Handler, Update Mode Function
- 27 Siemens S7-1200/S7-200 SMART Bootloader Arbitrary Code Execution
- 28 Siemens S7-1200 PLC Bootloader Arbitrary Code Execution
- 29 Slager Payload
- 30 DEMO
- 31 Ideas for Injecting Custom Code into the Firmware
- 32 What else is out there?
- 33 Conclusions
- 34 Questions?