Completed
Ox29 RCE attack demo
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Going Deeper Into Schneider Modicon PAC Security
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 About GEWU Lab
- 3 About Modicon PAC
- 4 Scenarios and Network PAC concept Top to bottom standard Ethernet network & Open architecture with direct Ethernet connection on backplane
- 5 Architecture & Functions
- 6 Enhanced cyber security Cybersecure-ready
- 7 Attack surface of PAC
- 8 What we focus on Weak private protocols are often the best way to breaking
- 9 Research setup
- 10 What is UMAS?
- 11 UMAS message format
- 12 UMAS function code
- 13 FUZZ UMAS Protocol
- 14 Select FUZZ samples
- 15 How to build FUZZ
- 16 UMAS FUZZ demo
- 17 Modicon PAC Application Password
- 18 How to bypass application passwor
- 19 How the password is stored Reverse UnityEncrypter.dll, the password hash algorithm is SHA-256
- 20 Authorization algorithm analysis
- 21 Leaked password hash in traffic
- 22 UMAS security function code 0x38
- 23 0x38 integrity check
- 24 0x38 message format
- 25 Summary the Authentication Bypas
- 26 Replay attack bypassing authorizat
- 27 Ransomware attack targeting level 1
- 28 Ransomware attack for M580?
- 29 Bypass authorization to replace ap
- 30 0x29 function code RCE
- 31 Ox29 RCE attack demo
- 32 How to protect