Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Analyzing and Understanding CRASHOVERRIDE - ICS Cybersecurity Webcast

Dragos: ICS Cybersecurity via YouTube

Overview

Explore the analysis and reverse engineering of CRASHOVERRIDE in this 57-minute webcast recording from Dragos: ICS Cybersecurity. Delve into the known and unknown aspects of the CRASHOVERRIDE framework and its impact on grid operations. Gain insights into the background, technical details, and mitigation strategies for this cybersecurity threat. Examine the investigation timeline, Ukrainian power outage incident, and the framework's components including initial intrusion, persistence, launcher modules, and payload modules. Learn about the IEC 104 module execution flow, wiper module functionality, and potential grid impact scenarios. Discover detection methods for CRASHOVERRIDE on host systems and through Yara rules. Understand key nodes for defeating CRASHOVERRIDE and access additional resources provided by Dragos.

Syllabus

Intro
Background: By the numbers
Dragos Investigation
Dragos Timeline
Ukrainian Power Outage
CRASHOVERRIDE Framework
Initial Intrusion
Time Stamps Tell a Story
Persistence
Launcher Module Crash Caller
Launcher Module: Wiper Thread
Payload Modules
IEC 104 Module Execution Flow
IEC 104 Module Configuration File
Wiper Module: Flow
Wiper Module: File Extensions
Grid Scenarios: Impact
Detecting CRASHOVERRIDE - Host
Detecting CRASHOVERRIDE - Yara
Defeating CRASHOVERRIDE: Key Nodes
CRASHOVERRIDE Resources
Dragos Ecosystem

Taught by

Dragos: ICS Cybersecurity

Reviews

Start your review of Analyzing and Understanding CRASHOVERRIDE - ICS Cybersecurity Webcast

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.