Explore industrial control protocol vulnerabilities and attack techniques in this 50-minute conference talk from Circle City Con 2014. Delve into the intricacies of HMI systems, L2 and L3 networks, firewalls, and PLCs, with a focus on their inherent security flaws. Learn about Modbus functionality, application firewalls, and sniffing techniques. Discover the concept of "tape loops" for manipulating industrial protocols, and understand their potential impact on various systems. Examine the motivations behind exploiting these vulnerabilities and consider the broader implications for industrial cybersecurity.
Overview
Syllabus
Intro
The Outline
HMI
Other L2 Systems
What Lives on L3?
Firewalls
PLCs == Insecure By Design
Modicon Quantum
ControlLogix
Why Level 2?
Tofino Hardware
Types of Operation
How Modbus Works
The Problem in a Nutshell
Modbus Function Codes
Application Firewall
Ettercap
Sniff and Record
Timer Expiration
Overwrite: Engage
Modbus VCR: What you've got
Tape Loops
Modbus VCR: Sound Familiar?
Other protocols
The Gauntlet
Why Profit?
Okay, Profit!
Conclusion
