ICEFALL - Revisiting A Decade Of OT Insecure-By-Design Practices
Hack In The Box Security Conference via YouTube
Overview
Syllabus
Intro
Insecure-by-design is a well-known issue, why revisit it?
Example: Segmentation & Hardening
Siemens WinCC OA SCADA (CVE-2022-33139)
Saia Burgess PG5 PCD PLC
Nuance: Supply Chains & Collisions
Example: ProConOS runtime
Nuance: Firmware Updates
Example: Emerson DeltaV DCS
Example: Honeywell Safety Manager (SC) SIS
Example: Emerson ControlWave PLC/RTU
Example: Honeywell Safety Manager SIS
Reverse Engineering
Mitigations
Conclusions
Taught by
Hack In The Box Security Conference