Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

ICEFALL - Revisiting A Decade Of OT Insecure-By-Design Practices

Hack In The Box Security Conference via YouTube

Overview

Explore the persistent challenges of insecure-by-design practices in Operational Technology (OT) devices and protocols in this comprehensive conference talk from the Hack In The Box Security Conference. Delve into dozens of previously undisclosed issues affecting products from nearly 20 vendors across various industrial sectors. Gain insights into the quantitative overview of these vulnerabilities, ranging from security-certified products with inherent design flaws to unsuccessful attempts at improvement. Examine how the opacity and proprietary nature of OT systems, coupled with suboptimal vulnerability management and potentially misleading security certifications, complicate risk management efforts. Through technical deep-dives, understand how attackers can achieve remote code execution on critical Level 1 devices using only intended functionality, and consider the defensive implications. Analyze quantitative data on the research process, providing valuable information on the resources required to develop basic offensive capabilities and their potential impact on the threat landscape.

Syllabus

Intro
Insecure-by-design is a well-known issue, why revisit it?
Example: Segmentation & Hardening
Siemens WinCC OA SCADA (CVE-2022-33139)
Saia Burgess PG5 PCD PLC
Nuance: Supply Chains & Collisions
Example: ProConOS runtime
Nuance: Firmware Updates
Example: Emerson DeltaV DCS
Example: Honeywell Safety Manager (SC) SIS
Example: Emerson ControlWave PLC/RTU
Example: Honeywell Safety Manager SIS
Reverse Engineering
Mitigations
Conclusions

Taught by

Hack In The Box Security Conference

Reviews

Start your review of ICEFALL - Revisiting A Decade Of OT Insecure-By-Design Practices

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.