Explore the intricacies of hacking Mitsubishi PLCs without firmware access in this illuminating conference talk by Anton Dorfman at Nullcon Goa 2023. Delve into the challenges of reverse engineering proprietary network protocols, from initial research to vulnerability discovery. Learn about innovative techniques used to reconstruct the protocol, including documentation analysis, error code examination, vendor utility exploration, and PLC simulation. Gain insights into the discovered vulnerabilities, with a focus on CVE-2022-25161 and CVE-2022-25162. Witness a live demonstration showcasing the potential impact of these vulnerabilities on industrial systems. Perfect for security researchers and professionals interested in industrial control system security and firmware analysis.
Overview
Syllabus
Speaker and Talk Introduction
Pre-Research
Welcome To Hell The World Of Bytes And Bits
Reverse Engineering Eye-Gineering
M Protocol
M Protocol vs PCAP
PCAP vs Manual
M Protocol vs Manual
Preliminary results
Research
Results
Vulnerabilities
Do's & Demo
Conclusion
Taught by
nullcon
Related Courses
-
Hacking Mitsubishi PLC Without Access To Firmware
-
PLC-Blaster - A Worm Living Solely in the PLC
-
ICS SCADA Security Analysis of a Beckhoff CX5020 PLC
-
Alarm.DISARM - Remotely Exploiting & Disarming Popular Physical Security System from Public Internet
-
Rogue7 - Rogue Engineering-Station Attacks on S7 Simatic PLCs
-
Hacking an Internet Enabled Lagomorph
