Explore a groundbreaking presentation on the first PLC-only worm targeting Siemens Simatic S7-1200 v1-v3 PLCs. Delve into the technical details of this self-contained malware that operates without external support, scanning and compromising PLCs using a proprietary Siemens protocol. Learn about the worm's ability to upload itself to vulnerable devices, run parallel to existing programs, and evade detection. Discover how the malware implements a Command & Control server for remote administration, allowing manipulation of PLC inputs and outputs. Examine the infection process, memory requirements, and potential impact on different S7-1200 models. Gain insights into the challenges of forensic analysis and the worm's ability to crash the TIA Portal 11 software. Witness a live demonstration of this innovative attack vector in industrial control systems.
Overview
Syllabus
PLC-Blaster: A Worm Living Solely in the PLC
Taught by
Black Hat