Explore the groundbreaking presentation on the first PLC-only worm targeting Siemens Simatic S7-1200 PLCs. Delve into the technical details of how this self-contained malware operates without external support, compromising PLCs and evading detection. Learn about the proprietary Siemens protocol, the implementation process, and the worm's ability to scan networks, infect other PLCs, and maintain parallel execution with original user programs. Discover the Command & Control server functionality, proxy capabilities, and anti-forensic measures employed. Gain insights into the infection process, memory requirements, and potential impacts on different PLC models. Examine the syllabus covering topics such as PLC operations, program organization, target discovery, protocol analysis, and security measures. Understand the broader implications for industrial control systems and explore potential improvements and recommendations for enhancing PLC security across various vendors.
Overview
Syllabus
Intro
Open Source Security
How PLCs Work
Program Organization Blocks
Programming Languages
Target Discovery II
Carrier
Protocol Analysis II
Numbers in Attribute-Blocks
Anti-Replay Mechanism
Transfer a Program
Fun with Attribute Blocks
Implement the Worm
Payloads
Demonstration
Impact on the PLC
Persistence & Identification
Knowhow Protection
Copy Protection
Access Protection
Improvements & Recommendations
Other Vendors?
Leading Vendors Supporting Ethernet
Leading Vendors Supporting TCP/IP Functions
Further Research
Taught by
Black Hat
