Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Process Control Through Counterfeit Comms - Using and Abusing Built-In Functionality to Own a PLC

0xdade via YouTube

Overview

Explore the vulnerabilities of Programmable Logic Controllers (PLCs) in industrial settings through this conference talk. Delve into the methodologies used to discover security flaws in a well-known PLC, and learn how combining seemingly minor vulnerabilities can lead to complete device takeover. Gain insights into the MicroLogix 1400 PLC, its communication protocols, and configuration processes. Understand the steps involved in enabling SNMP, rebooting the PLC, and manipulating the memory module. Discover techniques for creating and flashing modified firmware, including the use of SNMP backdoors and TFTP. Assess the potential impact of these vulnerabilities and explore recommended mitigation strategies. Benefit from the expertise of Jared Rittle, a security researcher with Cisco Talos, as he shares his findings on embedded systems in Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA), and Internet of Things (IoT) devices.

Syllabus

Intro
INTRODUCTION
PROJECT ORIGIN
PROJECT GOALS
PLC - MICROLOGIX 1400
PLC - KEYSWITCH STATES
PLC - COMMUNICATION PROTOCOLS
PLC - PCCC STRUCTURE
PLC - PROTOCOL RESOURCES
PLC - DEVICE CONFIGURATION
ENABLING SNMP - REASONS & REQUIREMENTS
ENABLING SNMP - RSLOGIX
ENABLING SNMP - GET CURRENT CONFIG
ENABLING SNMP – PROTOCOL BITFIELD
ENABLING SNMP – CRC ERRORS
ENABLING SNMP – REBUILD CONFIG
ENABLING SNMP – WRITE CONFIG
ENABLING SNMP - SUCCESS INDICATOR
REBOOTING THE PLC - REASONS & REQUIREMENTS
REBOOTING THE PLC - BASIC FUZZING
REBOOTING THE PLC - E8FF CRASH
REBOOTING THE PLC - CRASH RECOVERY
MEMORY MODULE - REASONS & REQUIREMENTS
MEMORY MODULE - LOAD ON ERROR PCCC Protected Typed Logical Write with Three Address Fields
MEMORY MODULE - WRITE NEW CONFIG
MEMORY MODULE - CONFIG VERIFICATION
MEMORY MODULE - STORE PROGRAM
ATTACK SO FAR
MODIFIED FIRMWARE - CREATION
FLASHING FIRMWARE - SNMP BACKDOOR
FLASHING FIRMWARE - SNMP REBOOT
FLASHING FIRMWARE - TFTP
FLASHING FIRMWARE - UPDATE PROCESS
FLASHING FIRMWARE - SUCCESS
IMPACT
MITIGATION - RECOMMENDATIONS
MITIGATION - SPECIAL RECOMMENDATIONS
ADDITIONAL RESOURCES

Taught by

0xdade

Reviews

4.0 rating, based on 1 Class Central review

Start your review of Process Control Through Counterfeit Comms - Using and Abusing Built-In Functionality to Own a PLC

  • Profile image for Taher RACHEDI
    Taher RACHEDI
    i realy enjoyed the course, it was realy interesting i've learnt alot about plc and the diffrent uses withing projects unfortunatly some slides were a bit blur

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.