Tweet
CS Village Talk Schedule
07-29-2015, 10:18 AM
This schedule is subject to change. Follow @ICS_Village on Twitter for the latest updates.
------------------------------------------------------------------------------------------
My first ICS pwnage.
Location: Bronze One
Time: 1500 Friday
Speaker: Larry Pesce is a Senior Security Analyst with InGuardians
Want to get your start with some really simple ICS protocols? How
about we go all the way back to 1979 and poke at unauthenticated
protocols that are still used today, Modbus. It would be nice to play
without breaking some real systems so here are a few things that you
can use to practice practicing the basics.
Bio: Larry Pesce is a Senior Security Analyst with InGuardians. His recent
experience includes providing penetration assessment, architecture
review, hardware security assessment, wireless/radio analysis, and
policy and procedure development for a wide range of industries
including those in the financial, retail, and healthcare verticals.
In his spare time he likes to tinker with all things electronic and
wireless. Larry is an amateur radio operator holding his Extra class
license and is regularly involved in emergency communications activities
------------------------------------------------------------------------------------------
Electric Grid: A Multiplayer Game of Destruction
Location: Bronze
Time: 1000 Saturday
Speaker: Kenneth Shaw, Jerel Culliss, IOActive
We brought you this year "Electric Grid: A Multiplayer Game of Destruction" and now we
will teach you how to play it! The game is composed of compromised portions of an electric
grid which players can control with the end-goal of destroying parts of the electric grid
system. It will require cooperation or cunning from players to bring it down. Are you up
to the challenge? We will explain the details of how the game was created, how realistic
the simulations are, and what a well positioned attacker could hope to achieve. Further,
our research in the are focuses on minimum compromised nodes for system failure,
resonances and more!
------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------------------
Physical Damage 101
Location: Bronze
Time: 1100 Saturday
Jason Larsen, Ken Shaw, IOActive
It is possible to physically damage equipment through purely cyber means. Most of the time the attacker takes advantage of something specific to the CyberPhysical System (CPS) thats being targeted. As an example mixing in a cleaning agent during a production cycle can cause an unwanted chemical reaction. Attacking software has been described as "unexpected computation". Attacking a process is all about "unexpected physics."
Finding and exploiting process-specific flaws generally takes subject matter expertise in the victim process. However, there are some generic attacks that can be applied in a wide range of scenarios. I call these bread and butter attacks. They take advantage of common configurations of valves, pumps, pipe, etc. to achieve damage to the process. These scenarios can be used as a basis for a first look in a process audit. During a full audit, a subject matter expert will still need to be consulted.
Nearly the entire budget for security processes from cyber attack is spent attempting to keep an attacker from gaining code execution in the process control network. This is roughly equivalent to the early 2000s where the industry attempted to find every possible buffer overflow in code. In 2015 were still finding them regularly. It wasn't until ALSR and DEP were introduced that defenders started making attacker work harder. In process control networks, defending the network is still key, but adding a few physical controls can greatly reduce the effectiveness of an attacker. It is hoped that this presentation can help stimulate discussion on how attacker can be mitigated after code execution is already achieved.
------------------------------------------------------------------------------------------------------------
The Little Pump Gauge that Could: Attacks Against Gas Pump Monitoring Systems
Location: Bronze
Time: 1300 Saturday
Speaker: Kyle Wilhoit, Stephen Hilt, Trend Micro
Over a period of months, several Guardian AST gas pump monitoring systems were attacked.
These attacks occurred on real pump monitoring systems, but also on systems that we
controlled, created, and deployed. We watched these attackers, what they did, and
performed intelligence gathering on the nefarious actors. Details and intelligence on
whom the attackers were, possible motivations behind the attacks, and detailed indicators
of compromise will be shared in this.
Kyle Wilhoit is a Sr. Threat Researcher at Trend Micro on the Future Threat Research Team.
Kyle focuses on original threat, malware, vulnerability discovery/analysis and criminal
activity on the Internet. He also hunts for new malware like a rabid dog. Prior to joining
Trend Micro, he was at Fireeye hunting badness and puttin' the bruising on cyber criminals
and state sponsored entities as a Threat Intel guy. Prior to Fireeye, he was the lead
incident handler and malware guy at a large energy company, focusing on ICS/SCADA security
and targeted persistent threats. He has also worked at a Tier 1 ISP playing with malware.
Kyle is also involved with several open source projects and actively enjoys reverse
engineering things that shouldn't be.
Stephen Hilt has been in Information Security and Industrial Control Systems (ICS)
Security for around 10 years. With a Bachelors Degree from Southern Illinois University,
he started working for a large power utility in the South East of the United States. There
Stephen gained an extensive background in Security Network Engineering, Incident Response,
Forensics, Assessments and Penetration Testing. That is where Stephen started focusing on
ICS Assessments, then moved to working as an ICS Security Consultant and Researcher for
one of the most foremost ICS Security Consulting groups in the world. In 2014, Stephen
was named as having one of the coolest hacks by dark reading for his PLCPwn, a weaponized
PLC. As well, he has published numerous ICS Specific Nmap Scripts to Identify ICS
protocols via native commands. Stephen now is at Trend Micro as a Sr. Threat Researcher,
continuing ICS research, and diving into other areas of research. Over the past 10 years,
Stephen has learned how to build, defend and attack ICS networks.
------------------------------------------------------------------------------------------
SCADA 101
Location: Bronze One
Time: 1500 Saturday
Speaker: Kara Turner, iSight Partners
Ever been interested in ICS security and hacking but don’t know where to begin? This presentation takes the initially daunting world of ICS security and converts it to something we can all understand: attacking the Death Star. The Galactic Empire is full of industrial control systems. The Rebel Alliance was able to defeat their biggest weapons by finding and exploiting their weaknesses. Learn to use the Force to hack giant robots and stuff. May the Force be with you…
------------------------------------------------------------------------------------------
Raspberry PI, a little IO with SDN equals "control network in a box"
Location: Bronze One
Time: 1100, 1400 Friday and Saturday ***This talk will not be recorded***
Speaker: Matthew E. Luallen, CYBATI
Come attend and participate in this hands-on session to learn about control system
cybersecurity. Seating for hands-on access will be limited to the first 15 participants
while others can glean and watch. Concisely learn the simple and complex challenges to
ICS cybersecurity through scenarios in this concise 45 minute session.
Tags: None
07-29-2015, 10:18 AM
This schedule is subject to change. Follow @ICS_Village on Twitter for the latest updates.
------------------------------------------------------------------------------------------
My first ICS pwnage.
Location: Bronze One
Time: 1500 Friday
Speaker: Larry Pesce is a Senior Security Analyst with InGuardians
Want to get your start with some really simple ICS protocols? How
about we go all the way back to 1979 and poke at unauthenticated
protocols that are still used today, Modbus. It would be nice to play
without breaking some real systems so here are a few things that you
can use to practice practicing the basics.
Bio: Larry Pesce is a Senior Security Analyst with InGuardians. His recent
experience includes providing penetration assessment, architecture
review, hardware security assessment, wireless/radio analysis, and
policy and procedure development for a wide range of industries
including those in the financial, retail, and healthcare verticals.
In his spare time he likes to tinker with all things electronic and
wireless. Larry is an amateur radio operator holding his Extra class
license and is regularly involved in emergency communications activities
------------------------------------------------------------------------------------------
Electric Grid: A Multiplayer Game of Destruction
Location: Bronze
Time: 1000 Saturday
Speaker: Kenneth Shaw, Jerel Culliss, IOActive
We brought you this year "Electric Grid: A Multiplayer Game of Destruction" and now we
will teach you how to play it! The game is composed of compromised portions of an electric
grid which players can control with the end-goal of destroying parts of the electric grid
system. It will require cooperation or cunning from players to bring it down. Are you up
to the challenge? We will explain the details of how the game was created, how realistic
the simulations are, and what a well positioned attacker could hope to achieve. Further,
our research in the are focuses on minimum compromised nodes for system failure,
resonances and more!
------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------------------
Physical Damage 101
Location: Bronze
Time: 1100 Saturday
Jason Larsen, Ken Shaw, IOActive
It is possible to physically damage equipment through purely cyber means. Most of the time the attacker takes advantage of something specific to the CyberPhysical System (CPS) thats being targeted. As an example mixing in a cleaning agent during a production cycle can cause an unwanted chemical reaction. Attacking software has been described as "unexpected computation". Attacking a process is all about "unexpected physics."
Finding and exploiting process-specific flaws generally takes subject matter expertise in the victim process. However, there are some generic attacks that can be applied in a wide range of scenarios. I call these bread and butter attacks. They take advantage of common configurations of valves, pumps, pipe, etc. to achieve damage to the process. These scenarios can be used as a basis for a first look in a process audit. During a full audit, a subject matter expert will still need to be consulted.
Nearly the entire budget for security processes from cyber attack is spent attempting to keep an attacker from gaining code execution in the process control network. This is roughly equivalent to the early 2000s where the industry attempted to find every possible buffer overflow in code. In 2015 were still finding them regularly. It wasn't until ALSR and DEP were introduced that defenders started making attacker work harder. In process control networks, defending the network is still key, but adding a few physical controls can greatly reduce the effectiveness of an attacker. It is hoped that this presentation can help stimulate discussion on how attacker can be mitigated after code execution is already achieved.
------------------------------------------------------------------------------------------------------------
The Little Pump Gauge that Could: Attacks Against Gas Pump Monitoring Systems
Location: Bronze
Time: 1300 Saturday
Speaker: Kyle Wilhoit, Stephen Hilt, Trend Micro
Over a period of months, several Guardian AST gas pump monitoring systems were attacked.
These attacks occurred on real pump monitoring systems, but also on systems that we
controlled, created, and deployed. We watched these attackers, what they did, and
performed intelligence gathering on the nefarious actors. Details and intelligence on
whom the attackers were, possible motivations behind the attacks, and detailed indicators
of compromise will be shared in this.
Kyle Wilhoit is a Sr. Threat Researcher at Trend Micro on the Future Threat Research Team.
Kyle focuses on original threat, malware, vulnerability discovery/analysis and criminal
activity on the Internet. He also hunts for new malware like a rabid dog. Prior to joining
Trend Micro, he was at Fireeye hunting badness and puttin' the bruising on cyber criminals
and state sponsored entities as a Threat Intel guy. Prior to Fireeye, he was the lead
incident handler and malware guy at a large energy company, focusing on ICS/SCADA security
and targeted persistent threats. He has also worked at a Tier 1 ISP playing with malware.
Kyle is also involved with several open source projects and actively enjoys reverse
engineering things that shouldn't be.
Stephen Hilt has been in Information Security and Industrial Control Systems (ICS)
Security for around 10 years. With a Bachelors Degree from Southern Illinois University,
he started working for a large power utility in the South East of the United States. There
Stephen gained an extensive background in Security Network Engineering, Incident Response,
Forensics, Assessments and Penetration Testing. That is where Stephen started focusing on
ICS Assessments, then moved to working as an ICS Security Consultant and Researcher for
one of the most foremost ICS Security Consulting groups in the world. In 2014, Stephen
was named as having one of the coolest hacks by dark reading for his PLCPwn, a weaponized
PLC. As well, he has published numerous ICS Specific Nmap Scripts to Identify ICS
protocols via native commands. Stephen now is at Trend Micro as a Sr. Threat Researcher,
continuing ICS research, and diving into other areas of research. Over the past 10 years,
Stephen has learned how to build, defend and attack ICS networks.
------------------------------------------------------------------------------------------
SCADA 101
Location: Bronze One
Time: 1500 Saturday
Speaker: Kara Turner, iSight Partners
Ever been interested in ICS security and hacking but don’t know where to begin? This presentation takes the initially daunting world of ICS security and converts it to something we can all understand: attacking the Death Star. The Galactic Empire is full of industrial control systems. The Rebel Alliance was able to defeat their biggest weapons by finding and exploiting their weaknesses. Learn to use the Force to hack giant robots and stuff. May the Force be with you…
------------------------------------------------------------------------------------------
Raspberry PI, a little IO with SDN equals "control network in a box"
Location: Bronze One
Time: 1100, 1400 Friday and Saturday ***This talk will not be recorded***
Speaker: Matthew E. Luallen, CYBATI
Come attend and participate in this hands-on session to learn about control system
cybersecurity. Seating for hands-on access will be limited to the first 15 participants
while others can glean and watch. Concisely learn the simple and complex challenges to
ICS cybersecurity through scenarios in this concise 45 minute session.
Tags: None