No announcement yet.

ICS Village Talk Schedule

  • Filter
  • Time
  • Show
Clear All
new posts

  • ICS Village Talk Schedule

    CS Village Talk Schedule
    07-29-2015, 10:18 AM
    This schedule is subject to change. Follow @ICS_Village on Twitter for the latest updates.


    My first ICS pwnage.

    Location: Bronze One
    Time: 1500 Friday

    Speaker: Larry Pesce is a Senior Security Analyst with InGuardians

    Want to get your start with some really simple ICS protocols? How
    about we go all the way back to 1979 and poke at unauthenticated
    protocols that are still used today, Modbus. It would be nice to play
    without breaking some real systems so here are a few things that you
    can use to practice practicing the basics.

    Bio: Larry Pesce is a Senior Security Analyst with InGuardians. His recent
    experience includes providing penetration assessment, architecture
    review, hardware security assessment, wireless/radio analysis, and
    policy and procedure development for a wide range of industries
    including those in the financial, retail, and healthcare verticals.
    In his spare time he likes to tinker with all things electronic and
    wireless. Larry is an amateur radio operator holding his Extra class
    license and is regularly involved in emergency communications activities


    Electric Grid: A Multiplayer Game of Destruction

    Location: Bronze
    Time: 1000 Saturday

    Speaker: Kenneth Shaw, Jerel Culliss, IOActive

    We brought you this year "Electric Grid: A Multiplayer Game of Destruction" and now we
    will teach you how to play it! The game is composed of compromised portions of an electric
    grid which players can control with the end-goal of destroying parts of the electric grid
    system. It will require cooperation or cunning from players to bring it down. Are you up
    to the challenge? We will explain the details of how the game was created, how realistic
    the simulations are, and what a well positioned attacker could hope to achieve. Further,
    our research in the are focuses on minimum compromised nodes for system failure,
    resonances and more!



    Physical Damage 101
    Location: Bronze
    Time: 1100 Saturday
    Jason Larsen, Ken Shaw, IOActive
    It is possible to physically damage equipment through purely cyber means. Most of the time the attacker takes advantage of something specific to the CyberPhysical System (CPS) thats being targeted. As an example mixing in a cleaning agent during a production cycle can cause an unwanted chemical reaction. Attacking software has been described as "unexpected computation". Attacking a process is all about "unexpected physics."

    Finding and exploiting process-specific flaws generally takes subject matter expertise in the victim process. However, there are some generic attacks that can be applied in a wide range of scenarios. I call these bread and butter attacks. They take advantage of common configurations of valves, pumps, pipe, etc. to achieve damage to the process. These scenarios can be used as a basis for a first look in a process audit. During a full audit, a subject matter expert will still need to be consulted.

    Nearly the entire budget for security processes from cyber attack is spent attempting to keep an attacker from gaining code execution in the process control network. This is roughly equivalent to the early 2000s where the industry attempted to find every possible buffer overflow in code. In 2015 were still finding them regularly. It wasn't until ALSR and DEP were introduced that defenders started making attacker work harder. In process control networks, defending the network is still key, but adding a few physical controls can greatly reduce the effectiveness of an attacker. It is hoped that this presentation can help stimulate discussion on how attacker can be mitigated after code execution is already achieved.

    The Little Pump Gauge that Could: Attacks Against Gas Pump Monitoring Systems

    Location: Bronze
    Time: 1300 Saturday

    Speaker: Kyle Wilhoit, Stephen Hilt, Trend Micro

    Over a period of months, several Guardian AST gas pump monitoring systems were attacked.
    These attacks occurred on real pump monitoring systems, but also on systems that we
    controlled, created, and deployed. We watched these attackers, what they did, and
    performed intelligence gathering on the nefarious actors. Details and intelligence on
    whom the attackers were, possible motivations behind the attacks, and detailed indicators
    of compromise will be shared in this.

    Kyle Wilhoit is a Sr. Threat Researcher at Trend Micro on the Future Threat Research Team.
    Kyle focuses on original threat, malware, vulnerability discovery/analysis and criminal
    activity on the Internet. He also hunts for new malware like a rabid dog. Prior to joining
    Trend Micro, he was at Fireeye hunting badness and puttin' the bruising on cyber criminals
    and state sponsored entities as a Threat Intel guy. Prior to Fireeye, he was the lead
    incident handler and malware guy at a large energy company, focusing on ICS/SCADA security
    and targeted persistent threats. He has also worked at a Tier 1 ISP playing with malware.
    Kyle is also involved with several open source projects and actively enjoys reverse
    engineering things that shouldn't be.

    Stephen Hilt has been in Information Security and Industrial Control Systems (ICS)
    Security for around 10 years. With a Bachelors Degree from Southern Illinois University,
    he started working for a large power utility in the South East of the United States. There
    Stephen gained an extensive background in Security Network Engineering, Incident Response,
    Forensics, Assessments and Penetration Testing. That is where Stephen started focusing on
    ICS Assessments, then moved to working as an ICS Security Consultant and Researcher for
    one of the most foremost ICS Security Consulting groups in the world. In 2014, Stephen
    was named as having one of the coolest hacks by dark reading for his PLCPwn, a weaponized
    PLC. As well, he has published numerous ICS Specific Nmap Scripts to Identify ICS
    protocols via native commands. Stephen now is at Trend Micro as a Sr. Threat Researcher,
    continuing ICS research, and diving into other areas of research. Over the past 10 years,
    Stephen has learned how to build, defend and attack ICS networks.


    SCADA 101
    Location: Bronze One
    Time: 1500 Saturday

    Speaker: Kara Turner, iSight Partners

    Ever been interested in ICS security and hacking but don’t know where to begin? This presentation takes the initially daunting world of ICS security and converts it to something we can all understand: attacking the Death Star. The Galactic Empire is full of industrial control systems. The Rebel Alliance was able to defeat their biggest weapons by finding and exploiting their weaknesses. Learn to use the Force to hack giant robots and stuff. May the Force be with you…

    Raspberry PI, a little IO with SDN equals "control network in a box"

    Location: Bronze One
    Time: 1100, 1400 Friday and Saturday ***This talk will not be recorded***

    Speaker: Matthew E. Luallen, CYBATI

    Come attend and participate in this hands-on session to learn about control system
    cybersecurity. Seating for hands-on access will be limited to the first 15 participants
    while others can glean and watch. Concisely learn the simple and complex challenges to
    ICS cybersecurity through scenarios in this concise 45 minute session.
    Tags: None
    Last edited by mostly_hrmless; August 7, 2015, 15:02.