Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.
BinaryEdge.io
Be Ready. Be Safe. Be Secure.
Focus on Cybersecurity,
Data science and Machine
learning. Scale via software,
automation and re-usable
technology.
HEADQU...
OVERVIEW
Look at things that are on the internet and that shouldn’t be there
Scare you enough that if you see someone putt...
WHO ARE WE?
Tiago is the CEO and Data necromancer at
BinaryEdge however he gets to meddle in the
intersection of data scie...
EXPOSING THINGS TO THE INTERNET
Types of exposure
People Organization
BINARYEDGE
INTERNET OF SHIT
MQTT
MQTT
MQTT Broker
Hospitals Payment
information
ChatsPower stations Coffee makerCar GPSRadiation
meters
Prisons MMORPG...
MQTT - NUCLEAR
MQTT - HOSPITALS
MQTT - PATIENTS
MQTT - OWNTRACKS - PRIVACY?
MQTT - OWNTRACKS
MQTT - OWNTRACKS
MQTT - OWNTRACKS
MQTT - OWNTRACKS
MQTT - POWER
MQTT - SMS
MQTT - PHONE BACKUP
RDP, VNC, X11 - POWER
RDP, VNC, X11 - POWER
RDP, VNC, X11 - POWER
RDP, VNC, X11 - POWER
RDP, VNC, X11 - POWER
RDP, VNC, X11 - GAS
RDP, VNC, X11 - GAS
RDP, VNC, X11 - GAS
RDP, VNC, X11 - GAS
RDP, VNC, X11 - GAS
RDP, VNC, X11 - PRESCRIPTIONS
RDP, VNC, X11 - HOSPITALS
SCADA - WHAT IS?
SCADA (Supervisory Control and Data Acquisition is an industrial automation control system.
SCADA systems...
SCADA - PROTOCOLS
BACnet
47808
S7
102
cspv4
2222
dnp3
20000
ATG
10001
modifcon
502
enip
44818
fox
1911
omron
9600
proconos...
SCADA
SCADA
SCADA
SCADA
SCADA
SCADA
NSA
DOUBLEPULSAR
Doublepulsar infection count: April 2017
date
numberofinfections
COLLABORATION
SECOND NSA TROJAN
23
World count
BASIC RULES OF THE GAME
update/ patch
segregate/ firewall
have a minimum of common sense
BE READY. BE SAFE. BE SECURE.
BinaryEdge AG
Freigutstrasse 40,
8001 Zurich
Switzerland
info@binaryedge.io
www.binaryedge.i...
Próxima SlideShare
Cargando en…5
×

Pixels Camp 2017 - Stranger Things the internet version

726 visualizaciones

Publicado el

Much like Eleven and the gang, we at BinaryEdge sometimes are confronted with real monsters. Unlike in the series "Stranger Things" however, the monsters we're faced with take different shapes. Our monsters are usually found in the shape of weird things people connect to the internet. Often we're asked "What is the craziest things you guys have found connected to the internet?" In this talk we intend to answer and show exactly that. If you've seen our previous talks and/or read our "World Security Report" for 2016 (ise.binaryedge.io) you know that we have found some of the weirdest things online. From water dams, to electricity grids, and nuclear laboratory sensors, people simply love connecting things to the internet. And in this talk, we are going to explore the top "things" we've found exposed, talk about the different protocols they use and also allow YOU live on talk to search for your own things! On this talk we will also release our 2017 report, where we show how we detected some of the NSA tools such as Double pulsar. We will also make an interesting reveal on this topic. :)

Publicado en: Tecnología
  • Sé el primero en comentar

Pixels Camp 2017 - Stranger Things the internet version

  1. 1. BinaryEdge.io Be Ready. Be Safe. Be Secure.
  2. 2. Focus on Cybersecurity, Data science and Machine learning. Scale via software, automation and re-usable technology. HEADQUARTERS ENGINEERING TEAM ENGINEERING TEAM ZÜRICH, SWITZERLAND BINARYEDGE
  3. 3. OVERVIEW Look at things that are on the internet and that shouldn’t be there Scare you enough that if you see someone putting something on the in- ternet that they shouldn’t, you would stop them! AGENDA OBJECTIVE
  4. 4. WHO ARE WE? Tiago is the CEO and Data necromancer at BinaryEdge however he gets to meddle in the intersection of data science and cybersecurity by providing his team with lovely problems that they solve on a daily basis. Tiago Henriques
  5. 5. EXPOSING THINGS TO THE INTERNET Types of exposure People Organization
  6. 6. BINARYEDGE
  7. 7. INTERNET OF SHIT
  8. 8. MQTT MQTT MQTT Broker Hospitals Payment information ChatsPower stations Coffee makerCar GPSRadiation meters Prisons MMORPG data SensorsAlarms Power meters Mobile phones tracking software publish subscribe subscribe subscribe We found 37,514 active MQTT brokers How it works and what is out there
  9. 9. MQTT - NUCLEAR
  10. 10. MQTT - HOSPITALS
  11. 11. MQTT - PATIENTS
  12. 12. MQTT - OWNTRACKS - PRIVACY?
  13. 13. MQTT - OWNTRACKS
  14. 14. MQTT - OWNTRACKS
  15. 15. MQTT - OWNTRACKS
  16. 16. MQTT - OWNTRACKS
  17. 17. MQTT - POWER
  18. 18. MQTT - SMS
  19. 19. MQTT - PHONE BACKUP
  20. 20. RDP, VNC, X11 - POWER
  21. 21. RDP, VNC, X11 - POWER
  22. 22. RDP, VNC, X11 - POWER
  23. 23. RDP, VNC, X11 - POWER
  24. 24. RDP, VNC, X11 - POWER
  25. 25. RDP, VNC, X11 - GAS
  26. 26. RDP, VNC, X11 - GAS
  27. 27. RDP, VNC, X11 - GAS
  28. 28. RDP, VNC, X11 - GAS
  29. 29. RDP, VNC, X11 - GAS
  30. 30. RDP, VNC, X11 - PRESCRIPTIONS
  31. 31. RDP, VNC, X11 - HOSPITALS
  32. 32. SCADA - WHAT IS? SCADA (Supervisory Control and Data Acquisition is an industrial automation control system. SCADA systems can be used in different industries Energy Food and beverages Power Oil and gas RecyclingTransportation Water
  33. 33. SCADA - PROTOCOLS BACnet 47808 S7 102 cspv4 2222 dnp3 20000 ATG 10001 modifcon 502 enip 44818 fox 1911 omron 9600 proconos 20547 codesys 1200 pcworx 1962 codesys 2455
  34. 34. SCADA
  35. 35. SCADA
  36. 36. SCADA
  37. 37. SCADA
  38. 38. SCADA
  39. 39. SCADA
  40. 40. NSA
  41. 41. DOUBLEPULSAR Doublepulsar infection count: April 2017 date numberofinfections
  42. 42. COLLABORATION
  43. 43. SECOND NSA TROJAN 23 World count
  44. 44. BASIC RULES OF THE GAME update/ patch segregate/ firewall have a minimum of common sense
  45. 45. BE READY. BE SAFE. BE SECURE. BinaryEdge AG Freigutstrasse 40, 8001 Zurich Switzerland info@binaryedge.io www.binaryedge.io + 41 78 713 40 00 CONTIGENCY THREAT SAFE IRRELEVANT

×