A participant will acquire practical experience of searching for vulnerabilities and analyzing SCADA security. The masterclass will cover both common network vulnerabilities, and exceptive cases that can be detected in the process of security assessment of real networks.
4. All checks and coverage area System software (OS, ОСРВ) SCADA Application software Network software Data transferring channels Hardware
5. Used techniques Application software(SCADA,RTU) System software(OS, ОСРВ) Data transferring channels and techniques(Industrial Ethernet, Modbus, DNP3, Profibus, etc.)
6.
7.
8.
9. Used instruments («Click and Hack» type) «/exploits/scada» «+» «CLICK and HACK» model «-» there are only 5 vulnerabilities «-» limited set of features «SCADA» «+» «CLICK and HACK» model «-» there are only 15 vulnerabilities
10. Used instruments (specialized utilities) Analysis of available NetDDE resources - Neutralbit’snbDDE tool Network DDE (NetDDE) is designed by Wonderware company and is an add-on to MicrosoftWindows DDE that implements data exchangebetween computers in LAN
11. Are there any difficulties? Web application vulnerabilities (SQL-injection) User ID = 1' or 1=(select top 1 password from Users)—Password = blank
12. Active and passive network “secret service” Available resources «The Registered Ports» chapter (Internet Assigned Numbers Authority)ibm-mqisdp 1883/tcpIBM MQSeries SCADAibm-mqisdp 1883/udpIBM MQSeries SCADApnbscada3875/tcpPNBSCADA pnbscada3875/udp PNBSCADA d-s-n 8086/tcpDistributed SCADA Networking Rendezvous Port Active detection - SNMP server scanning results;- detection of solution features (web servers, logged services) Passive detection - interception of network traffic to find specificrequests/responses;(application and network software);- detection of SCADA protocols in available network traffic (DNP3 over an Ethernet, Modbus-TCP);- direct analysis of productive protocols. (by special analyzers, analysis of signal propagation medium).