Positive Hack Days. Komarov. SCADA Security Analysis

•Descargar como PPTX, PDF•

1 recomendación•1,554 vistas

A participant will acquire practical experience of searching for vulnerabilities and analyzing SCADA security. The masterclass will cover both common network vulnerabilities, and exceptive cases that can be detected in the process of security assessment of real networks.

Tecnología Empresariales

Master class(Positive Hack Days)«Analysis of SCADA security protection» Andrey Komarov(technical manager)

SCADA protection analysis – «what for», «how» and «why»? Regulations (USA, СК) Security «Compliance» audit Prevent security incidents in SCADA Detect and specify security threats in SCADA Improvement of software and hardwareсредств Actualize regulation rules Consider attacker’s actions and tendency Improve efficiency of used protection measures

All checks and coverage area System software (OS, ОСРВ) SCADA Application software Network software Data transferring channels Hardware

Used techniques Application software(SCADA,RTU) System software(OS, ОСРВ) Data transferring channels and techniques(Industrial Ethernet, Modbus, DNP3, Profibus, etc.)

Used instruments («Click and Hack» type) «/exploits/scada» «+» «CLICK and HACK» model «-» there are only 5 vulnerabilities «-» limited set of features «SCADA» «+» «CLICK and HACK» model «-» there are only 15 vulnerabilities

Used instruments (specialized utilities) Analysis of available NetDDE resources - Neutralbit’snbDDE tool Network DDE (NetDDE) is designed by Wonderware company and is an add-on to MicrosoftWindows DDE that implements data exchangebetween computers in LAN

Are there any difficulties? Web application vulnerabilities (SQL-injection) User ID = 1' or 1=(select top 1 password from Users)—Password = blank

Active and passive network “secret service” Available resources «The Registered Ports» chapter (Internet Assigned Numbers Authority)ibm-mqisdp 1883/tcpIBM MQSeries SCADAibm-mqisdp 1883/udpIBM MQSeries SCADApnbscada3875/tcpPNBSCADA pnbscada3875/udp PNBSCADA d-s-n 8086/tcpDistributed SCADA Networking Rendezvous Port Active detection - SNMP server scanning results;- detection of solution features (web servers, logged services) Passive detection - interception of network traffic to find specificrequests/responses;(application and network software);- detection of SCADA protocols in available network traffic (DNP3 over an Ethernet, Modbus-TCP);- direct analysis of productive protocols. (by special analyzers, analysis of signal propagation medium).

Testing of reliability Stress-test (ICMPPing Flood implementation)– «Reg Tiger Security» #denial of service, then recovery ( idle time - 1 minute)ping -f -s 60601 packets transmitted, 150 packets received, 75% packet loss #denial of service, then recovery (idle time - 1 minute)ping -f -s 600497 packets transmitted, 32 packets received, 93% packet loss #denial of service, without recovery (have to reload)ping -f -s 6000518 packets transmitted, 0 packets received, 100% packet loss #denial of service, without recovery (have to reload)ping -f -s 6000 819 packets transmitted, 0 packets received, 100% packet loss

Borrowed application software components in SCADA

Реализация отказа в обслуживании в отношении встроенного WEB-сервера

Denial of service implementation against imbedded web server

Thank you for your attention! http://ITDEFENCE.ruGroup inLinkedIn «Industrial Automation Security»We discuss SCADA security questions

Más contenido relacionado

Más de Positive Hack Days

Инструмент ChangelogBuilder для автоматической подготовки Release Notes

Positive Hack Days

Как мы собираем проекты в выделенном окружении в Windows Docker

Positive Hack Days

Типовая сборка и деплой продуктов в Positive Technologies

Positive Hack Days

1. Что такое BI. Зачем он нужен. 2. Что такое Qlik View / Sense 3. Способ интеграции. Как это работает. 4. Метрики, KPI, планирование ресурсов команд, ретроспектива релиза продукта, тренды. 5. Подключение внешних источников данных (Excel, БД СКУД, переговорные комнаты).

Аналитика в проектах: TFS + Qlik

Positive Hack Days

Использование анализатора кода SonarQube

Positive Hack Days

Развитие сообщества Open DevOps Community

Positive Hack Days

Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...

Positive Hack Days

Approof — статический анализатор кода для проверки веб-приложений на наличие уязвимых компонентов. В своей работе анализатор основывается на правилах, хранящих сигнатуры искомых компонентов. В докладе рассматривается базовая структура правила для Approof и процесс автоматизации его создания.

Автоматизация построения правил для Approof

Positive Hack Days

Задумывались ли вы когда-нибудь о том, как устроены современные механизмы защиты приложений? Какая теория стоит за реализацией WAF и SAST? Каковы пределы их возможностей? Насколько их можно подвинуть за счет более широкого взгляда на проблематику безопасности приложений? На мастер-классе будут рассмотрены основные методы и алгоритмы двух основополагающих технологий защиты приложений — межсетевого экранирования уровня приложения и статического анализа кода. На примерах конкретных инструментов с открытым исходным кодом, разработанных специально для этого мастер-класса, будут рассмотрены проблемы, возникающие на пути у разработчиков средств защиты приложений, и возможные пути их решения, а также даны ответы на все упомянутые вопросы.

Мастер-класс «Трущобы Application Security»

Positive Hack Days

Формальные методы защиты приложений

Positive Hack Days

Эвристические методы защиты приложений

Positive Hack Days

Теоретические основы Application Security

Positive Hack Days

Разработка наукоемкого программного обеспечения отличается тем, что нет ни четкой постановки задачи, ни понимания, что получится в результате. Однако даже этом надо программировать то, что надо, и как надо. Докладчик расскажет о том, как ее команда успешно разработала и вывела в промышленную эксплуатацию несколько наукоемких продуктов, пройдя непростой путь от эксперимента, результатом которого был прототип, до промышленных версий, которые успешно продаются как на российском, так и на зарубежном рынках. Этот путь был насыщен сложностями и качественными управленческими решениями, которыми поделится докладчик

От экспериментального программирования к промышленному: путь длиной в 10 лет

Positive Hack Days

Немногие разработчики закладывают безопасность в архитектуру приложения на этапе проектирования. Часто для этого нет ни денег, ни времени. Еще меньше — понимания моделей нарушителя и моделей угроз. Защита приложения выходит на передний план, когда уязвимости начинают стоить денег. К этому времени приложение уже работает и внесение существенных изменений в код становится нелегкой задачей. К счастью, разработчики тоже люди, и в коде разных приложений можно встретить однотипные недостатки. В докладе речь пойдет об опасных ошибках, которые чаще всего допускают разработчики Android-приложений. Затрагиваются особенности ОС Android, приводятся примеры реальных приложений и уязвимостей в них, описываются способы устранения.

Уязвимое Android-приложение: N проверенных способов наступить на грабли

Positive Hack Days

Разработка любого софта так или иначе базируется на требованиях. Полный перечень составляют бизнес-цели приложения, различные ограничения и ожидания по качеству (их еще называют NFR). Требования к безопасности ПО относятся к последнему пункту. В ходе доклада будут рассматриваться появление этих требований, управление ими и выбор наиболее важных. Отдельно будут освещены принципы построения архитектуры приложения, при наличии таких требований и без, и продемонстрировано, как современные (и хорошо известные) подходы к проектированию приложения помогают лучше строить архитектуру приложения для минимизации ландшафта угроз.

Требования по безопасности в архитектуре ПО

Positive Hack Days

Доклад посвящен разработке корректного программного обеспечения с применением одного из видов статического анализа кода. Будут освещены вопросы применения подобных методов, их слабые стороны и ограничения, а также рассмотрены результаты, которые они могут дать. На конкретных примерах будет продемонстрировано, как выглядят разработка спецификаций для кода на языке Си и доказательство соответствия кода спецификациям.

Формальная верификация кода на языке Си

Positive Hack Days

Механизмы предотвращения атак в ASP.NET Core

Positive Hack Days

SOC для КИИ: израильский опыт

Positive Hack Days

Honeywell Industrial Cyber Security Lab & Services Center

Positive Hack Days

Credential stuffing и брутфорс-атаки

Positive Hack Days

Más de Positive Hack Days (20)

Инструмент ChangelogBuilder для автоматической подготовки Release Notes

Как мы собираем проекты в выделенном окружении в Windows Docker

Типовая сборка и деплой продуктов в Positive Technologies

Аналитика в проектах: TFS + Qlik

Использование анализатора кода SonarQube

Развитие сообщества Open DevOps Community

Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...

Автоматизация построения правил для Approof

Мастер-класс «Трущобы Application Security»

Формальные методы защиты приложений

Эвристические методы защиты приложений

Теоретические основы Application Security

От экспериментального программирования к промышленному: путь длиной в 10 лет

Уязвимое Android-приложение: N проверенных способов наступить на грабли

Требования по безопасности в архитектуре ПО

Формальная верификация кода на языке Си

Механизмы предотвращения атак в ASP.NET Core

SOC для КИИ: израильский опыт

Honeywell Industrial Cyber Security Lab & Services Center

Credential stuffing и брутфорс-атаки

Último

Explore 'The Codex of Business: Writing Software for Real-World Solutions,' a compelling SlideShare presentation that delves into digital transformation in healthcare. Discover through a detailed case study how Agile methodologies empower healthcare providers to develop, iterate, and refine digital solutions that address real-world challenges. Learn how strategic planning, user feedback, and continuous improvement drive success in deploying technologies that enhance patient care and operational efficiency. Ideal for healthcare professionals, IT specialists, and digital transformation advocates seeking actionable insights and practical examples of technology making a real difference.

The Codex of Business Writing Software for Real-World Solutions 2.pptx

Malak Abu Hammad

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

Handwritten Text Recognition for manuscripts and early printed texts

Maria Levchenko

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

GenCyber Cyber Security Day Presentation

Michael W. Hawkins

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Delhi Call girls

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Delhi Call girls

How to convert PDF to text with Nanonets

naman860154

A Call to Action for Generative AI in 2024

Results

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Microsoft's Threat Matrix for Kubernetes helps organizations understand the attack surface a Kubernetes deployment introduces to their environments. This ensures that adequate detections and mitigations are in place. By covering over 40 different attacker techniques, defenders can learn about Kubernetes-specific mitigations and controls to deploy to their environments. In this session, we will explore the MS-TA9013 Host Path Mount technique, which is commonly used by attackers to perform privilege escalation in a Kubernetes cluster. Attendees will learn how attackers and defenders can: * Escape the container's host volume mount to gain persistence on an underlying node * Move laterally from the underlying node into the customer's cloud environment * Analyze Kubernetes audit logs to detect pods deployed with a hostPath mount * Deploy an admission controller that prevents new pods from using a hostPath mount

Breaking the Kubernetes Kill Chain: Host Path Mount

Puma Security, LLC

Choosing the right accounts payable services provider is a strategic decision that can significantly impact your business's financial performance and operational efficiency. By considering factors such as expertise, range of services, technology infrastructure, scalability, cost, and reputation, businesses can make informed decisions and select a provider that aligns with their unique needs and objectives. Partnering with the right provider can streamline accounts payable processes, drive cost savings, and position your business for long-term success. https://katprotech.com/accounts-payable-and-purchase-order-automation/

Factors to Consider When Choosing Accounts Payable Services Providers.pptx

Katpro Technologies

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

In an era where artificial intelligence (AI) stands at the forefront of business innovation, Information Architecture (IA) is at the core of functionality. See “There’s No AI Without IA” – (from 2016 but even more relevant today) Understanding and leveraging how Information Architecture (IA) supports AI synergies between knowledge engineering and prompt engineering is critical for senior leaders looking to successfully deploy AI for internal and externally facing knowledge processes. This webinar be a high-level overview of the methodologies that can elevate AI-driven knowledge processes supporting both employees and customers. Core Insights Include: Strategic Knowledge Engineering: Delve into how structuring AI's knowledge base is required to prevent hallucinations, enable contextual retrieval of accurate information. This will include discussion of gold standard libraries of use cases support testing various LLMs and structures and configurations of knowledge base. Precision in Prompt Engineering: Learn the art of crafting prompts that direct AI to deliver targeted, relevant responses, thereby optimizing customer experiences and business outcomes. Unified Approach for Enhanced AI Performance: Explore the intersection of knowledge and prompt engineering to develop AI systems that are not only more responsive but also aligned with overarching business strategies. Guiding Principles for Implementation: Equip yourself with best practices, ethical guidelines, and strategic considerations for embedding these technologies into your business ecosystem effectively. This webinar is designed to empower business and technology leaders with the knowledge to harness the full potential of AI, ensuring their organizations not only keep pace with digital transformation but lead the charge. Join us to map a roadmap to fully leverage Information Architecture (IA) and AI chart a course towards a future where AI is a key pillar of strategic innovation and business success.

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

Earley Information Science

Positive Hack Days. Komarov. SCADA Security Analysis

1. Master class(Positive Hack Days)«Analysis of SCADA security protection» Andrey Komarov(technical manager)

2. SCADA protection analysis – «what for», «how» and «why»? Regulations (USA, СК) Security «Compliance» audit Prevent security incidents in SCADA Detect and specify security threats in SCADA Improvement of software and hardwareсредств Actualize regulation rules Consider attacker’s actions and tendency Improve efficiency of used protection measures

3. Mismatches in regulations

4. All checks and coverage area System software (OS, ОСРВ) SCADA Application software Network software Data transferring channels Hardware

5. Used techniques Application software(SCADA,RTU) System software(OS, ОСРВ) Data transferring channels and techniques(Industrial Ethernet, Modbus, DNP3, Profibus, etc.)

9. Used instruments («Click and Hack» type) «/exploits/scada» «+» «CLICK and HACK» model «-» there are only 5 vulnerabilities «-» limited set of features «SCADA» «+» «CLICK and HACK» model «-» there are only 15 vulnerabilities

10. Used instruments (specialized utilities) Analysis of available NetDDE resources - Neutralbit’snbDDE tool Network DDE (NetDDE) is designed by Wonderware company and is an add-on to MicrosoftWindows DDE that implements data exchangebetween computers in LAN

11. Are there any difficulties? Web application vulnerabilities (SQL-injection) User ID = 1' or 1=(select top 1 password from Users)—Password = blank

12. Active and passive network “secret service” Available resources «The Registered Ports» chapter (Internet Assigned Numbers Authority)ibm-mqisdp 1883/tcpIBM MQSeries SCADAibm-mqisdp 1883/udpIBM MQSeries SCADApnbscada3875/tcpPNBSCADA pnbscada3875/udp PNBSCADA d-s-n 8086/tcpDistributed SCADA Networking Rendezvous Port Active detection - SNMP server scanning results;- detection of solution features (web servers, logged services) Passive detection - interception of network traffic to find specificrequests/responses;(application and network software);- detection of SCADA protocols in available network traffic (DNP3 over an Ethernet, Modbus-TCP);- direct analysis of productive protocols. (by special analyzers, analysis of signal propagation medium).

13. Detected SCASA object - SIEMENS SIMATIC

14. Testing of reliability Stress-test (ICMPPing Flood implementation)– «Reg Tiger Security» #denial of service, then recovery ( idle time - 1 minute)ping -f -s 60601 packets transmitted, 150 packets received, 75% packet loss #denial of service, then recovery (idle time - 1 minute)ping -f -s 600497 packets transmitted, 32 packets received, 93% packet loss #denial of service, without recovery (have to reload)ping -f -s 6000518 packets transmitted, 0 packets received, 100% packet loss #denial of service, without recovery (have to reload)ping -f -s 6000 819 packets transmitted, 0 packets received, 100% packet loss

15.

16. «US Blackout»

17. Borrowed application software components in SCADA

18. Реализация отказа в обслуживании в отношении встроенного WEB-сервера

19.

20. Реализация отказа в обслуживании в отношении встроенного WEB-сервера

21. Реализация отказа в обслуживании в отношении встроенного WEB-сервера

22. Denial of service implementation against imbedded web server

23. Thank you for your attention! http://ITDEFENCE.ruGroup inLinkedIn «Industrial Automation Security»We discuss SCADA security questions

Positive Hack Days. Komarov. SCADA Security Analysis

Recomendados

Recomendados

Más contenido relacionado

Más de Positive Hack Days

Más de Positive Hack Days (20)

Último

Último (20)

Positive Hack Days. Komarov. SCADA Security Analysis