![]() We worked on this complex research very closely with Siemens and its now fully disclosed and fixed (TIA v17 implements a full-blown TLS management system)! Amazing research by our Tal Keren #team82 Claroty research team. We can finally disclose that we have extracted Siemens SIMATIC S7-1200/1500 private keys□. ![]() The research resulted in working PoCs against ICS market leaders which fixed all the reported vulnerabilities and remediated the attack vector. Then we will describe how we conceptualized, developed, and implemented different techniques to weaponize a PLC in order to achieve code execution on an engineer’s machine. We will describe how engineers diagnose PLC issues, write code, and transfer bytecode to PLCs for execution with industrial processes in any number of critical sectors, including electric, water and wastewater, heavy industry, and automotive manufacturing. ![]() But what if the PLC wasn’t the prey, but the predator? This presentation demonstrates a novel TTP called the "Evil PLC Attack", where a PLC is weaponized in a way that when an engineer is trying to configure or troubleshoot it, the engineer’s machine gets compromised. These days, Programmable Logic Controllers (PLC) in an industrial network are a critical attack target, with more exploits being identified every day. My DEFCON 30 talk "Evil PLC Attack - Weaponizing PLCs" is finally available online.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |