Designing Exploits & Implants for ICS
It was a pleasure to present our view on designing exploits & implants for industrial control systems at the CheckPoint Research Summit in Las Vegas on February 4th-7th, 2019. During the presentation Jos Wetzels, Principal Consultant and Security Researcher at Secura, provided the audience with a 'through the eyes of the attacker' experience consisting of background on cyber-physical attacks in general and the recent TRITON attack on a petrochemical facility in Saudi Arabia in particular as well as an overview of the general process of reverse engineering and exploiting ICS devices and developing implants and OT payloads.
The growing realization of the importance of ICS security was reflected throughout the conference, with talks by various electric utilities on ICS security challenges and planning for incident response on the power grid as well as vendors of otherwise ‘conventional’ IT security solutions showcasing ICS-focused offerings. In addition, the conference covered a wide range of cyber-security subjects ranging from tracing bitcoin ransomware payments, state-sponsored mobile espionage campaigns in the middle east and hacking Fax machines to discussions on the Russian cyber-criminal underground, mobile Adware and improving the state of reverse-engineering tools.
Questions about ICS security?
Secura understands that the security of ICS is a shared process; therefore, we designed our assessment and certification services to cover all involved parties, from manufacturers to end users. Contact us for more information. Please also find the link to the record of our free webinar: Assessing & Protecting Critical Infrastructure.
Join our free ICS SCADA Red Teaming webinar [NEW]
The 11th of April we will organise a new webinar: ICS SCADA Red Teaming webinar. In this webinar we will discuss red teaming in ICS / SCADA environments by providing an overview of the offensive activities involved while highlighting environment-specific nuances, especially with respect to mission scope, safety concerns and realism. More information and registration: https://www.secura.com/webinar-ics-scada-red-teaming