PLC-BLASTER

Recommendations

Info

Fun with Attribute Blocks III ● ● ● Some attribute blocks can be left out You don't need to ship your worm's source code Reduce the amount of data Black Hat Asia 2016: PLC-Blaster 28
Implement the Worm ● ● ● ● ● Implement the worm using TIA: – connection setup – Anti-replay-protection – Create empty data blocks for messages Transfer the worm to the PLC with TIA and capture pcaps Retrieve the messages from the pcaps Store the messages in the empty DBs Inject the worm with your own tool Black Hat Asia 2016: PLC-Blaster 29
Page 1 and 2: PLC-BLASTER A Worm Living Solely in
Page 3 and 4: S7-1211 ● ● ● ● ● Built f
Page 5 and 6: Program Organization Blocks ● OB
Page 7 and 8: Worm ● ● ● ● Target discove
Page 9 and 10: Target Discovery II IF "data".con_s
Page 11 and 12: Worm ● ● ● ● Target discove
Page 13 and 14: Protocol Analysis I ● S7CommPlus
Page 15 and 16: Protocol Analysis III Message 1: Co
Page 17 and 18: Attribute-Blocks II Datatype Attrib
Page 19 and 20: Anti-Replay Mechanism Message 2: Co
Page 21 and 22: Transfer a Program Message: Downloa
Page 23 and 24: Fun with Attribute Blocks I ● Dat
Page 25 and 26: Fun with Attribute Blocks I ● ●
Page 27: Fun with Attribute Blocks II ●
Page 31 and 32: Activation ● ● ● ● OB (Orga
Page 33 and 34: Payloads ● ● ● DoS Arbitrary
Page 35 and 36: Demonstration Attacker Injection C&
Page 37 and 38: Demonstration Attacker C&C Server C
Page 39 and 40: Impact on the PLC II ● Memory usa
Page 41 and 42: Persistence & Identification ●
Page 43 and 44: Black Hat Asia 2016: PLC-Blaster 43
Page 45 and 46: Knowhow Protection ● ● ● Prev
Page 47 and 48: Knowhow Protection III ● ● Key
Page 49 and 50: Copy Proection ● ● ● ● ●
Page 51 and 52: Improvements & Recommendations ●
Page 53 and 54: Test Test Siemens● S7-1200 Ja Ja
Page 55 and 56: Test Test Leading Vendors Supportin
Page 57: Q&A http://opensource-security.de i

PLC-BLASTER

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?