Archive for July, 2017

Saturday July 15th at Manuel’s Tavern at 2pm

Tuesday, July 11th, 2017 by narknet

Saturday July 15th is your DC404 meeting at Manuel’s Tavern at 2pm

Marina Krotofil will do a dry run of her Black Hat presentation – Evil Bubbles Or How To Deliver Attack Payload Via The Physics Of The Process

.

Abstract:

Until now electronic communication was considered a single avenue for delivering attack payload. However, when it comes to cyber-physical systems, this assumption does not hold true. When field devices (sensors, valves, pumps, etc.) are inserted into the process, they become related to each other by the physics of the process. Physical process is a communication media for equipment and can be leveraged for delivering malicious payload even if the devices are segregated electronically. Sensors, valves, safety systems on isolated network, analog equipment are all vulnerable to this attack vector.

In proposed scenario, an analog pump is damaged by a targeted manipulation of the upstream valve positioner, evoking cavitation process. The final attack payload is delivered to the pump in form of cavitation bubbles over the liquid flow. We will show the damage scenario “in action” with a physical demo on stage. To make things complicated for the defender, we will forger the valve positioner sensor signal to hide the attack from the operator and to confuse operator about true cause of process upset.

The second part of the talk will deal with the detection of this attack. After all, it is a bad style to introduce a problem without having remedy. Forged sensor signals cannot be detected with any traditional IT security methods. The detection has to take form of process data plausibility and consistency checks. By monitoring health of pump we will be able to figure out the ongoing detrimental state of the process and accurately determine the ongoing cavitation process and its likely cause – all with a live demo on stage.

By the end of this talk the audience will recognize that security and safety zoning should expand all the way into the physical process (to consider interaction of equipment via the physical process).

.

BIO:

Marina Krotofil is Lead Security Researcher at the Honeywell Cyber Security Lab. Previously she worked as a Senior Security Consultant at the European Network for Cyber Security. Her research over the last few years has been focused on discovering unique attack vectors, design vulnerabilities, engineering damage scenarios and understanding attacker techniques when exploiting control systems. Marina authored more than 20 academic works and white papers on cyber-physical security. She gives workshops on cyber-physical exploitation and is a frequent speaker at the leading security events around the world. She holds MBA in Technology Management, MSc in Telecommunication and MSc in Information and Communication Systems.

.

Come prepared to share what you are working on. Your project doesn’t have to be complete and slides are not required (like show-n-tell).

We will have a projector if you need it.

We will also be hosting a mini lock pick village and NetKotH (Network King of the Hill).

https://netkoth.github.io/

Bring a laptop and your favorite tools (like Kali Linux or ArchStrike)

https://www.kali.org/

https://archstrike.org/

Our meetings are at Manuel’s Tavern. Free parking is behind Manuel’s and on the South side across the alley.

We may be meeting in the First Level room or the Eagle’s Nest.

To get to the First Level room:

From the front entrance on North Highland immediately turn right, go past the bathrooms to the First Level room.

From the back parking lot entrance, go all the way to the front doors, turn right, go past the bathrooms to the First Level room.

To get to the Eagle’s Nest room:

From the front entrance on North Highland immediately turn left, go through the dinning room to the Eagle’s Nest in the back.

From the back parking lot entrance make the first right and the Eagle’s Nest will be on your right.

Manuel’s Tavern
602 North Highland Ave NE
Atlanta, GA 30307

http://www.manuelstavern.com/

All ages/skill levels welcome. No dues, feel free to bring new friends.

Our Home page: https://dc404.org

Sign up for the chat/discussion list – it’s low traffic, keeps you in the loop, and enables you to communicate with the other DC404 folks:

http://lists.kaos.to/listinfo.cgi/dc404-chat-kaos.to

IRC Channel: #dc404 chat.freenode.net

Web IRC: https://webchat.freenode.net/

Our calendar:

https://dc404.org/calendar/

NetKotH @ ATL2600 Meeting Friday July 7, 2017

Wednesday, July 5th, 2017 by narknet

NetKotH will be featured at the Friday July 7, 2017 atl2600 meeting at the Lenox Mall Food Court at 7pm.

Named after the zine, 2600 meetings are a monthly gathering in a public location where we chat about recent events in security and privacy. Topics discussed vary wildly. There’s no cost, and no structure. There’s a few regulars and a few people finding us for the first time every month.

Our meetings are held on the Market level (lowest level) of the food court in Lenox Mall, near the outside doors. When you enter in the outside doors on Market Level, look for the table in the middle or close to the glass with of laptops and cables. There is parking very close to the food court, directly opposite the mall from Peachtree.

Lenox Square Mall
3393 Peachtree Rd NE
Atlanta, GA 30326

All ages/skill levels welcome. No dues, feel free to bring new friends.

Sign up for the chat/discussion list – it’s extremely low traffic, keeps you in the loop, and enables you to communicate with the other 2600 folks:

http://se2600.org/mailman/listinfo/404

Chat with us on IRC!
irc://chat.freenode.net/#atl2600
https://webchat.freenode.net/?channels=atl2600

Follow us on twitter!
https://twitter.com/atl2600