13:15 - 13:55
Omar Morando - How to Break the Modbus Protocol and Cause a PLC DoS
How secure is an industrial system? And how difficult is it to be able to attack him? These are some of the questions I will try to answer in this talk.
I will explain how to attack an OT system composed of PLC and SCADA by exploiting the vulnerabilities of the Modbus protocol, until generating a DoS of the control PLC. Physically I will have a simulator of a plant, a PLC and an HMI system: the demo consists in showing how with Python scripts it is possible to carry out a Man-in-the-Middle attack, data dumping, flooding attack on the plant and DoS of the PLC. All done live.
14:00 - 14:20
Dániel Zentai - Multiparty Pseudonymization and Anonymization
Anonymization and pseudonymization may look like very similar concepts, but according to GDPR, it is not the case. Pseudonymized data can be recovered using some secret information (e.g. a decryption key), anonymized data on the other hand cannot be recovered under any circumstances. In this talk, we will examine a hash-based anonymization protocol and a public key encryption-based pseudonymization protocol.
14:25 - 15:05
József Ottucsák - Hackable Synthesizers
In this talk, we will explore the mysterious world of hackable synthesizers and music-focused development boards. We will discuss how these platforms differ from traditional instruments, and provide an overview of some of the most popular devices on the market.
We will delve into the unique features of these platforms, how they work and what you can do with them. We will examine how these devices can be used to create your own sound processors and synthesizers to create unique sounds and instruments.
Throughout the talk we will show you how to get started, what the most popular languages and platforms are. If you are a hacker who is passionate about music, hardware or coding, this talk is for you.
15:05 - 15:20
15:20 - 16:00
Imre Rad - Parser Differentials
Parsing a message in a structured format sounds fairly straightforward, doesn’t it? This talk is about raising awareness about the hidden threat of parser differentials: when two (or more) different parsers interpret the very same input message differently. Such anomalies may have security consequences, even for well-understood and relatively simple formats such as JSON. As security researchers, we are interested in identifying pairs of parsers that behave inconsistently for the same input - or in short, finding the attack primitives. Fuzzing is indeed for the rescue once again - however, standard tools and techniques don’t apply here very well. This talk will be covering the various technical challenges: like how to fuzz multiple parsers in parallel effectively and how to classify the results with automation. Showcasing some interesting JSON differentials!
16:05 - 16:25
Benedek Szabó - Pocket Threat Modeling
Have you ever heard someone say, "that's not part of my threat model" and wondered what it means? A threat model is simply identifying and evaluating potential dangers to a system, process, or even a person.
However, creating a threat model can be daunting, especially when it comes to personal security. Most people don't think about it outside of work, and even professionals can find the formal methodologies overwhelming. It’s easy to get disillusioned as soon as you try to map having a dog to STRIDE.
This is where Benedek comes in. He faced the same challenges when trying to improve his own security and help his friends and family do the same.
In his presentation, he will walk you through the process of building your own personal "Pocket Threat Model", which will help you identify and reduce potential risks. He'll show you how to start with the basics, such as identifying your assets (e.g., your devices, accounts, and personal information) and assessing their value and importance to you. Then, he'll guide you through expanding your scope to consider potential threats, assess exposure and find countermeasures.
16:30 - 17:10
Omkar Joshi - Pwning into Power System Center
Power system application is core of the entire power station eco-system. With this application anyone (with desired access) can modify stations parameters, can add station, can shut down stations or power itself etc. With this application we can control devices connected, automated baseline monitoring, remote access control, and automatic scheduled password changes, ultimately entire device management for most of the Scada.
What if this application gets pwned? What if the application has bunch of vulnerabilities? What if attacker gets hold on the application and can shut down power stations? What if attacker can mess with the sub-stations and devices?
We’re going to talk about – how attacker can intrude into environment and mainly pwn the power system application which ultimately will lead to take control of the devices, stations, entire power system etc.
We’re going to discuss about our recent Red Team engagement in which we’ve hacked into the power system application and were able to do plenty of malicious activities.
We’ll talk about several vulnerabilities which we found in one of the well-known Power System Application and they’ve compatibility with almost every manufacture and this is used in various SCADA organizations to connect the OT devices, centralized monitoring, management / administration of OT platforms.
Final notes, we’ll talk about industry standard best practices, approach towards having zero trust and defense in depth
17:15 - 17:20
Attila Marosi-Bauer - Closing Notes