FoxGuard Solutions

Cyber Security for Critical Control Systems

FoxGuard Solutions

Hacking Tools DemoMonta Elkins, Security Architect

➲ Security Research➲ New Attacks➲ Training Classes➲ Conference Talks➲ New Product Creation➲ Industry Requirements

4

Cyber Threats

● If you don't think you are under attack, its likely because your security logging is inadequate

5

My Target

● Stark Industries Arc Reactor

● Smallest Generator in the known universe

● Fits on a tabletop

● 1.21 GigaWatts power output!

● Simple HMI control

6

Site Recon

● Can disclose useful site information

● Locations, names, equipment used

7

Silent Recon

● Open sources like Wikipedia

● Archive.org

● Can be used for password guessing without ever contacting the site

8

Gaining Initial Access● Cell Phone

● Thumb Drive

● Email Attachments

● Updates or Documentation

● Web pages

● Social Engineering

● Pivoting from Corporate etc.

9

Begin Live Demo

● Start of live execution of hacker tools and techniques

10

Network Scanning

● Selected 192.168.1.0/24

● Devices found

● Ports open

● Opportunities

11

Device with Web page

● Interesting Device

12

Password Guess Selection

● Chose the 50 most common words on the web page

● Add the digits 1 through 9 to the end of each

● Try each password on each account

StarkIndustriesLaytonStaneDavidFujikawaObadiahStaffFebruaryEnterprisesUltimateRhodesHowarddeathSecurityPepperJamesHappy...

13

Xhydra Selection

●Select a target

● ip`s

● Service

●Select Accounts

●Select Password

14

xHydra

● Select a target

● Password guessing attempts

● Login found

15

Telnet Using Credentials Found

● Telnet 192.168.1.5

● Username: tstark

● Password: Pepper1

● Successful Login

16

Choosing a Secure Password

17

Password Sniffed

● Even complex passwords are no protection against sniffing

● grep password\=

18

HMI Interface

19

Armitage for Metasploit

● Scan and attack devices on the network

● Selection a scan range

● 192.168.1.0/24 in this case

20

Armitage Scanning

● Scan a device

● Launch an appropriate attack

21

Armitage Successful Attack

● Attack Successful

● Window XP with out-of-date patches

● Exploits a stack buffer overflow in the RPCSS service

● This module can exploit the English versions of Windows NT 4.0 SP3-6a, Windows 2000, Windows XP, and Windows 2003

22

VNC Control

●Attack allows VNC control of HMI (similar to Remote Desktop)

●Shutdown the generator

●Or drop the oil pressure and let it run- attacker's choice

23

Prevention

● Firewalling

● Security Information and Event Logging and alerts (SIEM )

● Patching & Anti-Virus

● Shutdown of unneeded ports and services

24

Questions

FoxGuard Solutions

Monta Elkins, Security Architectmelkins@foxguardsolutions.com