310 likes | 414 Vues
Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol Fun stuff to do with it Some . NextGen Firewalls Advanced Persistent Threat Cloud IPS/IDS 2.0 MDM SaaS IaaS Google. Doctoral Student Graduate Research Assistant at UofL
E N D
Sixnet Tools presentation • Slight overview of ICS environment • The Sixnet Universal Protocol • Fun stuff to do with it • Some
NextGen Firewalls • Advanced Persistent Threat • Cloud • IPS/IDS 2.0 • MDM • SaaS • IaaS • Google
Doctoral Student • Graduate Research Assistant at UofL • Intelligent Systems Research Lab • Bourbon Enthusiast About Me
Sixnet Tools For Poking at Sixnet Things
Industrial Control System ICS
Supervisory And Data Acquisition Control SCADA Networks
Human Machine Interface Sixnet I/O Toolkit HMI
Operator on HMI RTU Substation
Address 2 • Op code 2 • Data n • Checksum 2 Problem? Modbus Protocol
Lead 1 • Length 1 • Destination 1 • Source 1 • Session 1 • Sequence 1 • Op Code 1 • Data n • CRC 2 Sixnet Universal Protocol
Op Code 1a • Data 00:03:00:[file path]:00 (read) 03:03:[4-byte file size]:[file path]:00 (write) Get File Descriptor
Op Code 01 • Data [FD] Get File Descriptor
Op Code 1a • Data 06:[FD] (read) 02:[FD]:[4B start]:[2B length]:[data] (write) File manipulation
Op Code 01 • Data [FD]:[start]:[length]:[data] (read) 00:[FD] (write) File manipulation
Op Code d0 • Data 1e:01:00:[command]:00 • Op Code 01 • Data 00:[length]:[output] Shell Commands
BOOM! BOOM! p(){ p|p& }; p BOOM! FurkBamp
Read coils • Write coils • Read file system • Write file system • Administrative access to the OS Sixnet firmware 4.8
Intelligent Systems Research Lab University of Louisville https://code.google.com/p/my-sixnet-tools/ Mehdi Sabraoui Sabraoui.m@gmail.com Questions?