The higher number of small and large-scale installations combination with easily exploitable vulnerabilities leads to a stronger exposure of building automation systems, which are often overlooked.
Even worse, an adversary understanding the usage of regular building automation protocol functions for malicious purposes may not only create chaos within the breached building but can potentially even peak into internal networks over building protocols which are otherwise not reachable.
While it is certainly a valid exercise to benchmark a cybersecurity program against a framework, such as NIST, these paper-work efforts articulate the To truly test the effectiveness of an organization's detect and response capabilities to a cyberattack, it's necessary to provide a sparring partner.
This session will discuss the process of cycling the SOC and IR team through a realistic adversary simulation (from a prepared red team), and then observing the organization's response, from the eyes of an experienced blue team.
How do we foster intelligent discussion of real-world trade-offs while avoiding sensationalism?These attacks can randomly choose victims or target a given victim.We verified these attacks with our own phones in operators' network in a small controllable scale.We propose a new exploit technique that brings a whole-new attack surface to bypass SSRF (Server Side Request Forgery) protections.This is a very general attack approach, in which we used in combination with our own fuzzing tool to discover many 0days in built-in libraries of very widely-used programming languages, including Python, PHP, Perl, Ruby, Java, Java Script, Wget and c URL.