➲ Security Research➲ New Attacks➲ Training Classes➲ Conference Talks➲ New Product Creation➲ Industry Requirements
4
Cyber Threats
● If you don't think you are under attack, its likely because your security logging is inadequate
5
My Target
● Stark Industries Arc Reactor
● Smallest Generator in the known universe
● Fits on a tabletop
● 1.21 GigaWatts power output!
● Simple HMI control
7
Silent Recon
● Open sources like Wikipedia
● Archive.org
● Can be used for password guessing without ever contacting the site
8
Gaining Initial Access● Cell Phone
● Thumb Drive
● Email Attachments
● Updates or Documentation
● Web pages
● Social Engineering
● Pivoting from Corporate etc.
12
Password Guess Selection
● Chose the 50 most common words on the web page
● Add the digits 1 through 9 to the end of each
● Try each password on each account
StarkIndustriesLaytonStaneDavidFujikawaObadiahStaffFebruaryEnterprisesUltimateRhodesHowarddeathSecurityPepperJamesHappy...
15
Telnet Using Credentials Found
● Telnet 192.168.1.5
● Username: tstark
● Password: Pepper1
● Successful Login
19
Armitage for Metasploit
● Scan and attack devices on the network
● Selection a scan range
● 192.168.1.0/24 in this case
21
Armitage Successful Attack
● Attack Successful
● Window XP with out-of-date patches
● Exploits a stack buffer overflow in the RPCSS service
● This module can exploit the English versions of Windows NT 4.0 SP3-6a, Windows 2000, Windows XP, and Windows 2003
22
VNC Control
●Attack allows VNC control of HMI (similar to Remote Desktop)
●Shutdown the generator
●Or drop the oil pressure and let it run- attacker's choice
23
Prevention
● Firewalling
● Security Information and Event Logging and alerts (SIEM )
● Patching & Anti-Virus
● Shutdown of unneeded ports and services