Project Basecamp at S4 – Dale Peterson: ICS Security Catalyst

This morning, at our S4 Conference, Reid Wightman gave a detailed two-hour presentation on the Project Basecamp results. Project Basecamp had six great researchers looking for vulnerabilities in six different PLC’s / field devices, and the PLC’s took a beating. There were backdoors, weak credential storage, ability to change ladder logic and firmware, command line interface, overflows galore, TFTP for important files and so much more.

Digital Bond’s S4 has us flat out this week, but we will be blogging in detail on this next week, but here are some of the Basecamp basics.

The Basecamp team:

  • Reid Wightman (project lead)
  • Dillon Beresford
  • Jacob Kitchel
  • Ruben Santamarta
  • Anonymous Researcher 1
  • Anonymous Researcher 2

The devices:

  • Control Microsystems SCADAPack (bricked early on)
  • General Electric D20ME
  • Koyo / Direct LOGIC H4-ES
  • Rockwell Automation / Allen-Bradley ControlLogix
  • Rockwell Automation / Allen-Bradley MicroLogix
  • Schneider Electric Modicon Quantum
  • Schweitzer SEL-2032

The results:

The Basecamp Tools:

As we have said in earlier blogs, we are hoping that Project Basecamp will be a Firesheep moment for PLC’s. To that end we are working with Rapid 7 to release Metasploit modules for the Basecamp vulnerabilities. There is a press release out now that announces the GE D20 Password Retrieval module available today, and a number of other Basecamp modules in process and for release soon.

We have also worked with Tenable Network Security to create Nessus and PVS plugins. A joint press release went out today at 11AM and the plugins are available in the Nessus feed.

Thanks to Basecamp team who volunteered many hours, including Reid who seemed to be working about 20 hours a day the last few weeks.

Source URL: Read More
The public content above was dynamically discovered – by graded relevancy to this site’s keyword domain name. Such discovery was by systematic attempts to filter for “Creative Commons“ re-use licensing and/or by Press Release distributions. “Source URL” states the content’s owner and/or publisher. When possible, this site references the content above to generate its value-add, the dynamic sentimental analysis below, which allows us to research global sentiments across a multitude of topics related to this site’s specific keyword domain name. Additionally, when possible, this site references the content above to provide on-demand (multilingual) translations and/or to power its “Read Article to Me” feature, which reads the content aloud to visitors. Where applicable, this site also auto-generates a “References” section, which appends the content above by listing all mentioned links. Views expressed in the content above are solely those of the author(s). We do not endorse, offer to sell, promote, recommend, or, otherwise, make any statement about the content above. We reference the content above for your “reading” entertainment purposes only. Review “DMCA & Terms”, at the bottom of this site, for terms of your access and use as well as for applicable DMCA take-down request.

1 2

Share