Become an AI & ML Engineer with Cal Poly EPaCE — IBM-Certified Training
Get 20% off all career paths from fullstack to AI
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Explore a novel exploitation vector in industrial controllers during this Black Hat conference talk. Delve into how PLC programming practices, user APIs, and memory allocation for function blocks from Library Functions create vulnerabilities in control logic. Learn about automated enumeration techniques, identification of key infrastructure configuration parameters, and process control variable manipulation for targeted attacks. Discover how allocated but unused memory can be leveraged to establish covert C2 channels, enabling attackers to run security tools, exfiltrate data, and execute high-precision cyber-physical attacks on previously inaccessible network segments. Presented by Marina Krotofil and Ric Derbyshire, this 37-minute talk offers valuable insights into modern industrial control system security challenges rooted in legacy design principles.
Syllabus
Greetings from the '90s: Exploiting the Design of Industrial Controllers in Modern Settings
Taught by
Black Hat