POSITIVE HACK DAYS



ORGANIZER

Program

Hacker-machine interface

Want to visit   +51

Authors: Brian Gorenc and Fritz Sands

This talk covers an in-depth analysis performed on a corpus of 200+ confirmed SCADA and HMI vulnerabilities. It details out the popular vulnerability types discovered in HMI solutions developed by the biggest SCADA vendors, including Schneider Electric, Siemens, General Electric, and Advantech. It studies the weaknesses in the technologies used to develop HMI solutions and describes how critical vulnerabilities manifest in the underlying code. The talk will compare the time-to-patch performance of various SCADA vendors, and provide a comparison of the SCADA industry to the rest of the software industry. Additional guidance will be provided to SCADA developers and operators looking to reduce the available attack surface along with a prediction on what we expect next in attacks that leverage SCADA and HMI vulnerabilities.

  • Language
  • English

Brian Gorenc
A senior manager of Vulnerability Research at Trend Micro. He leads the Zero Day Initiative (ZDI) program, which represents the world's largest vendor-agnostic bug bounty program. His focus includes analyzing and performing root-cause analysis on hundreds of zero-day vulnerabilities submitted by ZDI researchers from around the world. The ZDI works to expose and remediate weaknesses in the world's most popular software. He is also responsible for organizing and adjudicating the ever-popular Pwn2Own hacking competitions.

Fritz Sands
A security researcher with Trend Micro's Zero Day Initiative. In this role, he analyzes and performs root-cause analysis on vulnerabilities submitted to the ZDI program, which is the world's largest vendor-agnostic bug bounty program. Also focuses on writing tools to perform static and dynamic analysis for discovering vulnerabilities. Prior to joining the ZDI in 2014, was in Microsoft's Trustworthy Computing and Secure Windows Initiative operations where he audited Windows code and developed dynamic analysis tools, and before that he was a system developer for multiple iterations of Microsoft Windows.

Brian Gorenc and Fritz Sands Brian Gorenc and Fritz Sands

Back to the list