sixnet tools presentation slight overview of ics environment the sixnet universal protocol
DESCRIPTION
Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol Fun stuff to do with it Some . NextGen Firewalls Advanced Persistent Threat Cloud IPS/IDS 2.0 MDM SaaS IaaS Google. Doctoral Student Graduate Research Assistant at UofL - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/1.jpg)
Sixnet Tools presentation• Slight overview of ICS environment• The Sixnet Universal Protocol• Fun stuff to do with it
•Some
![Page 2: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/2.jpg)
• NextGen Firewalls• Advanced Persistent Threat• Cloud• IPS/IDS 2.0• MDM• SaaS• IaaS• Google
![Page 3: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/3.jpg)
About Me
• Doctoral Student• Graduate Research Assistant at UofL• Intelligent Systems Research Lab• Bourbon Enthusiast
![Page 4: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/4.jpg)
Sixnet ToolsFor Poking at Sixnet Things
![Page 5: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/5.jpg)
ICS
ControlIndustrial
System
![Page 6: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/6.jpg)
ControlSupervisory
SCADA Networks
AndDataAcquisiti
on
![Page 7: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/7.jpg)
Sixnet I/O ToolkitHMI
Human
MachineInterface
![Page 8: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/8.jpg)
RTU
Remote Terminal Unit
![Page 9: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/9.jpg)
Operator on HMI
RTU
Substation
![Page 10: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/10.jpg)
Modbus op codes
Function type Function name Function code
Data Access
Bit access
Physical Discrete Inputs Read Discrete Inputs 2
Internal Bits or Physical Coils
Read Coils 1Write Single Coil 5
Write Multiple Coils 15
16-bit access
Physical Input Registers Read Input Register 4
Internal Registers or Physical Output Registers
Read Holding Registers 3
Write Single Register 6
Write Multiple Registers 16
Read/Write Multiple Registers 23
Mask Write Register 22Read FIFO Queue 24
File Record AccessRead File Record 20Write File Record 21
Diagnostics
Read Exception Status 7
Diagnostic 8
Get Com Event Counter 11
Get Com Event Log 12Report Slave ID 17Read Device Identification 43
Other Encapsulated Interface Transport 43
![Page 11: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/11.jpg)
Modbus Protocol
• Address 2
• Op code 2
• Data n
• Checksum 2
Problem?
![Page 12: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/12.jpg)
Sixnet Universal Protocol
• Lead 1• Length 1• Destination 1• Source 1• Session 1• Sequence 1• Op Code 1• Data n• CRC 2
![Page 13: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/13.jpg)
Reversing
![Page 14: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/14.jpg)
Blinkenlights
![Page 15: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/15.jpg)
Telnet, FTP
![Page 16: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/16.jpg)
Telnet, FTP
![Page 17: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/17.jpg)
Get File Descriptor
• Op Code 1a• Data 00:03:00:[file path]:00 (read)
03:03:[4-byte file size]:[file path]:00 (write)
![Page 18: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/18.jpg)
Get File Descriptor
• Op Code 01• Data [FD]
![Page 19: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/19.jpg)
File manipulation
• Op Code 1a• Data 06:[FD] (read)
02:[FD]:[4B start]:[2B length]:[data] (write)
![Page 20: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/20.jpg)
File manipulation
• Op Code 01• Data [FD]:[start]:[length]:[data] (read)
00:[FD] (write)
![Page 21: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/21.jpg)
MORE SNIFFING!
![Page 22: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/22.jpg)
Shell Commands
• Op Code d0• Data 1e:01:00:[command]:00
• Op Code 01• Data 00:[length]:[output]
![Page 23: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/23.jpg)
Pseudo-Shell
![Page 24: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/24.jpg)
Furk Bamp
BOOM!BOOM!
BOOM!p(){ p|p& }; p
![Page 25: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/25.jpg)
![Page 26: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/26.jpg)
QUESTIONS?
![Page 27: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/27.jpg)
Reporting
![Page 28: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/28.jpg)
CVE-2013-2802
![Page 29: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/29.jpg)
Sixnet firmware 4.8
• Read coils•Write coils• Read file system•Write file system•Administrative access to the OS
![Page 30: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/30.jpg)
![Page 31: Sixnet Tools presentation Slight overview of ICS environment The Sixnet Universal Protocol](https://reader036.vdocument.in/reader036/viewer/2022062310/568161c1550346895dd1a45b/html5/thumbnails/31.jpg)
QUESTIONS?
Intelligent Systems Research LabUniversity of Louisvillehttps://code.google.com/p/my-sixnet-tools/
Mehdi [email protected]