1. Events
  2. Zeronights Moscow 2016
  3. Searching for vulnerabilities in the Computer-Aided Process Control System (CAPCS) with blackbox analysis under tight deadlines
Star 0

Abstract

Modern fuzzing of C/C++ Projects
Speaker: Max Moroz

Fuzz testing is an efficient way to find vulnerabilities. This is a very popular technique among security researchers. Some projects use fuzzing as part of their Continuous Integration systems. It helps to find not only vulnerabilities, but also catch stability issues and other regressions.
Purpose of the workshop is to teach attendees to fuzz different C/C++ projects in an efficient way using the modern tools. During the workshop you will:
– understand the basics of fuzzing;
– write several libFuzzer-based fuzzers for different projects;
– find Heartbleed and other known bugs by yourself;
– learn how to analyze and to improve your fuzzer;
– perhaps find some 0-days ?
Fuzzing experience is not required.

Requirements:
– 2-3 hours
– Linux based OS
– C/C++ (nothing special, but you need to be able to read and write C/C++ code)

Optional requirement: a recent version of clang compiler. Distributions from package managers are too old and most likely won’t work (the workshop called “modern”, right?), you have two options:
– checkout clang repository and build it yourself
– checkout Chromium repository and use the binaries located at src/third_party/llvm-build/Release+Asserts/bin/
Those binaries will be provided as the workshop materials, but if you don’t want to run untrusted binaries, please consider one of the options above.

Reverse engineering of binary data files using Kaitai Struct
Speaker: Mikhail Yakshin

The workshop will be about clean-room reverse engineering of unknown file formats. With some examples (from simple to complicated), we will discuss the usage of Kaitai Struct for quick formulation and testing of hypotheses re file format. We will go from software installation up to coding ready-to-use utilities applicable to the file formats on C++, C#, Java, JavaScript, Perl, PHP, Python, and Ruby, and will also review container formats, file systems, firmware formats, bite-code and many others.

Searching for vulnerabilities in the Computer-Aided Process Control System (CAPCS) with blackbox analysis under tight deadlines
Speaker: Boris Savkov

During the workshop we will review the search for vulnerabilities in CAPCS components, when nothing is known about SCADA and/or PLC firmware. In other words, when the analysis is based solely on the analysis of traffic and typical CAPCS vulnerabilities. The search for vulnerabilities will be demonstrated on a CAPCS mockup. Participants will be offered to search for vulnerabilities in a specially designed platform Available SCADA which contains typical vulnerabilities of a workstation at industrial enterprises.

Requirements:
We’ll provide a virtual machine, in OVA format