Sophisticated attacks on operational technology (OT) require a unique tactic known as ‘process comprehension’, which helps adversaries understand how the OT and physical process are configured. Process comprehension is complex, requiring the exfiltration of a large range of data, and perhaps even physical infiltration of the victim. In this talk we’ll present a novel living off the land technique to perform process comprehension at a significantly reduced cost, over the network, while being extremely challenging to detect. We’ll then expand on this technique to show how it can be used for precise process manipulation and establishing PLC memory as a C2 conduit that breaks best practice network segregation. Finally, we’ll conclude the talk with a few words on the responsible disclosure process.
Talk
Living off the Land and Attacking Operational Technology with Surgical Precision
April 26, 17:00 (CLOUD)
Speaker
Ric Derbyshire
Ric is a Senior Security Researcher at Orange Cyberdefense and an Honorary Researcher at Lancaster University, where he obtained his PhD in computer science. His research involves a pragmatic and practically applicable approach to both offensive and defensive elements of cyber security, with a focus on operational technology, critical national infrastructure, novel attack techniques, and quantitative cyber risk assessment.
