OPERATION: Poison Supply Chain

• Monta Elkins: FoxGuard Security Architect & Hacker-in-Chief

Date: June 25, 2020

https://attendee.gotowebinar.com/register/7609698392797651216?source=HmPg

Description: 

In October 2018, it was reported that a Chinese supply-chain attack had added non-spec chips to Supermicro motherboards used in servers for Amazon, Apple, and more than 20 other companies to monitor activity, exfiltrate data and potentially control them.

In this session Monty will recount how he replicated the attack, building and installing an implant chip on an industry-standard firewall, allowing the creation of privileged accounts, network access, and covert notification of successful compromise, all on a shoestring budget.

​

This talk will lead the audience through the chip selection process, the tools required to develop the attack (both hardware and software), and their use.  Discussion will include possible defenses and how to decide if you should be concerned about this class attack in your environment. While the attack demonstration will use a standard firewall, Monty will also explain how the techniques can be used on a variety of I.T. and O.T. equipment.

​

More about Monta: 

​

Register now at: https://attendee.gotowebinar.com/register/7609698392797651216?source=HmPg

OPERATION: Operator Jail Breakout

• Dieter Sarrazyn - SECUDEA: Founder, SCADA/ICS/OT security consultant

• Frank Lycops - Asvalis: Security Consultant

Date: May 28, 2020

https://attendee.gotowebinar.com/register/9218993088507324685

Description: Operator stations are one of the first systems/stations to interact with a distributed control system (DCS) or other industrial control systems. These operator stations often have some protection built in to restrict what the operator can do within the SCADA software and/or on the operating system itself. Within this session, we will show and explain some of the most easily discovered ways to set up operator jails and how these can be (ab)used to gain a further foothold within the environment.

​

Attendees will learn more on the shortcomings of most operator jail solutions and what could be done to step up this game to secure this properly. A key takeaway obtained by attendees through this session is that operator jails cannot be assumed to prevent attackers from gaining access to the operating system itself and, thus, potentially exploiting the whole DCS environment.

Palo Alto Networks SPONSORED

Under Pressure: Establishing Secure Remote Access into ICS/OT Networks

• Lieuwe Jan Koning - On2IT: Founding Partner, Chief Technical Officer

• George Cordeiro - Palo Alto Networks: Cyber-security Solutions Manager, Accenture Partnership

• Dharminder Debisarun - Palo Alto Networks: Industry Security Architect for Transport (Automotive, Airlines and Railway), Internet of Things, Manufacturing

Date: May 14, 2020

https://attendee.gotowebinar.com/register/535132715813099533

Description: Establishing secure remote access into industrial control systems, operational technology and IT environments has long been an ongoing effort for many of us, and the current shelter-in-place and work-from-home orders under which much of the world is now functioning has greatly ratcheted up the demand to make this happen yesterday. 
Part of the security equation involves how operational assets are accessed and managed and how the cyber security posture of IT and OT can be impacted if the management of remote access is not understood by business or is conducted poorly.
Companies of all sizes are struggling to adapt to telework demands, facing challenges of limited bandwidth, un- or insufficiently-vetted devices, workforce training needs and, in many settings, regulatory compliance requirements. 
 
Join the discussion with our panel of subject matter experts to learn how they and their clients have addressed these demands in the past for example Zero Trust Security principles for OT and IT , when time was less pressured, and what they recommend for current conditions. 

Recording Now Available