0x03 Serial Killer
Veröffentlicht am 2018-11-22 16:00:30 +0000Download: Opus, OGG Vorbis oder MP3
In dieser Folge unterhalten wir uns über Florians Vortrag auf der Hack.lu 2018. In seinem Vortrag zeigt er einige Schwachstellen von sogenannten Serial Devicer Servers und erzählt wo diese Geräte überall eingesetzt werden.
- Segfault.fm Episode 0x01 ACM WiSec
- Homepage der Hack.lu 2018
- CIRL.lu: Computer Incident Response Center Luxembourg
- WP: Capture the Flag
- CTF Time
- Serial-Killer: Security Analysis of Industrial Serial Device Servers
- Slides (PDF)
- Aufzeichnung des Talks von der Hack.lu
- WP: RS-232
- WP: RS-422
- WP: RS-485
- Digi - Tank Monitoring Products
- Lantronix EDS-MD
- WP: Hackerangriff auf die ukrainische Stromversorgung 2015
- Whitepaper: Analysis of the Cyber Attack on the Ukrainian Power Grid
- WP: Supervisory control and data acquisition (SCADA)
- WP: H. D. Moore
- Serial Offenders: Widespread Flaws in Serial Port Servers
- Internet Census 2012
- 34C3: SCADA - Gateway to S(hell) von Thomas Roth
- The ZMap Project
- Censys.io
- Shodan.io
- CVE-2016-9366 — Bruteforce attack against the session ID
- CVE-2017-14028 — TCP SYN flooding on Moxa NPort 5110/5130 devices
- WP: SYN flood
- CVE-2017-16715 — Exposing kernel memory by Etherleaking
- EtherLeak: Ethernet frame padding information leakage
- RFC 894 — A Standard for the Transmission of IP Datagrams over Ethernet Networks
- CVE-2017-16719 — TCP Initial Sequence Number (ISN) prediction
- WP: TCP sequence prediction attack
- Teardown: Moxa NPort 5110 Serial Device Server
- WP: Wired Equivalent Privacy (WEP)
- Lantech IDS-2102
- CVE-2018-8869 — Several cross-site scripting vulnerabilites
- WP: Cross-Site Scripting
- Binwalk: Firmware Analysis Tool
- Ser2Net — Serial to Network Proxy
- Radare2 — Portable Reversing Framework
- QEMU — Generic and Open Source machine emulator and virtualizer
- CVE-2018-8865 — a stack-based buffer overflow vulnerability
- ICS-CERT — Industrical Control Systems Cyber Emergency Response Team
- Securityweek.com — Moxa NPort Devices Vulnerable to Remote Attacks
- Securityweek.com — Unpatched Flaws Expose Lantech Industrial Device Servers to Attacks