|
PRESENTATION:
|
Workshop: Switches get Stitches
|
|
PRESENTER(S):
|
Eireann Leverett, Senior Consultant for IOActive, and Matt Erasmus, Security Analyst for TicketMaster
|
|
CONFERENCE:
|
44CON
|
|
LOCATION:
|
ILEC Conference Centre in West Brompton, London, UK
|
|
DATE & TIME:
|
September 11, 2014 at 10:30 AM
|
This two-hour workshop will introduce you to Industrial Ethernet Switches and their vulnerabilities. These switches are used in environments with industrial automation equipment, like substations, factories, refineries, and ports; in other words, SCADA and ICS switches. You will become familiar with how these switches are used and do some light traffic analysis and firmware reverse engineering.
During this workshop, Eireann and Matt will discuss several vulnerabilities and share the methods used to discover them as well as techniques for exploitation. While all the vulnerabilities have been responsibly disclosed to ensure vendors could supply patches, this will be the first time they are discussed publicly.
The workshop will end with an opportunity to get your hands dirty with the switches. Whether you’re an expert or new to reverse engineering, experiencing device exploitation with Eireann and Matt is not to be missed.
About Éireann Leverett
Eireann Leverett is a Senior Consultant at IOActive where he focuses on Smart Grid and SCADA systems. He studied Artificial Intelligence (AI) and Software Engineering at Edinburgh University and went on to get his Masters in Advanced Computer Science at Cambridge. He studied under Frank Stajano and Jon Crowcroft in Cambridge’s computer security group. In between, he worked for five years at GE Energy and did a six-month engagement with ABB in their corporate research department.
About Matt Erasmus
Matt Erasmus is a Security Analyst for TicketMaster, a large ticketing company based in the UK. He engages with the business across various levels including Application Security and Incident Response. In his free time he enjoys wrestling malware, RFID and generally learning something he didn’t know the day before.
About 44CON
44CON is an annual Information Security Conference and Training event taking place in London. Designed to provide something for both the business and technical Information Security Professional, 44CON brings the best in international Security training + speaking (as well as the best of local talent) to the UK at a reasonable cost.
44CON provides access to speakers. At the bigger conferences, getting time with top class security speakers is limited. At 44CON, you have great access to speakers, who are all willing to spend time and talk about their work. This is where interesting partnerships can occur.
About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established track record in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.
###
Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github