[November 25, 2015]
SCADA Cyber Security
Speaker: Asem Ghaleb
Date: Wednesday November 25th, 2015
Time: 2pm
Location: 22-132
Summary: SCADA (Supervisory Control and Data Acquisition) systems which
are in charge of controlling and monitoring industrial processes and critical
infrastructures (e.g. electricity generation, gas production, water
distribution) are being increasingly targeted by cyber attacks. Such attacks
continue to increase in intensity, frequency, and complexity. Consequences of
such attacks range from small operations disturbance to loss of human lives.
Analyzing the security of SCADA systems and designing appropriate security
solutions is, consequently, an absolute necessity, in particular, in the Gulf
region. Security testing on live SCADA systems, however, is not practical due to
the delay and disturbance that it can inject in systems which are supposed to
work 24/24, 7/7.
In this seminar, we present SCADA-SST, a SCADA Security Testbed designed and
implemented in the context of an NSTIP project. The SCADA-SST is a test platform
allowing to simulate almost any SCADA system architecture. The SCADA-SST is
designed mainly for security testing allowing to simulate SCADA attacks and
evaluate protection solutions. SCADA-SST allows hybrid architectures involving
simulated hosts as well as physical components (PLCs, RTUs, etc.).
SCADA-SST allowed us to test successfully a set of serious network attacks on a
physical PLC (Siemens S7-400) including a command replay attack. A live demo of
this attack will be presented in the seminar using a physical PLC.
[October 14, 2015]
From Exploit to Metasploit
Speaker: Dr. Sami Zhioua
Date: Wednesday October 14th, 2015
Time: 2pm
Location: 22-119
Summary: An exploit is a piece of software or a sequence of commands that
takes advantage of a vulnerable machine. Exploits can be written in any
programming or scripting language (c, python, perl, ruby, etc.). However, a
common template (language-independent) has been introduced through the
Metasploit framework and is becoming the de-facto standard to write exploits. In
this seminar, we describe the full process used by penetration testers to
discover a vulnerability, write an exploit and convert it to a metasploit
module.