Master Serial Killer

BSidesLV 2014

Presented by: Chris Sistrunk
Date: Tuesday August 05, 2014
Time: 14:00 - 14:50
Location: Underground

Project Robus is a search for vulnerabilities in ICS/SCADA protocol stack implementations. Most research and commercial tools to date have focused on the PLC/RTU/controller (server). Project Robus tests both the RTU server and the master (client) sides of DNP3 and Modbus protocol stack implementations. Attacking the DNP3 master in the control center can eliminate the ability to monitor and control an entire SCADA system, such as an entire electric transmission or distribution system … all from accessing a serial or IP connection in one unmanned substation.

Chris Sistrunk

Sr. Consultant, Mandiant Chris Sistrunk is a Senior Consultant at Mandiant, focusing on cyber security for industrial control systems (ICS) and critical infrastructure. Prior to joining Mandiant, Chris was a Senior Engineer at Entergy (over 11 years) where he was the Subject Matter Expert (SME) for Transmission & Distribution SCADA systems. He has 10 years of experience in SCADA systems with tasks such as standards development, system design, database configuration, testing, commissioning, troubleshooting, and training. He was the co-overseer of the SCADA, relay, and cyber security labs at Entergy Transmission for 6 years. He is a Senior Member of IEEE, member of the DNP Users Group, Mississippi Infragard, and also is a registered PE in Louisiana. He holds a BS in Electrical Engineering and MS in Engineering and Technology Management from Louisiana Tech University. Chris also founded and organizes BSidesJackson, Mississippi’s only cyber security conference. Adam Crain is a control system software engineer, security researcher, and open source advocate. In 2012, he started his own venture, Automatak, to improve the penetration of robust open source software (OSS) in the utility space. He is the principal author of openDNP3, an implementation of IEEE 1815 (DNP3). Adam’s recent focus has been the ICS / SCADA protocol vulnerability research known as ‘Project Robus’. Since April 2013, vulnerabilities have been identified in products sold by more than twenty vendors. Adam works with vendors, utilities, government agencies, and industry organizations to identify and solve systemic issues.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats