A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Kinetic Pwnage: Obliterating the Line Between Computers and the Physical World - Ed Skoudis Derbycon 2013 (Hacking Illustrated Series InfoSec Tutorial Videos)

Kinetic Pwnage: Obliterating the Line Between Computers and the Physical World - Ed Skoudis
Derbycon 2013

Description: The infosec industry has spent decades struggling to secure computers and the vital data they hold, with some successes and many frustrating failures. Infosec pros and hackers alike have a wealth of lessons borne in our scars from battles to protect PII, PHI, and other information assets. Increasingly, however, we are facing a shifting threat, as attackers target not just computers and data, but instead the industrial control systems and related equipment we use to operate our physical world. Successful attacks in this realm could pack a lot more wallop than merely purchasing credit monitoring for a year or reimaging worm-infected PCs. In this talk, Ed will analyze this shift, looking at actual attacks against the power grid, water systems, transportation infrastructure, and more. We’ll see how the separation of the computer realm from the kinetic world is evaporating, as most equipment is online all the time. We’ll discuss how hackers and information security professionals can marshall our capabilities to apply the hard-fought lessons we’ve learned in securing data to the kinetic control system realm, along with the types of new skills and thinking that will be required. We’ll also look at how kinetic attacks are modeled in the CyberCity project, a miniaturized town constructed to help train government and military warriors about how computer attacks can have significant kinetic impact.

Bio: Ed Skoudis is a hacker. He delights in designing and building computer security challenges and simulations, ranging from fun scavenger hunts for the neighborhood kids all the way up to completely hackable miniature cities. To that end, as Director of the CyberCity project, Ed has lead a team that developed a 6-foot by 8-foot cityscape cyber range with real electric power, water, and other infrastructures to build skills in cyber warriors from the military, government, and select commercial companies. Furthermore, Ed and his team conduct regular penetration tests against some of the biggest, most complex, and technically novel infrastructures in the world. Ed has also researched malware, virtual machine security issues, and SCADA systems, with his team being the first to demonstrate publicly a VMware escape. Ed is the author of SANS Institute courses on Incident Handling and Hacker Attacks (SEC504) and Network Penetration Testing and Ethical Hacking (SEC560). And, finally, Ed wrote the books Counter Hack Reloaded and Malware: Fighting Malicious Code.

Back to Derbycon 2013 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast