Cisco Talos will have a significant presence at the 10th edition of BruCON, which kicks off this week. Below, you will find the presentations that Talos researchers will give, along with a brief overview of the topics they will discuss. We are fortunate to have multiple speakers presenting this year: Benny Ketelslegers, Jared Rittle and Lilith Wyatt.

BruCON Retro day opening speech Presented by Benny Ketelslegers

BruCON was founded in 2008 by five security-minded Belgians working in the cybersecurity industry. What started as a herculean effort of a few people has now stabilized into one of the better European information security conferences that continues to grow each year. Benny, one of the founders, will go through the history of the con and highlight the key reasons it was able to survive through the first few years. We will be giving an overview of the security landscape in Belgium, why BruCON was founded and cover some of the highlights from the past 10 years.

This talk will take place on Oct. 3 at 10 a.m. during BruCON.

Process Control Through Counterfeit Comms Presented by Jared Rittle

Programmable Logic Controllers (PLCs) are often relied on for the performance of critical process control functions in many different critical infrastructure sectors. Cisco Talos previously identified several vulnerabilities in the Allen-Bradley MicroLogix 1400 PLCs. These vulnerabilities included ones that could be leveraged to modify device configuration and ladder logic, write modified program data into the device's memory module, erase program data from the device's memory module, or conduct denial-of-service (DoS) attacks against affected devices. These vulnerabilities were disclosed to the manufacturer, with an update released to ensure that vulnerable devices could be updated to resolve these issues.

Jared Rittle of Cisco Talos will be presenting information regarding these vulnerabilities on Oct. 5 at 5:30 p.m.. Cisco Talos is also releasing a whitepaper that includes additional details related to how these vulnerabilities could be leveraged by attackers, the potential impacts they could have on affected devices, as well as mitigations that could be put in place to secure devices affected by these vulnerabilities. This whitepaper can be accessed here.

IoT RCE, a study with Disney Presented by Lilith Wyatt

As desktop and server security keeps raising the baseline for successful exploitation, internet-of-things (IoT) devices are still stuck in the 1990s, despite their ubiquity in every home network. This, coupled with the ability to access them from anywhere, is creating a situation in which millions of households are left vulnerable, regardless of any network security posture — which is essentially a ticking time bomb.
These topics will be examined using the Circle with Disney — an internet monitoring device made by Disney — and a Foscam IP video camera as case studies. During the course of the vulnerability testing of these devices, more than 50 CVEs were discovered, out of which, discussion will focus on the more novel attack techniques seen within the Disney Circle, including:

  • SSL certificate-ttribute validation bypasses
  • SSID broadcasting injection
  • Use-between-Realloc memory corruption
  • Cloud routing abuse During the course of the talk, there will be discussion regarding IoT device's use of traditionally offensive tools (ARP poisoning, backdoors, and beaconing) for central functionality.

Lilith Wyatt will present the information related to these vulnerabilities, including the specific details related to several use cases, on Oct. 5 at 3 p.m.