phdays.com, phdays.ru Moscow, 2012 Day1, Track1, 17:00 Multiple speakers Demo section Seeing once is better... =================================== Afanasiev Mihail (Gleg.net) Finding SCADAs Services: ERIPP, Shodan Identification: WinCC, TODO for others Advantech web access 0day sql injection blind sql injection in proj and node http params used CANVAS framework to symbol by symbol enumeration from pUserPassword table Carel PlantVisor PRO demo 2.0 blind sql injection 0day select + current_settings('data_directory') - true/false=substr(sym, sym_num) used CANVAS framework tomcat, postgresql, win2008 Ge Fanuc HMI/SCADA CIMPLICITY 8.1 directory traversal win xp sp3 CIMWebServer.exe (port 80) used CANVAS framework Pure web-base scada atvise integraxor =================================== Mobile trojan in-action artiom 4aikin positive technologies Total malware samples (MacAfee) reportsrp-quaterly-threat-q4-2011.pdf Past android malware easy to detect example angry birds bonus level by [some chinese chars] requires access to sms and calls demo send SMS upon installation Present android malware Users became smarter easy to get the malware drive-by download & SocEng hard to detect all latin chars in the naming local exploits for privilege escalation installs services to deny malware removal demo some russian malware developer used SocEng: named "communication security update" requires: "load at boot" and "internet connection" only missing from the list of applications only found in settings: com.Security.Update using phone as proxy server Future android malware rise of malware/trojans for mobile platforms exploits: local and remote motivations: fraud, mobile banking cross-application vulns - already real =================================== Insecure Citrix how to own virtual servers citrix xenserver cloud infrastructure open hypervisor XEN TODO