What is Black Hat Europe 2022?
Black Hat is a world-renowned cybersecurity convention showcasing the latest trends and development in InfoSec research. This year, on its 25th anniversary, Wavestone’s Arnaud Soullie of the Paris office was invited to run one of the three flagship “Arsenal Labs” alongside Dhruv Sharan from our growing London practice.
Industrial Control Systems: Capture the train
Their workshop, “Industrial Control Systems: Capture the train!”, was an introduction to Industrial Control Systems (ICS) and the Modbus protocol followed by a hands-on exercise involving Linux machines and robotic arms controlled by pre-programmed Programable Logic Controllers (PLCs).
To demonstrate how ICSs work at a high level, participants were first walked through how to use the Linux machines to scan the environment and identify the IP addresses of the mini-ICS’s PLCs. Then they connected to the PLCs (and by extension the robotic arms) using the pymodbus.console function (Pymodbus is a full Modbus protocol implementation in python) and used Pymodbus to read the coils and registers and then later write data to the coils and registers resulting is corresponding unique movements from the robotic arm. Once we had introduced the various pymodbus functions to write data, we mostly left the participants to try different combinations of addresses to move the arm with the objective of capturing flags attached on top of toy trains.
What is a PLC?
A PLC is an industrial computer that has been adapted for the control of manufacturing processes, such as assembly lines, machines, robotic devices, etc. There are two elements of a PLC that are relevant to this workshop: “coils” and “registers”. Coils are discrete outputs, taking a value of either 1 or 0 (on or off) and holding/output registers are near-analogue outputs. Registers are 16 bytes so can take a value of between 0 and 16^4 (35536) so data that cannot be represented as a 1 or 0, such as temperature or angle, are more suited to registers where the opposite is true for Coils.A PLC is an industrial computer that has been adapted for the control of manufacturing processes, such as assembly lines, machines, robotic devices, etc. There are two elements of a PLC that are relevant to this workshop: “coils” and “registers”. Coils are discrete outputs, taking a value of either 1 or 0 (on or off) and holding/output registers are near-analogue outputs. Registers are 16 bytes so can take a value of between 0 and 16^4 (35536) so data that cannot be represented as a 1 or 0, such as temperature or angle, are more suited to registers where the opposite is true for Coils.