2
Talks Delivered
2
Events Spoken At
2
Countries Visited
3
Years Speaking
2
Total Talks Given
He is an Independent Researcher , Security Engineer and a member at UCCU Hacker
He works in Web, Mobile, ICS, and Privacy domain for fun.He shared his off-time research at Troopers, HITB, CODE BLUE, Ekoparty, ROOTCON, REDxBLUE Pill, HITCON, CYBERSEC, and DEFCON Village.
Areas of Expertise
Presentation Types
Audience Types
Since 2010 with Stuxnet causing substantial damage to the nuclear program of Iran, ICS security issues have been on the rise.
Enterprises need an efficient way to find vulnerabilities but they might not have the budget for ICS pentesters, which need strong background knowledge in several fields. To solve this problem, we made a rare OT targeting, open source adversary emulation tool we call Scarlet OT as a plugin on MITRE open source tool – Caldera. Users can easily combine IT attacks with our OT adversaries and change steps of attacks or send manual commands in the process.
We summarize the experience of reviewing traffic from over 20 factories and analyzing 19 MITRE defined ICS malwares, and PIPEDREAM/Incontroller in 2022. We found the main trend of ICS malware changes from single protocol targeting to those with modularized, multiple protocol support. The actions in malware can be summarized as 4 stages of attack flow.
Scarlet OT already supports 10 common protocols and over 23 techniques on the MITRE ICS matrix, which is able to reproduce over 80% of defined ICS malware actions in OT. We also follow the 4 stages conclusion to add some attacks that haven’t been used by any malware (yet). We have tested Scarlet OT on real life oil, gas, water, and electric power devices with protocol simulations for SCADA developers and honeypots. We will have a demo in this presentation and also open source Scarlet OT after the talk.
EOS is a blockchain network and platform for decentralized applications built on Ethereum. It performs many of the same functions, but with much greater capacity — up to millions of transactions per second. EOS stands for Ethereum Operating System – unofficially.
The EOS cryptocurrency token sale raised $4 billion over a year-long ICO. Ethereum was the first blockchain to support development of decentralized applications. It sounds great in theory, but it was plagued by scalability issues once released into the wild. EOSIO is colloquially known as the “Ethereum Operating System,” because it adds a layer on top of Ethereum to make this dream of a dApp community a reality.
From 2018 to 2019 , Several Attacks cause EOS loss 900K EOS token. Hackers aimed Smart contract and EOS vulnerabilities, become rich men in Blockchain world. In this talk, Several attacks and CVE will be introduced.
