Demonstration of an ICS attack chain using non-technical exploitation techniques

  • Thursday, 13 Dec 2018 1:00PM EDT (13 Dec 2018 18:00 UTC)
  • Speakers: Connor Leach, Jackson Evans-Davies

In industrial environments segmentation between IT and OT systems is paramount. It is no longer enough to perform network segmentation alone; instead, domain, application, and platform segmentation is equally as important. Attackers are exploiting domain trusts, credential re-use, and shared management applications which creates attack chains with non-traditional exploitation.


In this webinar, we will be enumerating and exploiting the IT/OT boundary by focusing on 'it's a feature, not a bug '. In our Offensive Security lab, Honeywell will demonstrate an attack chain which includes the following:

  • Initial foothold on the enterprise network via external spear-phishing
  • Perform an internal spear-phish attack called email pivoting
  • Hook Microsoft Outlook to enumerate the ICS network
  • Use non-technical methods (users) to exploit the IT/OT boundary
  • Inject and deploy a malicious update via Microsoft Windows Software Update Services (WSUS)

Join us on Dec 13 1pm EST to follow an attack chain where we exploit the users of the fictitious while using non-traditional tactics and techniques.