...In this talk we will introduce a novel exploitation vector, one previously unconsidered in existing works. More specifically, we will show how PLC programming practices, user APIs, and memory allocation for function blocks from the Library Functions open the door to automated enumeration of PLC control logic, identification of key infrastructure configuration parameters and process control variables, and their consequent targeted manipulation to achieve a desired attack impact. Additionally, allocated but unused memory can be applied to the establishment of covert C2 channels, from which attackers are afforded with the ability to run standard security tools, exfiltrate data and execute high-precision cyber-physical attacks on previously inaccessible network segments...
By: Marina Krotofil & Ric Derbyshire
Full Abstract: www.blackhat.c...