BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: Exploiting OPC-UA in Every Possible Way: Practical A
 ttacks\n   Against Modern OPC-UA Architectures\n   When: Saturday\, Aug 12
 \, 14:30 - 15:15 PDT\n   Where: Caesars Forum - Forum - 105\,135\,136 - Tr
 ack 1 - [1]Map\n   Speakers:Noam Moshe\,Sharon Brizinov\n\n   SpeakerBio:N
 oam Moshe \, Vulnerability Researcher at Claroty Team82\n   Noam Moshe is 
 a vulnerability researcher at Claroty Team82. Noam\n   specializes in vuln
 erability research\, web applications pentesting\,\n   malware analysis\, 
 network forensics and ICS/SCADA security. In\n   addition\, Noam presented
  in well-known Hacking conferences like\n   Blackhat Europe\, as well as w
 on Master of Pwn at Pwn2Own Miami 2023.\n\n   SpeakerBio:Sharon Brizinov \
 , Director of Security Research at Claroty\n   Team82\n   Sharon Brizinov 
 leads the Vulnerability Research at Team82\, The\n   Claroty Research. He 
 specializes in OT/IoT vulnerability research\, has\n   participated in mul
 tiple Pwn2Own competitions\, won Pwn2Own Miami 2023\,\n   and holds a DEFC
 ON black badge.\n\n   Description:\n   OPC-UA is the most popular protocol
  today in ICS/SCADA and IoT\n   environments for data exchanges from senso
 rs to on-premises or cloud\n   applications. OPC-UA is therefore the bridg
 e between different OT\n   trust zones and a crown jewel for attacks attem
 pting to break security\n   zones and crossover from the industrial to cor
 porate networks.\n\n   We have been researching during the past two years 
 dozens of OPC-UA\n   protocol stack implementations being used in millions
  of industrial\n   products. We focused on two main attack vectors: attack
 ing OPC-UA\n   servers and protocol gateways\, and attacking OPC-UA client
 s. The\n   research yielded unique attack techniques that targeted specifi
 c\n   OPC-UA protocol specification pitfalls that enabled us to create a\n
    wide range of vulns ranging from denial of service to remote code\n   e
 xecution.\n\n   For example\, we explored OPC-UA features such as method c
 all\n   processing\, chunking mechanisms\, certification handling\, comple
 x\n   variant structures\, monitored items\, race-conditions\, and many mo
 re.\n   For each part of the specification\, we tried to understand its ca
 veats\n   and exploit them to achieve RCE\, information leaks\, or denial 
 of\n   service attacks.\n\n   In this talk\, we will share our journey\, m
 ethods\, and release an\n   open-source framework with all of our techniqu
 es and vulnerabilities\n   to exploit modern OPC-UA protocol stacks. \, No
 am Moshe is a\n   vulnerability researcher at Claroty Team82. Noam special
 izes in\n   vulnerability research\, web applications pentesting\, malware
  analysis\,\n   network forensics and ICS/SCADA security. In addition\, No
 am presented\n   in well-known Hacking conferences like Blackhat Europe\, 
 as well as won\n   Master of Pwn at Pwn2Own Miami 2023.\n\n   '\n\n   1. #
 CaesarsForumBR\n\n\n
DTEND:20230812T221500Z
DTSTART:20230812T213000Z
LOCATION:DC - Caesars Forum - Forum - 105\,135\,136 - Track 1
SUMMARY:Exploiting OPC-UA in Every Possible Way: Practical Attacks Against 
 Modern OPC-UA Architectures
END:VEVENT
END:VCALENDAR