Proprietary ICS Protocols

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

1 hour 22 minutes
Video Transcription
I see a scout of fundamentals. We're going to discuss other icy s protocols.
Now, the learning objectives for this one, we're going to look very briefly a profit at
Trillium, Niagara Fox and using census dot io for I. C s open source intelligence gathering.
So the prophet imports of that profit of protocol uses over TCP is Port 80 and over UDP port 161 then also to five,
383 and 34,964
in Trillium Treaty. It was very interesting one because it's used very, very commonly in building management systems. And you can think of, uh, elevators, for example. That's one of my favorite ones, and it integrates all of these building management systems analyses Java and HTML five.
The different types of architecture uses the A X architecture.
Uh, it also involves *** structures, protocols and platforms.
Some of different devices. The trillium actually is used in our various different types of hospital systems, airports, security systems, such as building security systems. Police stations also use this various different types of office buildings.
Then there's H B A C, especially for remote management
elevators, security stations, different types of lighting systems, especially for larger buildings.
Different types of retail stores use us lots of different buildings, and there's over 850,000 instances where trillium eyes actually used
to find these systems on the Internet. One of the methods that I use is census, and you can find these, uh, particular protocols used on different devices by what I like to call census Dorking. Just sort of similar to Google Dorking. And you can actually pinpoint different devices
with Niagara Fox. That port is 1911. Unfortunately, you can easily find these things on the Internet building control systems in these cases, or then turned into Internet of things. Iot devices and start thinking about different ways. This company manipulated by Attackers.
Can you halt an elevator and hold it hostage, for example, if it's connected to the Internet? Yes, you can.
Ah, sometimes I participate with the IBM Cyber Range. And for one particular scenario, that's exactly what happens is a group of employees are actually held hostage, so to speak, in an elevator
and the images of them being stuck in the elevator or broadcast to press.
Now there's a ride at Walt Disney World That's called the Tower of Terror, where the elevator goes up and down, up and down, then boom. And something like that could actually occur.
There's a tool called end map, which actually has a script in its S E engine where you can find in pinpoint on I have, er Fox Protocol properties.
And here you can also pinpoint these things online. And these are some of the property. So it'll show you the application version
three authentication agent type, which in this case, is Fox the brand I d. Any of the host addresses and I ds and host names can also find the device i d. What language? It's in the operating system that's in use with it. The device i d version and the station I d name.
Up Next