Badgerboard : Weaseling Out The Unknown
HTML-код
- Опубликовано: 3 июл 2024
- Communication on the backplanes of PLCs has been largely unavailable for visibility, protection and detection. Carl and the team at Talos Intelligence tried to change that.
Carl will present and release research that enabled Snort network IDS visibility directly into a popular PLC's backplane traffic. This visibility is read only, and is not subject to any other modules censoring data. By utilizing the power of a FPGA and custom bitcode, they were able to lift raw traffic from the backplane bus directly into network traffic that could be consumed by any network sensor.
This is an entirely new layer of visibility in a world where ICS security starts at the network layer. This talk includes the code release of all Badgerboard associated code, which includes the associated FPGA logic, as well as the layers required to lift the traffic into valid UDP network traffic.
Dale's note: I'm excited for this session. Sounds like a classic Stage 2 deep dive on the bleeding edge. 
Наука
