Sergey Sidorov

A guide on power plant automation and its security issues on #36c3 conference. Slides and tools from our talk https://github.com/klsecservices/Publications/raw/master/36c3-Security%20of%20turbine%20control%20systems.pdf … kudos to @repdet @_moradek_ @Alender911 @epotseluevskaya @zero_wf @574rzpic.twitter.com/aLGEHLUlhr

Turbines are everywhere, also on #36c3 at #dijkstra! Good thing, they are overcomplicated, with huge attack surface, hard coded credentials and weak hashing schemas. Oh, shi... Nice talk by @kl_secservices team. /cc:@repdet @_moradek_ @Alender911 @epotseluevskaya @zero_wf @574rzpic.twitter.com/OG2jndWJ5o

Stories and lessons from Incident Response practice by Pavel Kargapoltsev on #ZeroNights 2019. Thanks for all the questions from audience and organisers for great event! Get the slides https://github.com/klsecservices/Publications/raw/master/2019-ZeroNights-Kargapoltsev-Stories%20and%20lessons%20from%20daily%20DFIR.pdf … ATT&CK inside! #DFIR #blueteampic.twitter.com/0PMwivWeOZ

Most used #MITRE ATT&CK techniques and more operational security stats in our #threathunting report https://github.com/klsecservices/Publications/blob/master/MDR_report_H1_2019_eng_final.pdf …pic.twitter.com/a42QInJw4f

Alexander Nochvay from @kaspersky ICS CERT deconstructs CODESYS and analyses its security problems at #KasperskyICS conference: Runtime weaknesses, PDU Protocol model disadvantages and many morepic.twitter.com/NtXJyiePJs – mjesto: Conference Center

In a joint presentation at #KasperskyICS conference @repdet and @574rz talk about #CNC machines security: if there are fail compilations of something on YouTube, certainly some work has to be donepic.twitter.com/hjXT8vCM7M – mjesto: Conference Center

New ATM slide deck by @_Endless_Quest_ and @GiftsUngiven from @offzone_moscow https://github.com/klsecservices/Publications/blob/master/ATM_or_it_never_happened_slides.pdf …pic.twitter.com/TXhgYPIrIN

This little technique can force your blind #XXE to output anything you want! https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/ …pic.twitter.com/JDC31VIJoC

Slides from #defcamp & #offzone talks and research paper by @d_skljar on security of #EV charging stations https://github.com/klsecservices/Publications/blob/master/chargepoint_home_slides.pdf … https://github.com/klsecservices/Publications/blob/master/chargepoint_home_security_research.pdf …pic.twitter.com/emFJjNGiXN

Thanks to @CS3sthlm for these 3 productive days! Glad to be a partner of this great industrial cybersecurity event! #cs3sthlm #KasperskyICSpic.twitter.com/1G8AG4H5jc