First of all let me share with all you, I'm really excited to write this blog post! This week RootedCON 2014 will be happening in Spain and we got a talk accepted with @julianvilas! The talk's title is not very self-explanatory: "Kicking SCADA Around." So, in case you are interested in attending here is a little more information about the presentation.


We plan to share with the audience our experience while dissecting a widely used SCADA product (the product's name won't be disclosed until the talk!). Some interesting points we will speak on include:


  • How we managed to work together while living at more than 5,000 miles apart. We plan to share with you the time invested, tools and work methodology used to make this happen!
  • The SCADA "learning" experience. Honestly, when you're in front of a SCADA (project designer) product, it's not like sit down in front of a browser explorer, an instant messaging application, or an IDE for first time! The learning curve is hard, and we plan to share our experience!
  • Of course, we'll be speaking about reversing, vulnerability discovery, exploiting, and disclosure. In case you're asking, yes, we'll be giving details about new vulnerabilities and publishing exploits. Expect live Metasploit demos!
  • As Carlos Perez used to say: "the shell is only the beginning", and that's true! We'll be reviewing some post-exploitation techniques available with Meterpreter in order to maximize fun and profit in SCADA environments!
  • Finally, but not least, one thing we asked ourselves was: "Does our work matter to the world?" We tried to answer ourselves and we'll be sharing our conclusions with you. At the moment we just will say: #ScanAllTheThings!


In case you are planning to attend RootedCON, hope to see you there! On the other hand, if you're around, please stop and say "hola!" If you would like to share conversation and ideas about information security, Metasploit, vulnerabilities, exploiting or something else! See you in Madrid soon!