Analyzing TRISIS - the first Safety Instrumented System malware by K. Reid Wightman & Jimmy Wylie скачать в хорошем качестве

Analyzing TRISIS - the first Safety Instrumented System malware by K. Reid Wightman & Jimmy Wylie

Discovery of TRISIS/TRITON was a landmark event in the Industrical Control Systems (ICS) security community. It is the the fifth known ICS-specific malware (following STUXNET, HAVEX, BLACKENERGY2, and CRASHOVERRIDE), and the first such malware to specifically target safety instrumented systems. Since identification and public disclosure in early December 2017, much has been written on TRISIS and its implications, but technical deep-dives of TRISIS, specifically the binary payloads are scarce. TRISIS is a complex piece of malware and analyzing the attack requires a blend of both hardware and software reverse engineering. In this discussion, we will explain our approach to analyzing this sample and at the same time, provide a detailed walkthrough of TRISIS with a focus on the PowerPC payloads and relevant portions of the Triconex firmware. Further, we will discuss the impact