Pwn2Own 주최자는 참가자가 ICS 시스템의 해킹 제공 할 것입니다

년부터 2020, a separate nomination for components of industrial control systems will appear in the Pwn2Own ethical hacker competition. Pwn2Own 주최자는 참가자들에게 ICS 시스템을 해킹 할 수있는 작업을 줄 것이다.

에이t the Miami Summit in January, 전문가들은 다섯 개 가지 범주에서 제시 팔 개 제품을 해킹하려고합니다. The prize fund of this part of the competition will be more than $250 천.

“Starting next January, Pwn2Own grows again by adding a third competition at the S4 conference in Miami South Beach on January 21–23, 2020. This contest focuses on Industrial Control Systems (ICS) and associated protocols”, — write Pwn2Own organizers.

In the nominationManagement Servers“, participants will have to attack Iconics Genesis64Inductive Automation Ignition SCADA platforms available on the test network from their laptop.

The organizers suggested several levels of possible hacker performance. 그러므로, a forced shutdown of a system or its transfer to a denial of service condition is estimated at $5,000, and an exploit for unauthorized disclosure of information will bring a specialist twice as much. The maximum bonus of $20 thousand will receive an ethical hacker who will achieve remote code execution within any of the programs.

게다가, contestants will be able to try to compromise the Triangle MicroWorks SCADA Data Gateway 신청, presented in the “DNP3 Gateways” category. For hacking a communication program, ethical hackers can get from $5 에 $20 천, as well as up to 20 Master of Pwn points, taken into account when determining the absolute winner.

“We’ve had discussions for years about running a Pwn2Own for ICS, but there are many challenges to holding such a contest. To overcome these issues, we worked with multiple people and companies within the ICS industry to ensure we have the right products and categories to create a meaningful test of the security of these products and protocols”, — report organizers.

For servers using the Open Platform Communications (OPC) specification, a separate category will be provided for Pwn2Own 2020. Participants will be asked to call DoS, to obtain the disclosure of confidential information or to remotely execute their code on Unified Automation ANSI C Demo ServerOPC Foundation OPC UA .NET Standard platforms.

In the categoryEngineering Workstationsthere is only one product. For remote launch of a third-party script in the development environment of Rockwell Automation Studio 5000, information security specialists will be able to get $20 천.

For the nomination “Human-Machine Interface", the organizers prepared a confrontation of competing products of the two largest market players. Ethical hackers will be able to remotely execute their code on Schneider ElectricFactoryTalk View SE EcoStruxure Operator Terminal Expert workstations from Rockwell Automation. For participants who try to hack the latest system, additional bonuses are provided for putting it into a denial of service condition or unauthorized disclosure of information, as well as a separate bonus for an exploit that is resistant to restarting the program.

또한 읽기: 바티칸 개발자 연구원은 eRosary의 취약점을 발견 스마트 묵주

The last Pwn2Own took place in March this year and brought its participants more than half a million dollars. The triumph of the competition was the Fluoroacetate 팀, who managed to hack the on-board system of the Tesla Model 3 and received the electric car as a prize for the competition.

Pwn2Own recalls that the goal is always to get these bugs fixed before attackers actively exploit them.

트로이 킬러 소개

메모리 스틱에 트로이 킬러 휴대용 운반. 당신은 당신이 어디를 가든 당신의 PC가 어떤 사이버 위협에 저항 도울 수 있는지 확인하십시오.

또한 확인

Heroku가 클라우드 플랫폼에 MageCart

연구진은 여러 MageCart 웹 스키머에 Heroku가 클라우드 플랫폼 발견

Malwarebytes 연구원은 Heroku가 클라우드 플랫폼에서 여러 MageCart 웹 스키머를 찾는 것에 대해보고 …

안드로이드 스파이웨어 CallerSpy

안드로이드 채팅 응용 프로그램으로 CallerSpy 스파이웨어 마스크

트렌드 마이크로의 전문가들은 악성 코드 CallerSpy 발견, 안드로이드 채팅 응용 프로그램으로하는 마스크와, …

회신을 남겨주