Stuxnet, Havex, Blackenergy and CrashOverride represent the first four known targetted attacks against industrial control system targets. This talk will focus specifically on the tools dubbed CrashOverride used during the 2016 Ukrianian power outages. We will do a quick overview of electrical substation architecture, talk about the design of the tools used in the outage and then do a live demo of the tools.
Dan Gunter is a Senior Threat Hunter at the industrial cyber security company Dragos, Inc. where he discovers, analyzes and neutralizes threats inside of ICS/SCADA networks. In this capacity he performs threat hunting, incident response, and malware analysis mission for the industrial community.
Previous to his role at Dragos, Dan served in a variety of Information Security roles as an Cyber Warfare Officer in the United States Air Force with duties ranging from Incident Response at the Air Force Computer Emergency Response Team to developing innovative capabilities for multiple Department of Defense partners. Dan has over 12 years' experience and has obtained the CISSP, GIAC GSEC, EC Council CEH and CompTIA Security+ certifications. He also holds a Bachelor of Science in Computer Science from Baylor University and a Master of Science in Computer Science from the University of Louisville. Dan previously presented at Blackhat and Shmoocon.