Damn Vulnerable Chemical Process

Exploitation in a new media


Playlists: '31c3' videos starting here / audio / related events

So you want to author a next Stuxnet (or even cooler than that). Here is the success recipe: forget what you have known about cyber security. When an attack transitions from control of a digital system to control of a physical process, physics and time become controlling factors instead of the digital rules encoded into your microcontroller.

The holly CIA trinity is meaningless in the physical world. The uncontrollable but still running process is not really available; process dynamics does not stop simply because the controlling equipment is DoSed; electronically segregated components can still communicate over physical media (the process) and a physical phenomenon can be measured terribly wrongly (so that the wrong measurement will be proudly delivered to the digital application in a totally secure way). Where physics plays a governing role, IT security concepts are rendered useless.

Please welcome a new arrival in the "damn"-frameworks series - Damn Vulnerable Chemical Process. Come to the lecture and learn what it takes to exploit a physical process: how to find vulnerabilities and how to exploit them with minimal cost and maximum impact. Get astonished about the gazillion of uncertainties you will have to face on your way to disruptive goal and realize that the TIME is ONLY what matters while designing your attack .

Make sure to visit local library and refresh your knowledge on physics, chemistry, mechanics, control theory, signal processing and algorithms. The lecture will teach you how to apply this knowledge in the exciting world of cyber-physical exploitation.