{"id":10317,"date":"2022-05-19T10:00:09","date_gmt":"2022-05-19T10:00:09","guid":{"rendered":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/?post_type=session&p=10317"},"modified":"2023-06-12T10:05:46","modified_gmt":"2023-06-12T10:05:46","slug":"scarlet-ot-ot-adversary-emulation-for-fun-and-profit","status":"publish","type":"session","link":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/session\/scarlet-ot-ot-adversary-emulation-for-fun-and-profit\/","title":{"rendered":"Scarlet OT – OT Adversary Emulation for Fun and Profit"},"content":{"rendered":"

Since 2010 with Stuxnet causing substantial damage to the nuclear program of Iran, ICS security issues have been on the rise. <\/span><\/p>\n

Enterprises need an efficient way to find vulnerabilities but they might not have the budget for ICS pentesters, which need strong background knowledge in several fields. To solve this problem, we made a rare OT targeting, open source adversary emulation tool we call Scarlet OT as a plugin on MITRE open source tool – Caldera<\/strong>. Users can easily combine IT attacks with our OT adversaries and change steps of attacks or send manual commands in the process.<\/span><\/p>\n

We summarize the experience of reviewing traffic from over 20 factories and analyzing 19 MITRE defined ICS malwares, and PIPEDREAM<\/span>\/<\/span>Incontroller in 2022. We found the main trend of ICS malware\u00a0 changes from single protocol targeting to those with modularized, multiple protocol support. The actions in malware can be summarized as 4 stages of attack flow. <\/span><\/p>\n

Scarlet OT already supports 10 common protocols and over 23 techniques on the MITRE ICS matrix, which is able to reproduce over 80% of defined ICS malware actions in OT.<\/strong> We also follow the 4 stages conclusion to add some attacks that haven’t been used by any malware (yet). We have tested Scarlet OT on real life oil, gas, water, and electric power devices with protocol simulations for SCADA developers and honeypots. We will have a demo in this presentation and also open source Scarlet OT after the talk.<\/strong><\/span><\/p>\n","protected":false},"template":"","class_list":["post-10317","session","type-session","status-publish","hentry"],"acf":[],"yoast_head":"\nScarlet OT - OT Adversary Emulation for Fun and Profit - HITBSecConf2024 - Abu Dhabi<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/session\/scarlet-ot-ot-adversary-emulation-for-fun-and-profit\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Scarlet OT - OT Adversary Emulation for Fun and Profit - HITBSecConf2024 - Abu Dhabi\" \/>\n<meta property=\"og:description\" content=\"Since 2010 with Stuxnet causing substantial damage to the nuclear program of Iran, ICS security issues have been on the rise. Enterprises need an efficient way to find vulnerabilities but they might not have the budget for ICS pentesters, which need strong background knowledge in several fields. To solve this problem, we made a rare […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/session\/scarlet-ot-ot-adversary-emulation-for-fun-and-profit\/\" \/>\n<meta property=\"og:site_name\" content=\"HITBSecConf2024 - Abu Dhabi\" \/>\n<meta property=\"article:modified_time\" content=\"2023-06-12T10:05:46+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/session\/scarlet-ot-ot-adversary-emulation-for-fun-and-profit\/\",\"url\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/session\/scarlet-ot-ot-adversary-emulation-for-fun-and-profit\/\",\"name\":\"Scarlet OT - OT Adversary Emulation for Fun and Profit - HITBSecConf2024 - Abu Dhabi\",\"isPartOf\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/#website\"},\"datePublished\":\"2022-05-19T10:00:09+00:00\",\"dateModified\":\"2023-06-12T10:05:46+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/session\/scarlet-ot-ot-adversary-emulation-for-fun-and-profit\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/session\/scarlet-ot-ot-adversary-emulation-for-fun-and-profit\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/session\/scarlet-ot-ot-adversary-emulation-for-fun-and-profit\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Session\",\"item\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/session\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Scarlet OT – OT Adversary Emulation for Fun and Profit\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/#website\",\"url\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/\",\"name\":\"HITBSecConf2024 - Abu Dhabi\",\"description\":\"Nov 25 - 28, Abu Dhabi, UAE\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Scarlet OT - OT Adversary Emulation for Fun and Profit - HITBSecConf2024 - Abu Dhabi","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/session\/scarlet-ot-ot-adversary-emulation-for-fun-and-profit\/","og_locale":"en_US","og_type":"article","og_title":"Scarlet OT - OT Adversary Emulation for Fun and Profit - HITBSecConf2024 - Abu Dhabi","og_description":"Since 2010 with Stuxnet causing substantial damage to the nuclear program of Iran, ICS security issues have been on the rise. Enterprises need an efficient way to find vulnerabilities but they might not have the budget for ICS pentesters, which need strong background knowledge in several fields. To solve this problem, we made a rare […]","og_url":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/session\/scarlet-ot-ot-adversary-emulation-for-fun-and-profit\/","og_site_name":"HITBSecConf2024 - Abu Dhabi","article_modified_time":"2023-06-12T10:05:46+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/session\/scarlet-ot-ot-adversary-emulation-for-fun-and-profit\/","url":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/session\/scarlet-ot-ot-adversary-emulation-for-fun-and-profit\/","name":"Scarlet OT - OT Adversary Emulation for Fun and Profit - HITBSecConf2024 - Abu Dhabi","isPartOf":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/#website"},"datePublished":"2022-05-19T10:00:09+00:00","dateModified":"2023-06-12T10:05:46+00:00","breadcrumb":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/session\/scarlet-ot-ot-adversary-emulation-for-fun-and-profit\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/conference.hitb.org\/hitbsecconf2024auh\/session\/scarlet-ot-ot-adversary-emulation-for-fun-and-profit\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/session\/scarlet-ot-ot-adversary-emulation-for-fun-and-profit\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/"},{"@type":"ListItem","position":2,"name":"Session","item":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/session\/"},{"@type":"ListItem","position":3,"name":"Scarlet OT – OT Adversary Emulation for Fun and Profit"}]},{"@type":"WebSite","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/#website","url":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/","name":"HITBSecConf2024 - Abu Dhabi","description":"Nov 25 - 28, Abu Dhabi, UAE","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-json\/wp\/v2\/session\/10317"}],"collection":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-json\/wp\/v2\/session"}],"about":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-json\/wp\/v2\/types\/session"}],"version-history":[{"count":2,"href":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-json\/wp\/v2\/session\/10317\/revisions"}],"predecessor-version":[{"id":12409,"href":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-json\/wp\/v2\/session\/10317\/revisions\/12409"}],"wp:attachment":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-json\/wp\/v2\/media?parent=10317"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}