Fadli B. Sidek
Security Specialist Codenomicon Ltd
Fadli is a Cyber Security enthusiast and works as a Security Specialist with Codenomicon Ltd. His experience include performing vulnerability assessments and penetration testing to clients in the AMEA region. He graduated from Murdoch University, Australia with a Double Majors Degree in Cyber Forensics, Information Security Management and Business Information System. He has over 9 years of experience in IT and Security and has written and published security articles in Pentestmag and Hakin9 and has spoken at many security conferences in Singapore, India, UAE and recently in Las Vegas.
Presentation: Vulnerability Assessments on SCADA Networks: Outsmarting the Smart Grid.
SCADA assessments has been on the news and the talk of the town since 2005. While there are many talks and demonstrations about how to penetrate and exploit SCADA systems, little discussions about the pre-exploitation phase were being shared and discussed. I’m talking of course about the Vulnerability Scanning phase.
Some may have performed such Vulnerability Assessment before and many are curious as to how to start it in the first place. Questions like, what are the methodologies used in performing an assessment on SCADA systems? What information is required before we click the ‘Start Scan Now’ button? What plugins should be used? And does my scans guarantee that these ultra sensitive systems will not go down?
This talk is to share my personal experience and challenges faced during a SCADA assessment engagement. While i had no previous experience and only theoretical knowledge i gathered from the internet, i had to swallow it all and apply it during the engagement. Flying from Singapore to the Middle East just to perform the assessment, language is a barrier in terms of communication. But what if you were there in a situation where there were no policies, no security engineers or administrators, no proper documentations and worse, no one knows what they have and you were there to find them all and do the VA? This talk will also share how i accidentally brought down all the SCADA workstations in one site and how i could easily owned the systems with my findings. This talk will also share the lessons learned and how to develop a proper methodology and process in performing vulnerability assessment on a network of SCADA systems.
Are you the next cyber security superstar?
Ready for this year's presentations?
By registering you will unlock access to 60+ speakers and two full days with cyber security news & showcases from worldwide leaders.
Sponsors & Partners
They help us make this conference possible.
As an infrastructure operator, technology integrator and IT&C services provider, Orange Business Services supports businesses and public entities in their digital transformation. Collect, transport, protect, store and process and analyze: they orchestrate every phase of the data journey, for your business to create even more value.