This course aims to educate learners on the vulnerabilities present in Building Management Systems (BMS) and Building Automation Systems (BAS). The learning outcomes include understanding the security risks associated with these systems, identifying vulnerabilities in BMS components, and learning about potential exploitation methods. The course covers topics such as BMS components, system interfaces, security analysis, exploitation techniques, and real-world case studies. The intended audience for this course includes cybersecurity professionals, system administrators, and individuals interested in understanding the security implications of BMS technologies. The teaching method involves a presentation of research findings, vulnerabilities, and exploitation demonstrations.
Overview
Syllabus
Introduction
What is a BMS?
BMS for end users
What Does a BMS Do?
Building Control Applications
Typical Systems Components - Field Devices
Typical Systems Components - Networks
Interaction With Other Building Management Systems
Typical User Interface Options
BMS Simple User Interfaces - Web Interface
BMS & EDAC
Advertisement - 2019
Security Analysis and Exploitation
Exposure of Management Interface
Software Technology in Controllers
Automatic and Manual Vulnerability Discovery
Obtaining Firmware
Example: Cookie traversal
Example: rootstyle
Backdoors (Development Console)
Example: Java backdoor
Backdoor Access - Optergy
System Access - Linear e Merge E3-Series
System Access - Metasploit Session
System Access - Prima FlexAir #2
Impact
Potential targets (case studies from the vendor)
Upgrade
Taught by
Hack In The Box Security Conference
