We lost three S4x14 videos due to technical difficulties at the end of the day on Wednesday. One of them was a great session from Stephen Dunlap and Jonathan Butts of the Air Force Institute of Technology entitled PLC Code Protection. The presentation slides from that session are below.

Most of the presentation actually covers PLC hacking and would be of interest to those who follow Project Basecamp. It was very clever how they used the turning of the keyswitch or command to go from Run Mode to Program Mode and back to Run Mode as a trigger for a logic bomb (slide 12). An engineer would likely think the PLC stopped working because of a coding error or other change they just made while in Program Mode.

[slideshare id=31947255&doc=19butts1-9-140305102526-phpapp02&w=450]

They also talk about how to maintain persistence by ignoring firmware updates and reporting the expected firmware version when asked.