We decided to put the IRONGATE video from last week’s S4xEurope out first. There is no new big reveal over the information put out in the FireEye article, but Rob provides a lot of context that makes it easier to understand. He also focuses on unanswered questions and a comparison to Stuxnet.
If this is really a Grad Student Research Project, I would think we would hear who did it in the next couple of weeks. Some of the S4xEurope attendees were going to try to help make contact with the author of PLCSIM.
Here are some highlights of the video:
3:56 Why IRONGATE is interesting from a technical perspective.
6:08 Is the industry numb to this type of release due to naming, hype, process?
8:20 A flow chart showing the major steps of IRONGATE.
14:20 The actual DLL replacement code.
16:20 Record and replay code.
19:25 Comparison and contrast with Stuxnet.
The last ten minutes is Q&A.