27C3 - Version 1.6.3

27th Chaos Communication Congress
We come in peace

Bruce Dang
Peter Ferrie
Day Day 1 - 2010-12-27
Room Saal 1
Start time 23:00
Duration 01:00
ID 4245
Event type Lecture
Track Hacking
Language used for presentation English

Adventures in analyzing Stuxnet

There has been many publications on the topic of Stuxnet and its "sophistication" in the mainstream press. However, there is not a complete publication which explains all of the technical vulnerability details and how they were discovered. In this talk, you will get a first-hand account of the entire story.

We will discuss various techniques used in analyzing Stuxnet. First, we will share several tricks that were used to quickly identify the vulnerabilities. Second, we describe the thought processes that went into debugging and triaging the vulnerabilities themselves. Finally, we show some tips that you can use if you feel like decompiling stuff for fun :).