{"id":795,"date":"2022-05-30T09:36:17","date_gmt":"2022-05-30T07:36:17","guid":{"rendered":"https:\/\/insightevents.dk\/isc-cph\/?p=795"},"modified":"2022-10-13T23:18:19","modified_gmt":"2022-10-13T21:18:19","slug":"doctor-strangeformat-how-i-learned-to-be-an-archeologist-for-sboms","status":"publish","type":"post","link":"https:\/\/insightevents.dk\/isc-cph\/2022\/05\/30\/doctor-strangeformat-how-i-learned-to-be-an-archeologist-for-sboms\/","title":{"rendered":"Doctor StrangeFormat: How I learned to be an archeologist for SBOMs"},"content":{"rendered":"

Ron Brash is the VP of technical research and integrations at aDolus Technology<\/a>, and he is one of the keynotes at the international industrial security conference<\/a> the 14-15-16 November. At the conference he will be talking about SBOMs and how he manages security in the organization. <\/strong><\/p>\n

\u00a0<\/strong>Read an interesting article from Ron her.<\/p>\n

\u00a0<\/strong>How do we create accurate SBOMs?\u00a0 \u00a0<\/strong><\/h2>\n

One of the biggest challenges facing supply chain security is how to secure legacy products while identifying hidden cyber risks buried deep in their subcomponents. Creating accurate Software Bills of Materials (SBOMs) is the critical first step, but how do we do that when the OT legacy software market is a story of abandoned, unbuildable, or lost source code?<\/p>\n

Often all the OT industry has to work with, is binary images (hotfixes included). And that means working backwards from binaries using Binary Composition Analysis (BCA) and Metadata Composition Analysis (MCA). Using these techniques, the OT professional can address crucial challenges when identifying third-party\/supply chain flaws, work with a myriad of file format types, research undocumented\/proprietary designs, and execute real-world file-format sleuthing.<\/p>\n

Threat hunting <\/strong><\/h2>\n

Using samples from an anonymized vendor, this session will explore the challenges experienced when decomposing files to address supply chain transparency. We\u2019ll do this by identifying several types of files based on patterns (flash vs. bootloader vs. update package), distinguishing various attributes or markers of interest, spotting security problems with minimal effort, and exploring how to research a file format that is decades old. It’s not a trivial art, but rather a demonstrable skill that requires the combined experiences of people from differing backgrounds to achieve success. In other words, think of it as threat hunting but for OT\/ICS files.<\/p>\n

At the conference you will learn about: <\/strong><\/h2>\n