#HITB2018AMS

Описание: We started by mapping the entire network, comparing our results to what the hospital’s IT staff knows (think they know) – since we discovered a mess, we started a Sisyphean process of pinging, querying walking around the hospital searching for devices, and creating an updated network architecture map. The stuff we discovered was scary, funny and shocking. At the second stage, we conducted a penetration test on each medical device, software and system we could find – that includes Imaging systems of all kinds and sizes, Cardiac pacemakers, Electromechanical technology, Hospital hardware, Laboratory equipment, Gas and drug delivery systems, Surgical instruments, Medical monitoring devices, doctor’s applications, internal portals and databases, rogue WIFI access points, physical security vulnerabilities and more, this time our findings were terrifying, hilarious, and outrages!

===

Asaf Cohen is a security researcher and leads the Red Team at Maglan (powered by Accenture Security). He has a strong interest in Red Team activities, coding offensive tools and performing offensive research on IOT devices. He conducted hundreds of offensive simulations to fortune 500 companies and government institutions and has more than 13 years of hand-on experience. Asaf holds a BSc. in Computer Sciences from Ben Gurion University, Israel.

---

Ofir is a security researcher and a former senior penetration tester working at Maglan (Accenture Security). He has researched and discovered critical vulnerabilities in IoT devices and has conducted dozens of red-team engagements for clients ranging from cyber security startups to fortune 500 companies and government institutions. Ofir’s hobbies include: analyzing obfuscated network traffic, receiving ICMP requests from IoT devices and reading .bash_history.