Ralph Langner’s Stuxnet Deep Dive is the definitive technical presentation on the PLC attack portion of Stuxnet. He did a good job of showing very technical details in a readable and logical presentation that you can follow in the video if you know something about programming and PLC’s.
The main purpose of Ralph’s talk was to convince the audience with “100% certainty” that Stuxnet was designed specifically to attack the Natanz facility. He does this at least four different ways, and I have to agree there is no doubt.
This video represents exactly what we are trying to accomplish at S4. Ralph is speaking in front of a very experienced and knowledgeable ICS security audience, and he doesn’t waste any time on what Stuxnet 101. Instead, he dives right into the S7 code and walks the audience through, line by line, some of the most interesting FC’s. This level of detail has never been seen before. It likely would bore or be lost on most audiences, but the S4 crowd was spellbound.
It’s high quality video so expand to full screen to see the code.
The video shows the level of effort Langner’s team put into analyzing Stuxnet as there comments are throughout the S7 Stuxnet code. Many in the audience remarked that it was probably much better documented than the Stuxnet author’s version.