Slides for CSE4243 GhostExodus lecture

Aug 30 2009
Filed In: SCADA, skiddies
Tommorow morning, I will be giving a lecture to the CS4243/6243 Information and Computer Security class at Mississippi State University.  It will cover the events that led up to, and followed from, the arrest of Jesse “GhostExodus” McGraw on charges of installing malicious code onto hospital computer systems, including a system that was the HMI (Human-Machine Interface) of the SCADA system controlling ventilation, air-conditioning, and various aspects of the surgery wing.
The purpose of the talk is to cover some of the more interesting points of evidence that was gathered, documents surrounding the arrest and indictment, and some of the aftermath.  To give the students some practical skills to take away, I’ll be discussing some of the methodology used that would be applicable when responding other incidents.  It’s difficult to fit everything into a 50-minute lecture, but I believe I’m hitting the most interesting and entertaining points, and will be happy to go into more detail with smaller groups of interested students afterwards.
I am making the slides available here, however you will notice that they mostly consist of images and screengrabs for me to use as talking points.  While they may or may not be interesting standing alone, I’ve uploaded them primarily to serve as a reference for the students that have attended the lecture.
GhostExodus / Carrell Clinic Incident

View more presentations from McGrewSecurity.
If I’m happy with how the lecture goes, I may use it as a reference to record some narration on top of the above slides and make it available on this site.
If you are in the area and wish to drop in on this lecture, you are welcome to do so.  It will be at 9:00 AM, Monday August 31, in Butler 103.
If you are a student in the class, coming here for the slides, and are new to the site, these are the posts related to this lecture:

Tommorow morning, I will be giving a lecture to the CS4243/6243 Information and Computer Security class at Mississippi State University.  It will cover the events that led up to, and followed from, the arrest of Jesse “GhostExodus” McGraw on charges of installing malicious code onto hospital computer systems, including a system that was the HMI (Human-Machine Interface) of the SCADA system controlling ventilation, air-conditioning, and various aspects of the surgery wing.

The purpose of the talk is to cover some of the more interesting points of evidence that was gathered, documents surrounding the arrest and indictment, and some of the aftermath.  To give the students some practical skills to take away, I’ll be discussing some of the methodology used that would be applicable when responding other incidents.  It’s difficult to fit everything into a 50-minute lecture, but I believe I’m hitting the most interesting and entertaining points, and will be happy to go into more detail with smaller groups of interested students afterwards.

I am making the slides available here, however you will notice that they mostly consist of images and screengrabs for me to use as talking points.  While they may or may not be interesting standing alone, I’ve uploaded them primarily to serve as a reference for the students that have attended the lecture:

If I’m happy with how the lecture goes, I may use it as a reference to record some narration on top of the above slides and make it available on this site.

If you are in the area and wish to drop in on this lecture, you are welcome to do so.  It will be at 9:00 AM, Monday August 31, in Butler 103.

If you are a student in the class, coming here for the slides, and are new to the site, these are the posts related to this lecture:

Back to Top
Tags:

There are 1 Comments to "Slides for CSE4243 GhostExodus lecture"

Write a Comment