2025-08-12 –, Andromeda
Language: English
After some internal evaluation and a journalists inquiry on the possibility of chinese state actors having access to camera footage, Muncipality the Hague decided to do a security test focused on an APT threat on their traffic camera infrastructure. During the session we will show how the team approached this project, how some of the cinematic scenarios of causing traffic jams and using the camera's for espionage were possible in real life and what lessons were learned from the project.
The session will start with providing a bit of context on why the project was started, what was already going on at that time and why the muncipality of the Hague had further questions for which they needed a hacking team.
We then discuss how we approached the project in a complex environment, where APT threats are involved and how that changes how you assess certain systems and features.
The core of the presentation focuses on disclosing the actual vulnerabilities found within the systems, how we went through the full cyber kill chain within the environment and what that actually means in the physical realm if this had been exploited with malicious intent.
Finally we end the presentation with some details on how the discovered issues were addressed and what general lessons can be learned from this project that could also be applicable for other similar environments.
Willem Westerhof is a renowned expert in IT, IoT and OT security, known as the discoverer of the Horus Scenario. His extensive research and offensive security projects across nearly all critical infrastructure sectors have significantly influenced the cybersecurity landscape.
Willem has authored more than 35 CVEs and is a sought-after speaker at platforms such as SHA2017 and the One Conference.
His expertise is frequently called upon by the Dutch government for security advisories, providing him with a unique, practical perspective on challenges and solutions within the sector.