2-DAY TRAINING 2 – Advanced ICS Hacking

DURATION: 2 DAYS

CAPACITY: 20 pax

SEATS AVAILABLE: 20


USD1899 [Early Bird]

USD2599 [Normal]

Early bird registration rate ends on the 24th of April


Overview

Industrial control systems (ICS) are often a sitting target for cybercriminals. The majority of these systems monitor complex industrial processes and critical infrastructures that deliver power, water, transport, manufacturing and other essential services.

There are many vulnerabilities in ICS systems that could expose an installation to attacks. Downtime or infiltration of an ICS network could result in massive outages, hundreds of thousands of impacted users and even national disaster. Penetration testing on ICS systems is a very specific field that requires in-depth knowledge and hardware availability.

This training is going to help you to understand ICS systems, analyze their weaknesses, attack them and design strategies to protect them. It is aimed at security professionals who want to understand ICS systems, improve their skills or specialize in ICS security, and will take them from the fundamentals of ICS security to advanced hacking techniques.

We will focus on methodologies for hacking commercial hardware devices such as PLCs as well as simulators, and we will also provide an excellent opportunity for participants to have hands-on experience in penetration testing of these devices and systems. The ICS setup will simulate the ICS infrastructure with real-time PLCs and SCADA applications. We will cover the most common ICS protocols (Modbus, S7, DNP3, OPC, Profinet), analyze packet captures and learn how to use these protocols to talk to PLCs. You will learn how to program a PLC, to better understand how to exploit them.

Throughout the course, we will use a virtual machine created by us specifically for ICS penetration tests, it has all the necessary tools for ICS hacking. The course is structured for beginner to intermediate level assistants and there is no need of previous experience in ICS, reversing or hardware

Key Learning Objectives

This course is a perfect fit for professionals who want to understand ICS systems, improve their skills
or specialize in ICS security, and will take them from the fundamentals of ICS security to advanced
hacking techniques. It’s an excellent opportunity for participants to acquire hands-on experience in
penetration testing ICS devices and systems

Who Should Attend

  • Penetration Testers / Read Team Members who want to pentest ICS systems or bypass the airgap
  • Government officials from defensive or defensive units
  • SCADA and PLC programmers
  • IT and OT security professionals seeking to increase their knowledge of ICS hacking and security
  • Anyone interested in ICS security

Prerequisite Knowledge

  • Basic knowledge of Linux
  • Basic knowledge of networking and pentesting

Hardware / Software Requirements

  • Laptop with at least 40GB free space
  • 8 GB minimum RAM
  • Virtualization Software such as VMWare or Virtualbox
  • Admin/Root access on their laptop

Agenda – Day 1: Overview of ICS, Protocols & Hacking

ICS Basics

  • Introduction to ICS
  • Vocabulary
  • The CIM model
  • Classic architectures
  • History of ICS
  • Briefing of ISA99/IEC62443, NIST 800-82, ANSSI
  • IT vs OT
  • ICS systems exposed on Internet

ICS Components

  • ICS Architecture, Components and Roles
    • RTU
    • HMI
    • DCS
    • Sensors
    • PLC
    • SCADA
    • Historian

Programming PLCs

  • PLC Wiring
  • PLC Programming in ladder
  • Programming PLC hands-on

ICS Protocols

  • Modbus
    • Introduction and protocol overview
    • Reconnaissance
    • Sniffing and Eavesdropping
    • Baseline Response Replay
    • Modbus Flooding
    • Modifying PLC values
    • Rogue Interloper
    • Hands-on practice
  • S7
    • Introduction and protocol overview
    • Reconnaissance
    • Sniffing and Eavesdropping
    • Uploading and downloading PLC programs
    • Start and Stop PLC CPU
    • Hands-on practice
  • DNP3
    • Introduction and protocol overview
    • Reconnaissance
    • Length Overflow Attack
    • Reset Function Attack
    • Rogue Interloper
    • Hands-on practice
  • Profinet
    • Introduction and protocol overview
    • Reconnaissance
    • Sniffing and Eavesdropping
    • Replay Attacks
    • Packet Forging Attacks
    • Hands-on practice
  • OPC/OPC-UA
    • Introduction and protocols overview
    • Reconnaissance
    • OPC Attacks
    • Hands-on practice

Agenda – Day 2: Bypassing the Airgap, Pentesting & Attacks

Bypassing the Air Gap

  • Tools and techniques

Common ICS Vulnerabilities

  • Lack of network segmentation
  • Lack of hardening
  • ICS protocols insecurity
  • Other vulnerabilities

Discussion of real attacks

Pentesting ICS systems

  • Pentesting Tools
  • Pentesting ICS Theory
  • Reconnaissance
  • Exploitation
  • Warnings and precautions

Hands-on Pentesting ICS practice

  • PLC Scanning and Reconnaissance
  • Network capture analysis & replaying packets
  • Attacking ICS protocols
  • Fuzzing ICS protocols
  • Attacking PLC standard interfaces and features
  • Attacking HMI
  • Attacking Windows ICS components
  • Find credentials on Windows systems
  • Exploiting to gain admin privileges

Securing ICS Systems

  • System hardening
  • Network segmentation
  • Security supervision and other measures

ICS System Case Study

 

 

Location: Date: July 20, 2020 Time: 9:00 am - 6:00 pm Yamila Levalle Sarka Pekarova