|25 May||Tuesday||0900-17:00 CEST/GMT+2||8 Hours|
|26 May||Wednesday||0900-17:00 CEST/GMT+2||8 Hours|
There are many vulnerabilities in ICS systems that could expose an installation to attacks. Downtime or infiltration of an ICS network could result in massive outages, hundreds of thousands of impacted users and even national disaster. Penetration testing on ICS systems is a very specific field that requires in-depth knowledge and hardware availability.
This training is going to help you to understand ICS systems, analyse their weaknesses, attack them and design strategies to protect them. It is aimed at security professionals who want to understand ICS systems, improve their skills or specialize in ICS security, and will take them from the fundamentals of ICS security to advanced hacking techniques.
The focus will be on methodologies for hacking commercial hardware devices such as PLCs as well as simulators, and will also provide an excellent opportunity for participants to gain hands-on experience in penetration testing of these devices and systems. The ICS setup will simulate the ICS infrastructure with real-time PLCs and SCADA applications. The training will cover the most common ICS protocols (Modbus, S7, DNP3, OPC, Profinet), analysing packet captures and learning how to use these protocols to talk to PLCs. The training will also incorporate how to program a PLC, to improve understanding of how they can be exploited. There will be modules on how to bypass airgaps, how to defend airgapped systems, and also the techniques and tactics that adversaries use to compromise ICS systems.
Students will receive:
• ITvsOT • Architecture and ICS components
• PLC Wiring • PLC Programming Languages • How PLC Programs are executed • PLC Programming in Ladder Logic • Programming PLC hands-on exercises
• Modbus vulnerabilities • Modbus attacks • Packet analysis • Modbus emulation • Detecting Modbus slaves o Attacking Modbus slaves
• Fingerprint S7comm and obtaining information • S7comm vulnerabilities and s7commplus vulnerabilities o S7comm attacks • Packet analysis • S7comm emulation • Reading and writing data blocks and digital outputs • Hands-on practice
• Fingerprinting DNP3 and obtaining information o DNP3 vulnerabilities • DNP3 attacks • Packet analysis • DNP3 emulation • Hands-on practice
• Fingerprinting OPC-UA and obtaining information o OPC-UA vulnerabilities • OPC-UA attacks • Packet analysis • OPC UA emulation • Attacking OPC-UA • Hands-on practice
• Fingerprinting Profinet • Profinet vulnerabilities o Profinet attacks • Packet analysis • Hands-on practice
• What it's an Airgap? • Airgap Problems • Is there really an airgap? • Airgap, firewall or Data Diode? • Airgap attacks and examples • Inbound / Outbound channels • Making our own tests to bypass the airgap (with hands-on practice) o Defending the Airgap
• Weak network segmentation and segregation (with exercises) o Insecure protocols usage • Access control vulnerabilities • Old software use and lack of maintenance • Default credentials and insecure configurations • Lack of security awareness • Weak USB and personal devices use policies o Lack of logging and monitoring
• Attacker's motivations and ICS attack types • MITRE ATT&CK for ICS • Pentesting ICS systems • Pentesting ICS basics • Warning and precautions • Pentesting ICS tools • Pentesting ICS theory and methodology
• ICS Systems exposed on Internet • Target ICS for the practice • Information gathering • Attacking PLC standard interfaces and features • Attacking ICS protocols • Attacking HMI • Attacking Historians / Databases • Attacking Linux ICS components / Windows / Active Directory o Attacking embedded components • Fuzzing ICS protocol implementations
• ICS security policy • ICS risk management • ICS security awareness and training program • Network segmentation and segregation • USB and personal devices use policies and restrictions • ICS systems hardening and adequate configuration • Apply ‘defense in depth’ principle to protect ICS devices o Security supervision and other measures