Industrial Control Systems: Build, Break, Secure.

Numbers of days 3
address 28 avenu George V 75008 Paris
Course in English
Price 4224€ VAT included

Arnaud Soullié Arnaud Soullié

Discover the world of Industrial Control Systems with an attack mindset! In this 3-day training, we will follow a hands-on approach, growing from a very simple local process to a realistic ICS environment with 3 words in mind:
– Build: how does it work?
– Break: what are the weaknesses and how to exploit it?
– Secure: what can we do to fix it?
You will perform a lot of lab sessions, including: programming a PLC in ladder logic, analyzing network captures of ICS protocols, perform Modbus/S7/OPC-UA requests, using Metasploit to compromise a Windows host and gather sensitive information from an Active Directory, and much more!
The last day is dedicated to the Capture-the-Flag, in which you will apply the newly acquired techniques to compromise a corporate network, pivot to the ICS network and take control of the process to capture a flag with a robotic arm.
Moreover, the training doesn’t stop on the third day! With the WhiskICS training kit, you’ll be able to redo all the exercises after the training and continue experimenting with ICS security on your own.

The outline of the 3-day training is the following:

 

DAY 1  

  • Introduction to Industrial Control Systems
  • Introduction to the case study and the WhiskICS student kit
  • Automation basics & programming PLC
  • ICS protocols – Hacking the process
  • Attacking the non-ICS part of the PLC
  • PLC proprietary protocols
  • An introduction to safety

DAY 2

  • Process supervision: SCADA and DCS
  • Linking to corporate environments: Windows & Active Directory security
  • SCADA/DCS specific vulnerabilities
  • Industry 4.0 & IIoT
  • ICS cybersecurity general approach

DAY 3

  • Data exchange between ICS and the outside world
  • ICS security assessments
  • Capture the Flag

The whole afternoon is dedicated to applying the pentesting skills to a custom-designed ICS setup, composed of a corporate Active Directory with several servers and workstations, an ICS network composed of servers, HMIs and PLCs from several vendors. This setup controls a model train and some robot arms that need to be used to capture a flag on the train!