New generation malware and attacks have been targeting ICS and systems
causing huge monetary and human life losses. ICS system still vulnerable in
nature because it’s poorly understood. Penetration testing on ICS systems is a
very niche field which requires in-depth knowledge and has a huge dependency in
terms of the Hardware availability.
In this course, will concentrate on methodologies to conduct penetration testing
of commercial Hardware devices such as PLCs as well as simulators and also
provide an excellent opportunity for participants to have hands-on experience on
Penetration Testing of these devices and systems. This course also focused on
hardware analysis of the embedded system and fuzzing techniques over ICS
protocol to identify 0-day vulnerabilities. The ICS setup will simulate the ICS
infrastructure with real-time PLCs and SCADA application. In the end, of course,
there will be ICS CTF and some GOODIES to give away for the winners
Throughout the course, we will use Astra-ICS, a VM created by us specifically for
ICS and IoT penetration testing. It has most of the required tools for ICS and IoT
security analysis. We will also distribute VulICS, a vulnerable embedded sensor
made in-house for hands-on exercises.
The “Practical Industrial Control System (ICS) Hacking” course is aimed at
security professionals who want to enhance their skills and move to/specialize in
ICS security. The course is structured for beginner to intermediate level attendees
who do not have any experience in ICS, reversing or hardware.
WHO SHOULD TAKE THIS COURSE;
Penetration testers tasked with auditing ICS
Government officials from defensive or offensive units
Red team members tasked with compromising the ICS infrastructure
Embedded security enthusiasts
SCADA and PLC programmers.
Anyone interested in ICS security
Basic knowledge of Linux OS
Basic knowledge of programming (C, python) would be a plus
WHAT ATTENDEES SHOULD BRING:
Laptop with at least 40 GB free space
4+ GB minimum RAM (2+GB for the VM)
External USB access
Administrative privileges on the system
Arun is a Hardware, IOT and ICS Security Researcher. His areas of interest are Hardware Security, SCADA, Fault Injection, RF protocols and Firmware Reverse Engineering. He also has experience in performing Security Audits for both Government and private clients. He has presented a talk at the nullcon 2016,2017,2018 Goa, GNUnify 2017, Defcamp 2017,2018, BsidesDelhi 2017, c0c0n x 2017, EFY 2018, X33fcon2018, BlackHat USA 2018, Defcon USA 2018 Also Trainer for Practical Industrial Control Systems (ICS) hacking training, delivered in X33fcon2018, HIP 2018 and also delivered training for IoT hacking in HITB 2017, HIP 2017, BlackHat Asia 2018 and private clients in London, Australia, Sweden, Netherlands etc. He is an active member of null – The open Security community and G4H community.
For more information: