On This Page

Attacking, Building and Defending SCADA Systems

Tom Parker & Jonathan Pollet | August 1-2 & 3-4



Overview

Supervisory control and data acquisition (SCADA) systems are some of the most poorly understood, yet most critical systems in use in the world today, and while they generally remain unseen are responsible for the smooth running of our daily routines _ from the moment we turn on a tap in the morning, to turning off the lights at night. This two day course will take a deep-dive into the fundamentals of SCADA security and provide students with the knowledge that they need to safely perform penetration testing against live SCADA environments. The course will also provide students with methodologies through which security research may be performed against SCADA devices in order to identify 0day flaws in some of the world's most critical systems. During the course, students will have the opportunity to engage in live attacks against programmable logic controllers (PLC's) and other industrial control systems, to include activities such as SCADA RTOS firmware reversing and SCADA protocol fuzzing. Day one will provide students with an understanding of practical SCADA use-cases in a number of environments, where control systems are most commonly found. Students will become familiar with SCADA-specific fundamentals required to apply information security doctrine to SCADA applications. Day two will focus on attacking industrial control systems, including how vulnerability research of ICS devices may be conducted and later applied to live systems. Day two will conclude with applying students newly acquired knowledge to securing SCADA applications, including the ways in which embedded ICS devices may be secured.

Who Should Take this Course

This course is ideally suited to those in the IT security and ICS field, seeking to obtain an in depth understanding of industrial control system vulnerabilities: their identification, exploitation, remediation and understanding real world impacts.

Student Requirements

Students must at minimum possess a fundamental understanding of computing and networking technologies, including Switching, Routing, Windows and UNIX based operating systems at an intermediate level. A prior understanding of IP based network protocol fundamentals, including the use of simple packet inspection tools (such as tcpdump and wireshark) is also recommended.

What Students Should Bring

Students should bring a laptop running Windows 7, capable of running VMware, with at least 8GB of RAM, an Ethernet interface and DVD drive. Students are recommended to pre-install a functioning version of VMWare Workstation or VMWare Player. The host operating system may be either 32 or 64bit.

What Students Will Be Provided With

Printed Course Materials, SCADA Tools DVD & Sample Code

Trainers

Tom Parker is the Chief Technology Officer and Vice President of Security Services at FusionX. Tom is recognized throughout the security industry for his research in multiple areas including adversary profiling, industrial control systems security and software vulnerability research & analysis. Tom has published over four books on the topic of information security including Cyber Adversary Characterization - Auditing the Hacker Mind and a contributor to the popular Stealing the Network Series. Tom is a frequent speaker at conferences including a past speaker at Black Hat. Tom often lends his time to guest lecturing at Universities, involvement in community research initiatives, and is often called to provide his expert opinion to mass media organizations, including BBC News, CNN, and online/print outlets such as The Register, Reuters News, Wired and Business Week.

Jonathan Pollet, Founder and Principal Consultant for Red Tiger Security, USA has over 12 years of experience in both Industrial Process Control Systems and Network Security. After graduating from the University of New Orleans with honors and receiving a B.S. degree in Electrical Engineering, he was hired by Chevron and designed and implemented PLC and SCADA systems for onshore and offshore facilities. In 2001 he began to publish several white papers that exposed the need for security for Industrial Control Systems (ICS), and is still active in the research of vulnerabilities within critical infrastructure systems. He has led security teams on over 150 assessments, penetration tests, and red team physical breaches involving SCADA and Industrial Control Systems. He is also the co-developer of the 5-day SCADA Security Advanced training course initially offered in February 2009, and is currently at version 2.4.