Absolute SCADA: Red Team Edition
Overview
Supervisory control and data acquisition (SCADA) systems are some of the most poorly understood, yet most critical systems in use in the world today, and while they generally remain unseen are responsible for the smooth running of our daily routines from the moment we turn on a tap in the morning, to turning off the lights at night.
This two day course will take a deep-dive into the world of red-teaming industrial control systems; while teaching the fundamentals of SCADA security that are required to successfully penetrate industrial control system environments. The course will also provide students with methodologies through which security research may be performed against SCADA devices in order to identify 0day flaws in some of the world's most critical systems. During the course, students will have the opportunity to engage in live attacks against programmable logic controllers (PLC's) and other industrial control systems, to include activities such as SCADA RTOS firmware reversing, ICS hardware hacking and SCADA protocol fuzzing.
Day one will provide students with an understanding of the SCADA threat surface relating to numerous industries where SCADA systems can be found and exploited. Students will become familiar with SCADA-specific fundamentals required to successfully manipulate control systems once their environment has been breached.
Day two will focus on hands on red teaming industrial control systems, including how vulnerability research of ICS devices may be conducted and later applied to live systems. This includes both the methodology to breach an ICS environment, how to remain undetected and to successfully subvert an industrial process. Day two will wrap up with a breach scenario challenge and the chance to win your own industrial controller for home or at work.
Who Should Take this Course
PENTESTers, SIGINTers, SCADAers, HACKers
Student Requirements
Students must at minimum possess a fundamental understanding of computing and networking technologies, including Switching, Routing, Windows and UNIX based operating systems at an intermediate level. A prior understanding of IP based network protocol fundamentals, including the use of simple packet inspection tools (such as tcpdump and wireshark) is also recommended.
What Students Should Bring
Students should bring a laptop with a 32 or 64bit operating system, a functioning version of VMWare Workstation or VMWare Player installed and at least 8GB of free RAM
Students should be familiar with networking fundamentals (switching, routing etc) and have an intermediate grasp of security concepts, including application security, firewalls and intrusion detection. A basic understanding for IP based network protocol design is also beneficial.
What Students Will Be Provided With
Free ICS Assessment Tools & SCADA Assessment VM and chance to win a Siemens S7 PLC
Trainers
Tom Parker is the Chief Technical Officer and Vice President of Security Services at FusionX. Tom is recognized throughout the security industry for his research in multiple areas including adversary profiling, industrial control systems security and software vulnerability research & analysis. Tom has published over four books on the topic of information security including Cyber Adversary Characterization - Auditing the Hacker Mind and a contributor to the popular Stealing the Network Series. Tom is a frequent speaker at conferences including a past speaker at Black Hat. Tom often lends his time to guest lecturing at Universities, involvement in community research initiatives, and is often called to provide his expert opinion to mass media organizations, including BBC News, CNN, and online/print outlets such as The Register, Reuters News, Wired and Business Week.
Jonathan Pollet, Founder and Principal Consultant for Red Tiger Security, USA has over 12 years of experience in both Industrial Process Control Systems and Network Security. After graduating from the University of New Orleans with honors and receiving a B.S. degree in Electrical Engineering, he was hired by Chevron and designed and implemented PLC and SCADA systems for onshore and offshore facilities. In 2001 he began to publish several white papers that exposed the need for security for Industrial Control Systems (ICS), and is still active in the research of vulnerabilities within critical infrastructure systems. He has led security teams on over 150 assessments, penetration tests, and red team physical breaches involving SCADA and Industrial Control Systems.