Hacking SCADA: ICS Penetration testing workshop
| Description | During our workshop, we will share SCADAStrangeLove team experience in penetration testing in ICS environment. From network level to application and from 0-day hunting to project management. Toolkit/tip and tricks/real world examples. What you should do and what you do not ever have to do. Please bring your notebook with VMware Player. |
|---|---|
| Website(s) | http://scadastrangelove.org |
| Type | Workshop |
| Keyword(s) | hardware, software, network, hacking, security |
| Person organizing | SCADAStrangelove |
| Language | en - English |
| Other session... | |
| Subtitle | Hacking SCADA: ICS Penetration testing workshop |
|---|---|
| Starts at | 2013/12/29 04:00:00 PM |
| Ends at | 2013/12/29 07:00:00 PM |
| Duration | 180 minutes |
| Location | Hall E |
During our workshop, we will share SCADAStrangeLove team experience in penetration testing in ICS environment. From network level to application and from 0-day hunting to project management. Toolkit/tip and tricks/real world examples. What you should do and what you do not ever have to do. Please bring your notebook with VMware Player.
Details:
1. Tilting at windmills: ICS pentest project management
a. ICS security assement projects goals: declarations and reality b. Thread modelling: traditional vs ICS c. Between Security, ICS team and Vendor d. Choosing the right approach: from hardcore hacking to paparazzi-style audit
2. Playing with networks
a. ICS protocol overview b. Toolkit c. Cases d. Lab
3. Rooting the PLC: don’t even try
4. OS/DB/Application
a. Why you don’t need Magic SCADA Exploit Pack b. How to find SCADA 0day c. Toolkit d. Lab
5. I’m the Lord of the SCADA
a. Ok, I god it. What I can to do? b. Owning ICS stuff c. Lab
6. Hunting the operator: ICS network “forensic”
7. Jumping to business level
a. Knockin 'on management team b. BUZZness case: fraud, shmaud and figaud c. Pentest to regulatory compliance mapping d. Ashes and Hopelessness