Description During our workshop, we will share SCADAStrangeLove team experience in penetration testing in ICS environment. From network level to application and from 0-day hunting to project management. Toolkit/tip and tricks/real world examples. What you should do and what you do not ever have to do. Please bring your notebook with VMware Player.
Website(s) http://scadastrangelove.org
Type Workshop
Keyword(s) hardware, software, network, hacking, security
Person organizing SCADAStrangelove
Language en - English
Other session...

Subtitle Hacking SCADA: ICS Penetration testing workshop
Starts at 2013/12/29 04:00:00 PM
Ends at 2013/12/29 07:00:00 PM
Duration 180 minutes
Location Hall E

During our workshop, we will share SCADAStrangeLove team experience in penetration testing in ICS environment. From network level to application and from 0-day hunting to project management. Toolkit/tip and tricks/real world examples. What you should do and what you do not ever have to do. Please bring your notebook with VMware Player.

Details:

1. Tilting at windmills: ICS pentest project management

 a.      ICS security assement projects goals: declarations and reality  
 b.      Thread modelling: traditional vs ICS
 c.      Between Security, ICS team and Vendor
 d.      Choosing the right approach: from hardcore hacking to paparazzi-style audit

2. Playing with networks

 a.      ICS protocol overview
 b.      Toolkit
 c.      Cases
 d.      Lab

3. Rooting the PLC: don’t even try

4. OS/DB/Application

 a.      Why you don’t need Magic SCADA Exploit Pack
 b.      How to find SCADA 0day
 c.      Toolkit
 d.      Lab

5. I’m the Lord of the SCADA

 a.      Ok, I god it. What I can to do?
 b.      Owning ICS stuff
 c.      Lab

6. Hunting the operator: ICS network “forensic”

7. Jumping to business level

 a.      Knockin 'on management team
 b.      BUZZness case: fraud, shmaud and figaud
 c.      Pentest to regulatory compliance mapping
 d.      Ashes and Hopelessness