(Created page with "{{Session |Has description=During our workshop, we will share SCADAStrangeLove team experience in penetration testing in ICS environment. From network level to application and...")
 
 
(2 intermediate revisions by the same user not shown)
Line 8: Line 8:
 
|Has orga contact=scadastragelove@gmail.com
 
|Has orga contact=scadastragelove@gmail.com
 
}}
 
}}
Hacking SCADA: ICS Penetration testing workshop
+
{{Event
+
|Has subtitle=Hacking SCADA: ICS Penetration testing workshop
Duration 3 hours
+
|Has start time=2013/12/29 04:00:00 PM
+
|Has duration=180
 +
|Has session location=Room:Hall E
 +
}}
 
During our workshop, we will share SCADAStrangeLove team experience in penetration testing in ICS environment. From network level to application and from 0-day hunting to project management. Toolkit/tip and tricks/real world examples. What you should do and what you do not ever have to do. Please bring your notebook with VMware Player.
 
During our workshop, we will share SCADAStrangeLove team experience in penetration testing in ICS environment. From network level to application and from 0-day hunting to project management. Toolkit/tip and tricks/real world examples. What you should do and what you do not ever have to do. Please bring your notebook with VMware Player.
 
   
 
   
Line 17: Line 19:
 
   
 
   
 
1.      Tilting at windmills: ICS pentest project management
 
1.      Tilting at windmills: ICS pentest project management
a.       ICS security assement projects goals: declarations and reality
+
  a.     ICS security assement projects goals: declarations and reality
b.      Thread modelling: traditional vs ICS
+
  b.      Thread modelling: traditional vs ICS
c.       Between Security, ICS team and Vendor
+
  c.     Between Security, ICS team and Vendor
d.      Choosing the right approach: from hardcore hacking to paparazzi-style audit
+
  d.      Choosing the right approach: from hardcore hacking to paparazzi-style audit
 +
 
 
2.      Playing with networks
 
2.      Playing with networks
a.       ICS protocol overview
+
  a.     ICS protocol overview
b.      Toolkit
+
  b.      Toolkit
c.       Cases
+
  c.     Cases
d.      Lab
+
  d.      Lab
 +
 
 
3.      Rooting the PLC: don’t even try
 
3.      Rooting the PLC: don’t even try
 +
 
4.      OS/DB/Application
 
4.      OS/DB/Application
a.       Why you don’t need Magic SCADA Exploit Pack
+
  a.     Why you don’t need Magic SCADA Exploit Pack
b.      How to find SCADA 0day
+
  b.      How to find SCADA 0day
c.       Toolkit
+
  c.     Toolkit
d.      Lab
+
  d.      Lab
 +
 
 
5.      I’m the Lord of the SCADA
 
5.      I’m the Lord of the SCADA
a.       Ok, I god it. What I can to do?
+
  a.     Ok, I god it. What I can to do?
b.      Owning ICS stuff
+
  b.      Owning ICS stuff
c.       Lab
+
  c.     Lab
 +
 
 
6.      Hunting the operator: ICS network “forensic”
 
6.      Hunting the operator: ICS network “forensic”
 +
 
7.      Jumping to business level
 
7.      Jumping to business level
a.       Knockin 'on management team
+
  a.     Knockin 'on management team
b.      BUZZness case: fraud, shmaud and figaud
+
  b.      BUZZness case: fraud, shmaud and figaud
c.       Pentest to regulatory compliance mapping
+
  c.     Pentest to regulatory compliance mapping
d.      Ashes and Hopelessness
+
  d.      Ashes and Hopelessness

Latest revision as of 15:11, 2 December 2013

Description During our workshop, we will share SCADAStrangeLove team experience in penetration testing in ICS environment. From network level to application and from 0-day hunting to project management. Toolkit/tip and tricks/real world examples. What you should do and what you do not ever have to do. Please bring your notebook with VMware Player.
Website(s) http://scadastrangelove.org
Type Workshop
Keyword(s) hardware, software, network, hacking, security
Person organizing SCADAStrangelove
Language en - English
Other session...

Subtitle Hacking SCADA: ICS Penetration testing workshop
Starts at 2013/12/29 04:00:00 PM
Ends at 2013/12/29 07:00:00 PM
Duration 180 minutes
Location Hall E

During our workshop, we will share SCADAStrangeLove team experience in penetration testing in ICS environment. From network level to application and from 0-day hunting to project management. Toolkit/tip and tricks/real world examples. What you should do and what you do not ever have to do. Please bring your notebook with VMware Player.

Details:

1. Tilting at windmills: ICS pentest project management

 a.      ICS security assement projects goals: declarations and reality  
 b.      Thread modelling: traditional vs ICS
 c.      Between Security, ICS team and Vendor
 d.      Choosing the right approach: from hardcore hacking to paparazzi-style audit

2. Playing with networks

 a.      ICS protocol overview
 b.      Toolkit
 c.      Cases
 d.      Lab

3. Rooting the PLC: don’t even try

4. OS/DB/Application

 a.      Why you don’t need Magic SCADA Exploit Pack
 b.      How to find SCADA 0day
 c.      Toolkit
 d.      Lab

5. I’m the Lord of the SCADA

 a.      Ok, I god it. What I can to do?
 b.      Owning ICS stuff
 c.      Lab

6. Hunting the operator: ICS network “forensic”

7. Jumping to business level

 a.      Knockin 'on management team
 b.      BUZZness case: fraud, shmaud and figaud
 c.      Pentest to regulatory compliance mapping
 d.      Ashes and Hopelessness