Description During our workshop, we will share SCADAStrangeLove team experience in penetration testing in ICS environment. From network level to application and from 0-day hunting to project management. Toolkit/tip and tricks/real world examples. What you should do and what you do not ever have to do. Please bring your notebook with VMware Player.
Website(s) http://scadastrangelove.org
Type Workshop
Keyword(s) hardware, software, network, hacking, security
Person organizing SCADAStrangelove
Language en - English
Other session...

Hacking SCADA: ICS Penetration testing workshop

Duration 3 hours

During our workshop, we will share SCADAStrangeLove team experience in penetration testing in ICS environment. From network level to application and from 0-day hunting to project management. Toolkit/tip and tricks/real world examples. What you should do and what you do not ever have to do. Please bring your notebook with VMware Player.

Details:

1. Tilting at windmills: ICS pentest project management a. ICS security assement projects goals: declarations and reality b. Thread modelling: traditional vs ICS c. Between Security, ICS team and Vendor d. Choosing the right approach: from hardcore hacking to paparazzi-style audit 2. Playing with networks a. ICS protocol overview b. Toolkit c. Cases d. Lab 3. Rooting the PLC: don’t even try 4. OS/DB/Application a. Why you don’t need Magic SCADA Exploit Pack b. How to find SCADA 0day c. Toolkit d. Lab 5. I’m the Lord of the SCADA a. Ok, I god it. What I can to do? b. Owning ICS stuff c. Lab 6. Hunting the operator: ICS network “forensic” 7. Jumping to business level a. Knockin 'on management team b. BUZZness case: fraud, shmaud and figaud c. Pentest to regulatory compliance mapping d. Ashes and Hopelessness