ICS cybersecurity training since 2015

Tired of legacy ICS systems? Attend this training to hack the next generation of Industrial Control Systems! No more Modbus, no more standard PLC, no more Purdue model!

This training is designed to show what the future might look like for Industrial Control Systems, and how it will impact cybersecurity.

Read More “Hack the connected plant!”

Discover the world of Industrial Control Systems with an attack mindset! In this training, we will follow a hands-on approach, growing from a very simple local process to a realistic ICS environment with 3 words in mind:
✅ Build: how does it work?
⚡ Break: what are the weaknesses and how to exploit it?
🔒 Secure: what can we do to fix it?

This course is fully remote via Zoom, at Singapore time

Read More “[canceled]BlackHat Asia Virtual training [April 16th-19th 2024] Build, Break, Secure (fully remote)”

Discover the world of Industrial Control Systems with an attack mindset! In this training, we will follow a hands-on approach, growing from a very simple local process to a realistic ICS environment with 3 words in mind:
✅ Build: how does it work?
⚡ Break: what are the weaknesses and how to exploit it?
🔒 Secure: what can we do to fix it?

Read More “BlackHat US [August 3th-6th 2024] Build, Break, Secure (In-person in Vegas!)”

Discover the world of Industrial Control Systems with an attack mindset! In this training, we will follow a hands-on approach, growing from a very simple local process to a realistic ICS environment with 3 words in mind:
✅ Build: how does it work?
⚡ Break: what are the weaknesses and how to exploit it?
🔒 Secure: what can we do to fix it?

Read More “BlackHat US [August 5th-10th 2023] Build, Break, Secure (In-person in Vegas!)”

Discover the world of Industrial Control Systems with an attack mindset! In this training, we will follow a hands-on approach, growing from a very simple local process to a realistic ICS environment with 3 words in mind:
✅ Build: how does it work?
⚡ Break: what are the weaknesses and how to exploit it?
🔒 Secure: what can we do to fix it?

This training will take place over 4 days, allowing a full day for the CTF and an additional case study on how to secure ICS.

You will perform a lot of lab sessions, including: programming a PLC in ladder logic, analyzing network captures of ICS protocols, perform Modbus (serial & tcp) requests, using Metasploit to compromise a Windows host and gather sensitive information from an Active Directory, and much more! The last half-day is dedicated to the Capture-the-Flag, in which you will apply the newly acquired techniques to compromise a corporate network, pivot to the ICS network and take control of the process to capture a flag with a robotic arm.
Moreover, the training doesn’t stop on the third day! With the WhiskICS training kit, you’ll be able to redo all the exercises after the training and continue experimenting with ICS security on your own.

Read More “BlackHat US [August 6th-9th 2022] Build, Break, Secure (In-person in Vegas!)”

Discover the world of Industrial Control Systems with an attack mindset! In this training, we will follow a hands-on approach, growing from a very simple local process to a realistic ICS environment with 3 words in mind:
✅ Build: how does it work?
⚡ Break: what are the weaknesses and how to exploit it?
🔒 Secure: what can we do to fix it?

This training will take place over 4 days, allowing a full day for the CTF and an additional case study on how to secure ICS.

You will perform a lot of lab sessions, including: programming a PLC in ladder logic, analyzing network captures of ICS protocols, perform Modbus (serial & tcp) requests, using Metasploit to compromise a Windows host and gather sensitive information from an Active Directory, and much more! The last half-day is dedicated to the Capture-the-Flag, in which you will apply the newly acquired techniques to compromise a corporate network, pivot to the ICS network and take control of the process to capture a flag with a robotic arm.
Moreover, the training doesn’t stop on the third day! With the WhiskICS training kit, you’ll be able to redo all the exercises after the training and continue experimenting with ICS security on your own.

Read More “BlackHat US [ July 31st to August 3rd, 2021] Build, Break, Secure (Live remote)”

Discover the world of Industrial Control Systems with an attack mindset! In this training, we will follow a hands-on approach, growing from a very simple local process to a realistic ICS environment with 3 words in mind:
✅ Build: how does it work?
⚡ Break: what are the weaknesses and how to exploit it?
🔒 Secure: what can we do to fix it?

This training will take place over 5 half-days.

You will perform a lot of lab sessions, including: programming a PLC in ladder logic, analyzing network captures of ICS protocols, perform Modbus (serial & tcp) requests, using Metasploit to compromise a Windows host and gather sensitive information from an Active Directory, and much more! The last half-day is dedicated to the Capture-the-Flag, in which you will apply the newly acquired techniques to compromise a corporate network, pivot to the ICS network and take control of the process to capture a flag with a robotic arm.
Moreover, the training doesn’t stop on the third day! With the WhiskICS training kit, you’ll be able to redo all the exercises after the training and continue experimenting with ICS security on your own.

Read More “[CANCELED] X33FCON [ June 21-25, 2021] Build, Break, Secure (Live remote)”

Discover the world of Industrial Control Systems with an attack mindset! In this training, we will follow a hands-on approach, growing from a very simple local process to a realistic ICS environment with 3 words in mind:
✅ Build: how does it work?
⚡ Break: what are the weaknesses and how to exploit it?
🔒 Secure: what can we do to fix it?

You will perform a lot of lab sessions, including: programming a PLC in ladder logic, analyzing network captures of ICS protocols, perform Modbus (serial & tcp) requests, using Metasploit to compromise a Windows host and gather sensitive information from an Active Directory, and much more! The last half-day is dedicated to the Capture-the-Flag, in which you will apply the newly acquired techniques to compromise a corporate network, pivot to the ICS network and take control of the process to capture a flag with a robotic arm.
Moreover, the training doesn’t stop on the third day! With the WhiskICS training kit, you’ll be able to redo all the exercises after the training and continue experimenting with ICS security on your own.

Read More “TROOPERS [March 29th-31th] Build, Break, Secure (Live remote)”

Ma première formation en français aura lieu du 7 au 9 septembre 2020 chez HS2!

Read More “[French] PENTESTINDUS chez HS2!”

I am delighted to announce that I will give my Pentesting ICS training at Troopers next year !

Please find all information including registration at the following link: https://www.troopers.de/troopers20/trainings/jqxfau/

Read More “Troopers [16-17 March 2020]”

I will deliver the 3-day version of my Pentesting ICS training at SHACK in Singapore in March !

Please follow the link for more information, or look at the training outline below.

https://www.coseinc.com/shack/training

Read More “SHACK Singapore [30th March – 1st April 2020]”

Discover the world of Industrial Control Systems with an attack mindset! We will follow a hands-on approach, growing from a very simple local process to a realistic ICS environment with 3 words in mind:

• Build: how does it work?
• Break: what are the weaknesses and how to exploit it?
• Secure: what can we do to fix it?

Read More “ICS: Build, Break, Secure”