ICS cybersecurity academy

Industrial Control Systems cybersecurity training & resources

BlackHat US [August 5th-10th 2023] Build, Break, Secure (In-person in Vegas!)

Discover the world of Industrial Control Systems with an attack mindset! In this training, we will follow a hands-on approach, growing from a very simple local process to a realistic ICS environment with 3 words in mind:
Build: how does it work?
Break: what are the weaknesses and how to exploit it?
🔒 Secure: what can we do to fix it?

This training will take place over 4 days, allowing a full day for the CTF and an additional case study on how to secure ICS.


You will perform a lot of lab sessions, including: programming a PLC in ladder logic, analyzing network captures of ICS protocols, perform Modbus (serial & tcp) requests, using Metasploit to compromise a Windows host and gather sensitive information from an Active Directory, and much more! The last half-day is dedicated to the Capture-the-Flag, in which you will apply the newly acquired techniques to compromise a corporate network, pivot to the ICS network and take control of the process to capture a flag with a robotic arm.
Moreover, the training doesn’t stop on the third day! With the WhiskICS training kit, you’ll be able to redo all the exercises after the training and continue experimenting with ICS security on your own.

You can register directly on BlackHat’s website : https://www.blackhat.com/us-23/training/schedule/index.html#industrial-control-systems-build-break-secure-30299

A 5-minute video to showcase the training

Course outline

DAY 1

  • Introduction to Industrial Control Systems
  • Automation basics & programming PLC
  • ICS protocols
  • Hacking the process
  • Focus on PLC security

DAY 2

  • Process supervision: SCADA and DCS
  • Linking to corporate environments: Windows & Active Directory security
  • SCADA/DCS specific vulnerabilities
  • An introduction to safety
  • Industry 4.0 & IIoT

DAY 3

  • Capture the Flag

DAY 4

  • ICS cybersecurity general approach & standards
  • Focus on ICS architectures
  • Case study: improving the security of the ICS from the CTF
  • LAB: Top 20 Secure PLC Coding Practices

WhiskICS virtual training kit

In order to allow attendees to have a small-scale ICS kit, without having to increase the cost of the training, I designed the “WhiskICS” virtual training kit.

It is used throughout the training to experiment with.

It is part of the Windows 10 virtual machine I provide, and contains:

  • A custom-designed process simulation
  • A PLC simulator (SoMachine Basic, 90 days trial license)
  • A SCADA (Schneider IGSS, free license)

It allows attendees to have a “full” ICS environment

Architecture of the WhiskICS virtual training kit

Visual design of the distillation process simulation in a web browser

Online labs

I’ve decided to move away from distributing virtual machines for attendees and provide access to online labs instead.

There was always too much time spent troubleshooting the different behavior between VirtualBox, VMware workstation, Parrallels on Macs…. In addition, the switch to ARM platform by Apple makes it more difficult to run VMs and would require me to maintain two different sets of VMs.

I am now using Skytap as the provider of cloud virtual machines as well as self-provisioned labs.

Each attendee is given an access code that allows them to connect to the portal and:

  • Launch an online lab
  • Destroy / reprovision the lab
  • Access the virtual machines directly in a web browser

A few screenshots of the workflow for users:

Access the portal

Request a lab

Access the lab or re-provision it

Lab page

Use the VM directly from the browser

The CTF also uses this platform, but with a different lab composed of 14 VMs, but only 2 of the (1 Windows 10 and 1 Kali) are visible to the user.

The CTF

The Capture The Flag is always the most fun!

Each attendee will access its own CTF environment in the cloud (12+ VMs), and will try to take control of a simulated model train and robot arm:

Attendees will be guided during the CTF and will compete against each other though a CTFd server.

In addition to the virtual setup, attendees will also be able to connect to a physical version of the CTF, composed of real hardware

What is included in the training?

The training will be taught in-person in Vegas!

By registering for this training, you’ll also get 30 days access to the online platform, including videos, the lab and CTF environments.

Target audience

This training aims at bridging the gap between IT and ICS: it is designed to allow OT professionals to understand the security challenges of ICS with an offensive mindset, while allowing IT professionals to discover the world of Industrial Control Systems and adapt their cybersecurity knowledge to this new world.

The training is heavily hands-on. While no ICS or pentest knowledge is required, it is recommended for attendees to have basic networking and computers skills (using virtual machines, the command line, understanding TCP/IP…).

All virtual machines, including the attendees’ machines, will be hosted in the cloud and you’ll directly connect from any web browser.

This training is not suited for people that already have a strong ICS cybersecurity technical experience.

Pricing and registration

You can register directly on BlackHat’s website : https://www.blackhat.com/us-23/training/schedule/index.html#industrial-control-systems-build-break-secure-30299

Early bird pricing ends on May 26th.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: