Discover the world of Industrial Control Systems with an attack mindset! In this training, we will follow a hands-on approach, growing from a very simple local process to a realistic ICS environment with 3 words in mind:
✅ Build: how does it work?
⚡ Break: what are the weaknesses and how to exploit it?
🔒 Secure: what can we do to fix it?
This training will take place over 3 days, allowing a full day for the CTF!
You will perform a lot of lab sessions, including: programming a PLC in ladder logic, analyzing network captures of ICS protocols, perform Modbus (serial & tcp) requests, using Metasploit to compromise a Windows host and gather sensitive information from an Active Directory, and much more! The last half-day is dedicated to the Capture-the-Flag, in which you will apply the newly acquired techniques to compromise a corporate network, pivot to the ICS network and take control of the process to capture a flag with a robotic arm.
Moreover, the training doesn’t stop on the third day! With the WhiskICS training kit, you’ll be able to redo all the exercises after the training and continue experimenting with ICS security on your own.
- Introduction to Industrial Control Systems
- Automation basics & programming PLC
- ICS protocols
- Hacking the process
- Focus on PLC security
- Process supervision: SCADA and DCS
- Linking to corporate environments: Windows & Active Directory security
- SCADA/DCS specific vulnerabilities
- An introduction to safety
- Industry 4.0 & IIoT
- Capture the Flag
Exercise: Programming a PLC
To end the training, the Capture The Flag is always the most fun! A full day of hacking !
Each attendee will get its own virtual CTF environment in the cloud, and a CTFd instance will allow attendees to compete for the flags.
Attendees will also be able to connect to a real ICS setup composed of Siemens & Schneider PLCs and controlling a robot arm as well as a model train.
What is included in the training?
The training will happen during the Hack in Paris event, the days before the conferences.
By registering for this training, you’ll also get 30 days access to the online platform, including videos, the lab and CTF environments.
This training aims at bridging the gap between IT and ICS: it is designed to allow OT professionals to understand the security challenges of ICS with an offensive mindset, while allowing IT professionals to discover the world of Industrial Control Systems and adapt their cybersecurity knowledge to this new world.
The training is heavily hands-on. While no ICS or pentest knowledge is required, it is recommended for attendees to have basic networking and computers skills (using virtual machines, the command line, understanding TCP/IP…).
No need to bring a laptop! All virtual machines, including the attendees’ machines, will be hosted in the cloud and you’ll directly connect from any computer with an Internet access.
This training is not suited for people that already have a strong ICS cybersecurity technical experience.
Pricing and registration