Defending Critical Infrastructure

In this defensive training, we will provide an overview of tools that have recently been introduced to address current and future threats to critical infrastructure. The core of this training revolves around the most recent releases of the CyPSA toolset introduced at TROOPERS16. New functionality has been added to this impact based toolset including attribution forensics, end to end encryption, and ability to fail closed. Learning how to incorporate next generation defensive tools on your enterprise will be aided by researchers from academia and industry. This is a hands-on training.


  1. ICS Cyber Systems Overview and case studies
  2. Case Study of an actual „Ransomware“ infection
  3. Use of Sensors in the ICS system k. Building a Sound Sensor Architecture
  4. Module Vulnerability Assessment in ICS Systems
  5. Module Defense in Depth
  6. Introduction: Guided Hands-on Exercise
  7. Transitive Trust Models in ICS networks
  8. Lab: ICS Protocol Traffic Analysis
  9. Lab: Working with Shodan/Censys Search Engines
  10. Case Studies


Students should bring a laptop with at least 50 GB of free disk space (100 GB better) and they must have local admin privileges on their laptops.


Students should have a good understanding of operating systems and network basics, and at least some knowledge of ITSec and pentesting basics. Knowledge of basic ICS/SCADA terminology is a plus but not necessary.

About the Speakers