SECURITY AND PENETRATION TESTING IN INDUSTRIAL CONTROL SYSTEMS

During this training, at first, a variety of industrial control systems will be explained for students. Then, important threats against these systems and penetration testing methods will be investigated. In the end, the methods of security of industrial control systems will be introduced.

Module 1: Introduction to Industrial Control systems

  • Introduction to process control systems (e.g., RTU, PLC, DCS, SCADA, SENSOR, ETC)

  • The Purdue model

  • Difference between IT and OT

  • Introduction to Common ICS weaknesses

Module 2: ICS Risk Assessment

  • Methodologies for Assessing Risk within Industrial Control Systems (e.g., Risk Assessment Standards, ICS Risk Assessment

  • Vulnerability Assessment, Risk Classification and Ranking, Risk rating matrix)

  • Lab: Host Identification (arping, arp-scan, GRASSMARLIN)

  • Lab: introduction to CSET

Module 3: Networking and ICS Protocols

  • Introduction to ICS Networking Terminology, Protocols and Services (e.g., S7, modbus, DNP3, Ethernet/IP, OPC)

  • Lab: Turning on a Lamp With Modbus

  • Lab: ICS Protocol Traffic Analysis

Module 4: ICS/SCADA Penetration Testing

  • RED Team, ICS Attacks and Incidents (e.g.,packet replay, spoofing, brut force, man in the middle, social engineering, exploiting, denial of service, reconnaissance, scanning, data manipulating, unauthorized access, top ICS web application vulnerabilities, vulnerability Assessment vs penetration test, etc).

  • Reconnaissance and scanning

  • Lab: ICS Recognisance With Google Hacking

  • Lab: Working With shodan/censys Search Engines

  • Lab: Manual ICS Network Scanning Techniques

  • Lab: ICS Scanning Tools (plcscan, Grassmarlin, etc)

  • Lab: Manual Massive Network Scanning (nmap, masscan)

  • Lab: Working With Nessus SCADA Plugin for vulnerability Assessment

  • Lab: ICS Honeypot Fingerprinting

  • Penetration

  • Lab: Network Attacks

  • Lab: Hacking an HMI by Spoofing Modbus

  • Lab: Common Web Application Vulnerabilities in Industrial Control Systems

  • Lab: ICS Attacking With Metalsploit

  • Lab: Fuzzing ICS Protocols and softwares

  • Lab: Exploiting buffer overflows in ICS softwares

  • Lab: Firmware Analysis ,

Module 5: ICS Network Security, Policies, Best Practices

  • ICS Honeypots, Firewall configuration, Network Monitoring, security policies and procedures development, Secure ICS/SCADA Architecture Design

  • Lab: Running ICS Honeypots

  • Lab: Working With Tofino Firewall

  • Lab: Malware Analysis

  • Lab: OS Hardening

Module 6: ICS Threat Intelligence

  • Knowledge , Monitoring and Sharing standards of ICS specified cyber threats (e.g., The Types of Cyber Threat Intelligence, Indicators of Compromise, Threat intelligence sharing standards)

  • Lab: OpenIOC Creation (or STIX/TAXII)

  • Lab: Making an Active CTI Strategy on a Budget

  • Lab: OSINT VS CYBINT, Runing your own sensors for intelligence gathering

Module 7: Standards and Regulations

  • Introduction to the various models, Methodologies, and Industry-Specific regulations that are used to govern what must be done to protect critical ICS systems (NIST / ISA / NERC CIP)

Module 8: Threat Hunting, Forensic and Incident Response

  • Security Monitoring, Identification and Collection of Data, System and Network Log Analysis, Cyber Incident Response Planning

  • Lab: Some Real Exprience From a Ransomware Infection Forensic and IR

Module 9: Air Gapped Environments

  • Making Air Gapped Networks, How to Bypass Air Gapped Networks (data transmission theories, review of bypass methods)

About the Speaker