For the 2nd year, I’ll give my ICS pentesting training at CS3!

The event will take place from October 21th to 22th for the trainings, then 23rd and 24th for the talks in beautiful Stockholm.

This is the 2-day version of our pentesting ICS training, with the very popular ICS Capture-The-Flag at the end ! Here’s the high-level program:

On this intense 2­ days training, you will learn everything you need to start pentesting Industrial Control Networks. We will cover the basics to help you understand what are the most common ICS vulnerabilities. We will then spend some time learning and exploiting Windows & Active Directory weaknesses, as most ICS are controlled by Windows systems.

We will cover the most common ICS protocols (Modbus, S7, Profinet, Ethernet/IP, DNP3, OPC…), analyze packet captures and learn how to use these protocols to talk to Programmable Logic Controllers (PLCs). You will learn how to program a PLC, to better understand how to exploit them. The training will end with an afternoon dedicated to a challenging hands­on exercise: The first CTF in which you capture a real flag ! Using your newly acquired skills, you will try to compromise a Windows Active Directory, pivot to an ICS setup to take control of a model train and robotic arms.

The detailed outline of the training will be the following:
– Introduction to ICS & common vulnerabilities
– Pentesting Basics & tools
– Windows basics and pentesting Windows
– Focus on ICS protocols
– Programming PLCs
– Pentesting ICS
– Capture The Flag

Please find all info including registration over the conference website