For the 3rd year, I’ll give my ICS pentesting training at Hack In Paris!
The event will take place from June 16th to 18th for the trainings, then June 19th and 20th for the talks.
This is the 3-day version of our pentesting ICS training, with the very popular ICS Capture-The-Flag at the end ! Here’s the high-level program:
You will learn everything you need to start pentesting Industrial Control Networks. We will cover the basics to help you understand the most common ICS vulnerabilities. We will then spend some time learning and exploiting Windows & Active Directory weaknesses, as most ICS are controlled by Windows systems.
We will cover the most common ICS protocols (Modbus, S7, Profinet, Ethernet/IP, DNP3, OPC…), analyze packet captures and learn how to use these protocols to talk to Programmable Logic Controllers (PLCs). You will learn how to program a PLC, to better understand how to exploit them.
The training will end with a challenging hands-on exercise: The first CTF in which you capture a real flag! Using your newly acquired skills, you will try to compromise a Windows Active Directory, pivot to an ICS setup to take control of a model train and robotic arms.
This training is heavily based on hands-on exercises, based both on simulated and real environments.
The outline is the following:
– Day 1
– Module 1: Introduction to ICS
– Module 2: Pentesting Basics & tools
– Module 3: Windows basics and pentesting Windows
– Module 4: Common ICS vulnerabilities
– Day 2
– Module 5: ICS protocols
– Module 6: Introduction to safety for security pros
– Module 7: Programming PLCs
– Module 8: Pentesting ICS
– Day 3
– Module 9: Securing ICS
– Module 10: Case study
– Module 11: Capture The Flag
Please find all info including registration over the conference website