by Edward Lee & Ellie Kim, NSHC
ICS/SCADA systems including power plants, factories, and transportation systems are some of the most critical systems in use today. There are a lot of vulnerabilities in SCADA systems that lie within not only the core protocols but also specific product vulnerabilities and network structures could expose an installation to attacks far more complex than traditional networks. This 3-day course has everything you need to take ICS systems apart, examine them for inherent weaknesses and plan on how to protect these facilities — many of which are 'unpatchable'. This 3-day course caters to engineers and researchers who wish to explore ICS/SCADA systems and will take them from the fundamentals of ICS security up to more advanced techniques. You will go away with the knowledge needed to perform real-world penetration tests against ICS installations and find your own 0-day vulnerabilities in ICS environments. All subjects in this course are taught using actual ICS products and miniaturised ICS systems for visualisation.
Date: 21-23 May 2018
Cost: $4,000 SGD
Topics
ICS Introduction
ICS/SCADA Architecture & Components
ICS/SCADA Case Study
Scanning for HMIs & PLCs, then lead to Web Hacking
SCADA Vulnerabilities (1-Day)
Bypass Air-Gap (Radio Frequency, Bad USB, DNS, etc.)
Network Protocol Vulnerabilities of ICS/SCADA Devices
ICS/SCADA Network Analysis
Pentest into ICS Facilities (0-Day)
ICS/SCADA Vulnerabilities (0-Day)
Incident Response for SCADA System
Who Should Attend
IT/OT Managers & Engineers in ICS/SCADA facilities
Red Team members who want to pentest ICS/SCADA systems
Members of the military or government cyber-warfare units
Penetration Testers tasked with bypassing air-gap
Pre-requisite Knowledge
Basic knowledge of system hacking
Basic knowledge of programming (C, Python) and system command would be a plus
Understand network and basic knowledge of TCP/IP
Hardware / Software Requirements
A laptop (64-bit, 8GB RAM, 30GB free hard drive space minimum)
VMware Fusion / Workstation / Player installed (Trial Version is OK)
About the Trainers
Edward Lee worked as a freelancer for penetration test over 8 years and software engineering over 5 years. His main job is training organisation or government agency like Cyber Police, National Security Agency, and the Ministry of Defense. He is interested in Artificial Intelligence (AI) research and development of games. He has a lot of experience in various government agencies as well as pentesting and training.
Ellie Kim is a Researcher at NSHC.