SecurityWeek is thrilled to announce a new, multi-day, hands-on training course offering taking place alongside the 2025 ICS Cybersecurity Conference.
US ONLY: This training is available for United States Citizens only.
Workshop Registration Fee: $3995 – Includes certificate of course completion, all meals and access to all conference sessions and social functions.
Limited seats available. Reserve your spot today!
Note: This hands on training will take place Tuesday, October 28th – Thursday, October 30th. Day 1 will be a full day, and Day 2 and 3 will be half days. Students will be able to attend sessions of the core ICS Cybersecurity Conference and access instructors event when the workshop is not in session. Access to all conference meals and networking events is also included.
Cyber-physical systems, i.e. systems that bridge the cyber and physical domains, are attractive targets for attack partially due to the possibility of causing real-world physical loss to the victim.
Have you ever wondered how cyber adversaries execute these sort of attacks? Do you see attacks in the news and wonder, “how did the attacker even think to do that?” Do you stay up at night thinking, “could that happen to my system?” Developers want their systems to be secure and need to understand the threat. Unfortunately, broad intel reports and vague proclamations about adversary capability and intent may not give developers a concrete understanding of what they can do to make their systems more secure.
This Cyber Attack Methods course takes a unique approach to meeting this need, putting students into the shoes of an attacker — walking them through the steps of system discovery, exploitation, and delivering a mission-impacting attack against an intentionally vulnerable virtual cyber physical system with their hands on the keyboard. In this course we won’t turn you into a hacker, but you will learn to think like one!
Course Objectives:
- Provide an understanding of methods that an attacker may use against cyber-physical systems and their impact on mission readiness, capability, confidentiality, integrity, availability, productivity, or revenue.
- With hands-on keyboard, develop and execute attacks against a representative cyber-physical system; discuss and evaluate mitigations against these attacks.
- Foster an attacker mindset, enabling participants to think like bad actors, walk through attack methods related to historic exploits, and apply that knowledge to making systems more secure.
What students should know beforehand:
There are no firm prerequisites for the course although it’s primarily aimed towards systems engineers, system security engineers and developers. Students will get the most benefit if they are somewhat familiar with using the Linux command line and have done some programming. That being said, it is a guided tour – student’s hands will be on the keyboard but instructors will lead them all the way through.
What students will learn:
Students will gain a tangible appreciation for adversary mindset, tactics, techniques and procedures related to enumerating and exploiting weaknesses in cyber physical systems. They will also learn to think through real-world mitigations and design choices to reduce attack surface and provide greater protections in the systems they design, build, or oversee.
What students need to bring: Students will need to bring an Intel-based laptop capable of running a virtual machine as detailed below. Sorry, ARM-based MacBooks are not supported.
The CAM Virtual Machine requires the host to run either Oracle VirtualBox or VMWare Workstation with the minimum specs provided by the vendors:
- VirtualBox: https://docs.oracle.com/html/E50247_08/vmiug-server-hardware.html
- VMWare: https://www.vmware.com/products/workstation-player.html
Additional requirements specific to the Ubuntu 22.04 guest VM we provide are:
- Memory – 8GB on host (4GB allocated to VM)
- Processors – 2 (no virtualization settings needed)
- Hard disk storage – 20GB
What students will be provided with: Students will be provided with a self-contained virtual machine that contains the CAM simulation, exercises and lesson content. This VM has no expiration date and students are free to continue to learn utilizing it even after the class.
Prerequisites
To get the most out of the class, students should have some familiarity with programming and operating on the command line.
Target Audience
Programmers, testers, systems engineers. No previous cybersecurity experience is required.
Meet the Instructors:
MTSI’s CPS team is a group of highly experienced hackers, reverse engineers and pentesters. They have years of experience testing mission critical systems in aviation, maritime, weapons, and defense systems. They conduct research into cyber physical system security and are often invited to share their perspectives at national conferences. They also routinely compete and place highly at world renowned hacking competitions including Mandiant’s FlareOn RE Challenge and DEFCON where the team placed 1st at the ICS Village CTF during DEFCON32.
US ONLY: This training is available for United States Citizens only.
NEW Training Course Offered! Cyber Attack Methods (CAM) for Cyber-Physical Systems
SecurityWeek is thrilled to announce a new, multi-day, hands-on training course offering taking place alongside the 2025 ICS Cybersecurity Conference. US ONLY: This training is available for United States Citizens only. Workshop Registration Fee: $3995 - Includes certificate of course completion, all meals and access to all conference sessions and social functions. Limited seats available. Reserve your spot today! Note: This hands on training will take place Tuesday, October 28th - Thursday, October 30th. Day 1 will be a full day, and Day 2
2023 Full Day ICS Cybersecurity Training Courses
Conference attendees can register for optional full-day ICS cybersecurity training sessions that take place on Monday, October 24th, 2022.
Colonial Pipeline Still Mostly Offline After Ransomware Attack
The Colonial Pipeline is working on a restart plan after a ransomware attack triggered the company to halt all pipeline operations on May 7, 2021.
The Past & Future of Integrity Attacks in ICS Environments (Video)
Integrity-based attacks can produce significant impacts through undermining a physical process and calling into doubt the viability of a specific facility.
MITRE Releases ATT&CK Knowledge Base for Industrial Control Systems
(Eduard Kovacs - SecurityWeek) MITRE on Tuesday announced the initial release of a version of its ATT&CK knowledge base that covers the tactics and techniques used by malicious actors when targeting industrial control systems (ICS). MITRE’s ATT&CK framework has been widely used by cybersecurity professionals to describe and classify attacker behavior and assess an organization’s risks. The new ATT&CK for ICS knowledge base builds upon it in an effort to help critical infrastructure and other organizations whose environments house ICS. In addition to a
Intelligence Gathering on U.S. Critical Infrastructure
How Open Source Intelligence can be applied to reconnaissance on critical infrastructure. In many cases it’s possible to narrow a search to specific buildings like power plants, wastewater plants, or chemical and manufactured facilities. The research consists of 26,000 exposed devices in United States.
Side-Channel Attacks Put Critical Infrastructure at Risk
ICS Devices Vulnerable to Side-Channel Attacks: Researcher Shows (Eduard Kovacs - SecurityWeek) Side-channel attacks can pose a serious threat to industrial control systems (ICS), a researcher warned last month at SecurityWeek’s ICS Cyber Security Conference in Atlanta, GA. Demos Andreou, a lead engineer at power management company Eaton, has conducted an analysis of protection devices typically used in the energy sector, specifically in power distribution stations. Side-channel attacks can be used to extract data from a system based on information gained by observing
[Video] Hunting for Xenotime, Creators of TRITON-TRISIS ICS Malware
Presented at SecurityWeek's 2018 ICS Cyber Security Conference Speakers: Robert Lee - CEO, Dragos Marc Seitz - Threat Analyst, Dragos The activity group responsible for the TRISIS/TRITON malware is identified as XENOTIME. After the attack on the safety instrumented system in 2017 the group remained active targeting other environments with different safety systems in other regions of the world. Hunting for the behaviors of this group allows defenders to not only search for existing threats but also identify new threats leveraging such
Red Team/Blue Team ICS Cyber Security Training
SecurityWeek is happy to be partnering with LEO Cyber Security to offer a half-day Red Team/Blue Team ICS Cyber Security Training workshop at SecurityWeek’s 2018 ICS Cyber Security Conference. The workshop will take place on Monday, October 22 and is available as an option for conference attendees. (Registration available here) What is Red Team/Blue Team Training? Security aware and knowledgeable users serve as the “front line” of your overall security posture. As such, training is one of the most essential components of your
ICS Honeypot Highlights Danger to Critical Systems From Criminal Hackers
(SecurityWeek - Kevin Townsend) - Security firm Cybereason established a sophisticated honeypot masquerading as a power transmission substation for a major electricity provider. The purpose was to attract attackers and analyze how they operate against the energy sector of the critical infrastructure. Within two days of going live on June 17, the honeypot developed and operated by Cybereason was found, prepped by a black-market reseller, and sold on in the dark web underworld. xDedic RDP Patch was found in the environment.