Conference attendees can choose from three (3) optional full-day ICS cybersecurity training sessions that take place on Monday, October 24th, 2022. (Click here to register)
Applied ICS Security Training Lab (9AM-5PM ET – $495 Fee)
(Overview: Register )This full-day lab course gives participants hands-on experience attacking and hardening a simulated power plant network to learn about common ICS vulnerabilities and defenses. Participants will attack historians, HMIs, and PLCs to cause a power outage in the 3D simulation, and then implement defenses like firewalls and network monitoring to harden it.
In this session attendees will learn:
- Deeper understanding of common vulnerabilities in ICS networks and devices
- Techniques for testing ICS devices for various vulnerabilities
- Practical experience hardening ICS device configurations and using network defenses
- Scanning ICS networks
- Exploiting web vulnerabilities in the DMZ
- Sniffing industrial network traffic
- Password cracking
- PLC and HMI programming
- Using Yara to scan for ICS malware
- Writing host and network firewall rules for ICS
- ICS network intrusion detection
Participants must bring their own laptop with either Chrome or Firefox installed. Some Linux experience is helpful but not required.
OT Cybersecurity Red Team/Blue Team Workshop (9AM-5PM ET – $495 Fee)
(Overview: Register ) This workshop will provide students of any role or skill level (beginners, advanced, and leadership) an immersive and entertaining OT cybersecurity learning experience, by participating as part of a blue team and a red team in a simulated environment. Short lectures cover Red Team topics (OT vulnerabilities, OT attack surface, and “hacker” methods) and Blue Team topics (OT vulnerabilities, security controls, threat monitoring, cyber risk management strategies, incident response, building a cybersecurity program). These topics are then exercised and reinforced in breakout sessions, where students get to compete against each other in “head-to-head” red team vs. blue team matches using the ThreatGEN® Red vs. Blue Cybersecurity Simulation Platform.
What will you get out of this course?
- Gain a comprehensive, “big picture” understanding of how all the OT cybersecurity pieces work together.
- A primer/refresher of Industrial Control Systems (ICS)/Operational Technology (OT)
- Learn OT vulnerabilities and attack vectors
- Learn about the methods and strategies red teams and hackers use to attack OT (High-level, this is not a command line level course)
- Learn OT and cyber risk management concepts and strategies
- Learn how to deploy efficient and cost-effective cyber risk mitigation strategies and security controls
- Learn how to build a complete OT cyber security program.
- Apply what you’ve learned against live adversaries (going head-to-head against other students) in the ThreatGEN® Red vs. Blue Cybersecurity Simulation Platform
- Learn how to respond to, adapt, and defend against active attacks (High-level, this is not a technical incident response or threat hunting class.)
- Participate as the blue team and the red team (no prior experience or technical skill required).
- Taught by Clint Bodungen, world-renowned ICS cybersecurity expert and author of Hacking Exposed: Industrial Control Systems
Participants must bring their own laptop with either Chrome, Firefox, or Microsoft Edge installed. Connection to the internet will be required (access provided by the conference). Nothing will be installed onto your laptop.
Attacking ICS with Python (9AM-5PM ET – $750 Fee)
(Overview: Register ) Limited to just 20 students, this 8-hour workshop will be a crash course in ICS vulnerabilities and exploitation, providing hands-on, practical training in the carrying out of attacks against various common types of ICS equipment found in the field, including an HMI, PLC and automated circuit breaker. Students will learn:
- Common ICS terminology and system architecture, including inherent flaws and typical mistakes made in system design which should be considered when planning an attack.
- Modbus and Modbus/TCP architecture and functionality
- Python modules for interacting with Modbus-based systems, and writing scripts to interrogate and attack these systems
- Defensive methodologies and considerations in the face of how simple these attacks can be to carry out
Students should come prepared with the following equipment and knowledge:
- A laptop running either Virtualbox, VMWare Workstation (not Player), Parallels, or VMWare Fusion
- An available Ethernet port on the laptop
- Ability to read technical documents written in English
- Experience writing basic Python scripts which incorporate modules and leverage functions and loops
- Basic Linux command line experience, including the ability to navigate directories, and launch application