SECURITY PUNCH by C3i

Take a deep dive with commercial off the shelf industrial control system. Hand’s on session of vulnerability assessment and penetration testing. This course will enhance your skills and make you understand individual component of a control system, including field devices, communication protocols, Human Machine Interfaces (HMIs), and SCADA applications. Skills you will learn in this course will apply directly to your systems such as the Smart Grid, process automation, batch automation, factory automation, etc.

[1st hour] : Design and development of testing environment

[2nd hour] : VAPT on top of deployed/developed testing environment

[3rd hour] : Design, development and integration of ICS honeypot with the testing environment

[4th hour] : Near real time intrusion detection on the deployed environment

[5th hour] : Near real time malware analysis on the deployed environment

REGISTRATION LINK

TIMELINE

1 October 2019: Registration opens 

15 October 2019: Registration closes

Overview:

New generation malware and cyber attacks are targeting the Industrial Control System (ICS), resulting in an economical and human life loss. ICS systems are vulnerable because of the poor design of their protocols. Penetration testing on ICS systems is a very niche field that requires in-depth knowledge of industrial hardware like PLC, RTU, HMI, Numerical Relay, etc. This workshop focuses on the methodologies to conduct penetration testing on commercial hardware and to provide an excellent opportunity for the participants to have hands-on experience in Penetration Testing of these devices and systems. This course also focuses on web and network vulnerability hardware over ICS protocol to identify zero-day vulnerabilities along with an ICS CTF event. Finally, the workshop ends with the distribution of some GOODIES as an appreciation for the winners. To mention, we will provide all the contestants with real industrial ICS hardware like Schneider, Rockwell Automation, etc. Also a Virtual Machine (VM) will be handed over to the candidates specifically for ICS penetration testing and malware attacks. These courses aims at enhancing the particular skills in security professionals who want to either choose ICS security as their career or want to expertise in it. The workshop does not need any previous experience in ICS/ ICS security.

Courseware

  • Design and development of testing environment & understanding of PLC (Programming Logic Controller), RTU (Remote Telemetry Unit), HMI (Human Machine Interface) and about other controller system.
  •  VAPT (Vulnerability Assessment & Penetration Testing) of testing setup.
  • Design, development and integration of ICS honeypot with the testing environment.
  • Near real time intrusion detection on the deployed environment.
  • Near real time malware analysis on the deployed environment.

Prerequisites

  • Basic knowledge of Linux OS.
  • Basic knowledge of programming (C, python) would be a plus.
  • Familiar with some tool like wireshark and Nmap etc.

Who should attend

  • People who are keen to explore of Scada/ICS system.
  • People who want to be able to perform security testing of real-time network & equipment of critical infrastructure.

What to expect

  • Understanding of ICS system.
  • Methodologies to approach a Scada/ICS system for VAPT.

NOTE

  • To and fro, accommodation, etc. is in participant's scope

 

Anand Handa Anand Handa, Challenge Lead, CIS workshop