Industrial Control Systems : Pentesting PLCs 101

Presented at Black Hat Europe 2014, Oct. 17, 2014, 3:30 p.m. (150 minutes).

There is a lot of talking about ICS, SCADA and such nowadays, but only few people have the opportunity to get their hands dirty and understand how it works. The goal of this workshop is to provide the knowledge required to start attacking Scada networks and PLCs, and give hands-on experience on real devices.

In this workshop, you will learn the specifics of performing a penetration test on industrial control systems, and especially on Programmable Logic Controllers (PLCs). We will cover the main components and the commonly associated security flaws of industrial control systems, aka SCADA systems. We will discover how they work and how they communicate with the SCADA systems to learn the methods and tools you can use to p*wn them.

Then, we will move on to real-world by attacking a Siemens S7-1200 PLC and a Schneider m340, which are two common PLCs.


Presenters:

  • Arnaud SoulliĆ© - Solucom   as Arnaud Soullie
    Arnaud Soullie is a Senior Security Consultant at Solucom, a French management and IT consulting company. He works on all kinds of security audits and penetration tests. He has a specific interest in Windows Active Directory domains security, and likes to play with hashes and Kerberos tickets. He gave a talk at a French conference on this topic (JSSI 2014). He has also been working on SCADA systems for three years, performing security audits, penetration tests, and programming PLCs.

Links:

Similar Presentations: