A Pentester's Intro to Attacking ICS/SCADA

Presented at CarolinaCon 13 (2017), May 19, 2017, 9:15 p.m. (60 minutes)

Since coming into popular use in the late 1960s, industrial control systems (ICS) have become prevalent throughout all areas of industry and modern life. Whether in HVAC systems, elevators, power grids, water treatment plants, traffic lights, gas pipelines, manufacturing robots or any of the myriad other applications, industrial control systems govern much of our lives. This presentation will cover the basics of what an ICS/SCADA system is, a brief history of the technologies involved (and their security issues), a look at typical network protocols and network architectures used in ICS/SCADA systems, a glance at a typical (pentesting/red team) engagement and various attack strategies for succeeding as a pentester of industrial control systems.

Presenters:

• Tripp Roybal
  Tripp Roybal (@GMRoybal_III) is a Cyber Security Engineer at Gotham Digital Science and has previously worked at a Fortune 500 energy company where he assisted in research projects aimed at securing Smart Grids and Microgrids. Tripp likes to get shells on things and is a standing member of the Pros vs. Joes CTF Red Team at BSides LV. He has also participated in a red/blue ICS exercise at Idaho Falls National Laboratory.

Links:

• https://infocon.org/cons/CarolinaCon/CarolinaCon 13 2017/A Pentester's Intro to Attacking ICS SCADA - Tripp Roybal (@GMRoybal_III).mp4
• https://infocon.org/cons/CarolinaCon/CarolinaCon 13 2017/A Pentester's Intro to Attacking ICS SCADA - Tripp Roybal (@GMRoybal_III).srt (subtitles)
• https://www.youtube.com/watch?v=LyzIrE6DpOM

Similar Presentations:

• Black Hat Europe 2014 / Industrial Control Systems : Pentesting PLCs 101
• BSidesDC 2016 / What’s the Big Deal with Assessing ICS/SCADA?
• BSidesLV 2017 / Industrial Control System Network Analysis