A Pentester's Intro to Attacking ICS/SCADA

Presented at CarolinaCon 13 (2017), May 19, 2017, 9:15 p.m. (60 minutes).

Since coming into popular use in the late 1960s, industrial control systems (ICS) have become prevalent throughout all areas of industry and modern life. Whether in HVAC systems, elevators, power grids, water treatment plants, traffic lights, gas pipelines, manufacturing robots or any of the myriad other applications, industrial control systems govern much of our lives. This presentation will cover the basics of what an ICS/SCADA system is, a brief history of the technologies involved (and their security issues), a look at typical network protocols and network architectures used in ICS/SCADA systems, a glance at a typical (pentesting/red team) engagement and various attack strategies for succeeding as a pentester of industrial control systems.

Presenters:

  • Tripp Roybal
    Tripp Roybal (@GMRoybal_III) is a Cyber Security Engineer at Gotham Digital Science and has previously worked at a Fortune 500 energy company where he assisted in research projects aimed at securing Smart Grids and Microgrids. Tripp likes to get shells on things and is a standing member of the Pros vs. Joes CTF Red Team at BSides LV. He has also participated in a red/blue ICS exercise at Idaho Falls National Laboratory.

Links:

Similar Presentations: