Pentesting Industrial Control Systems

Presented at DeepSec 2019 „Internet of Facts and Fears“, Unknown date/time (Unknown duration)

In this intense 2-days training, you will learn everything you need to start pentesting Industrial Control Networks. We will cover the basics to help you understand what are the most common ICS vulnerabilities. We will then spend some time learning and exploiting Windows & Active Directory weaknesses, as most ICS are controlled by Windows systems. And we will cover the most common ICS protocols (Modbus, S7, Profinet, Ethernet/IP, DNP3, OPC…), analyze packet captures and learn how to use these protocols to talk to Programmable Logic Controllers (PLCs). You will learn how to program a PLC, to better understand how to exploit them. The training will end with an afternoon dedicated to a challenging hands-on exercise: The first CTF in which you capture a real flag! Using your newly acquired skills, you will try to compromise a Windows Active Directory, pivot to an ICS setup to take control of a model train and robotic arms.

Presenters:

• Arnaud Soullié - RS Formation & Conseil   as Arnaud Soullie
  Arnaud Soullié (@arnaudsoullie) is a manager at Wavestone. For 9 years, he has been performing security audits and pentest on all type of targets. He specializes in Industrial Control Systems and Active Directory security. He has spoken at numerous security conferences on ICS topics : BlackHat Europe, BruCon, 4SICS, BSides Las Vegas, DEFCON… He is also the creator of the DYODE project, an open-source data diode aimed at ICS.

Links:

• https://deepsec.net/archive/2019.deepsec.net/speaker.html#WSLOT406

Similar Presentations:

• BSidesLV 2023 / Pentesting ICS 101
• BSidesLV 2019 / Pentesting ICS 102
• DEF CON 30 (2022) / Pentesting Industrial Control Systems 101: Capture the Flag! Workshop