Pentesting ICS 102

Presented at BSidesLV 2019, Aug. 7, 2019, 2 p.m. (235 minutes)

ICS cybersecurity has been a new subject for years now, especially since Stuxnet. Has the security level of ICS improved?

Well, we can probably say yes for network segmentation and patching. And it is mostly true for critical infrastructures that must comply with multiple laws. But what about the most critical components such as PLCs?

In this workshop, you will learn how to attack PLCs, by attacking ICS protocols: a legacy protocol, Modbus, and an open source protocol considered as the future of ICS communications, OPC-UA. To do so, what could be better than giving you hands-on experience on real devices by hacking our model train?

We will start by defining industrial control systems and its main components, and explaining the key risks and vulnerabilities that affect them. We will then focus on their key assets, Programmable Logic Controllers, and discover how they work, how they communicate, how they can be programmed to learn the methods and tools you can use to p*wn them.

Then we will move on to real-world by attacking real PLCs on a dedicated setup featuring robot arms and a model train! And to conclude, probably the most difficult, let's discuss how to secure ICS.

Presenters:

• Arnaud Soullié   as Arnaud Soullie
  Arnaud Soullié is a manager at Wavestone, performing security audits and leading R&D projects. He has a specific interest in Active Directory security as well as ICS, two subjects that tend to collide nowadays. He teaches ICS security and pentests workshops at security conferences (BlackHat Europe 2014, BSides Las Vegas 2015/2016, Brucon 2015/2017, DEFCON 24, DEFCON 26) as well as full trainings (Hack In Paris 2015 and 2018, BlackHat Asia 2019).
• Alexandrine Torrents
  Alexandrine Torrents is a cybersecurity consultant at Wavestone, a French consulting company. She is specialized in penetration testing, and performed several security assessment on ICS. She worked on a few ICS models to demonstrate attacks on PLCs and she developed a particular tool to request Siemens PLCs. Moreover, she is also working at securing ICS, in the scope of the French military law, enforcing companies offering a vital service to the nation to comply to security rules.

Similar Presentations:

• BruCON 0x09 (2017) / ICS Pentest 101 Workshop
• BSidesLV 2016 / Pentesting Industrial Control Systems : Capture the Flag!
• BruCON 0x07 (2015) / Pentesting ICS 101 Workshop