Supervisory control and data acquisition (SCADA) systems are some of the most poorly understood, yet most critical systems in use in the world today, and while they generally remain unseen are responsible for the smooth running of our daily routines - from the moment we turn on a tap in the morning, to turning off the lights at night. This two day course will take a deep-dive into the fundamentals of SCADA security and provide students with the knowledge that they need to safely perform penetration testing against live SCADA environments. The course will also provide students with methodologies through which security research may be performed against SCADA devices in order to identify 0day flaws in some of the world’s most critical systems. During the course, students will have the opportunity to engage in live attacks against programmable logic controllers (PLC’s) and other industrial control systems, to include activities such as SCADA RTOS firmware reversing and SCADA protocol fuzzing. Day one will provide students with an understanding of practical SCADA use-cases in a number of environments, where control systems are most commonly found. Students will become familiar with SCADA-specific fundamentals required to apply information security doctrine to SCADA applications. Day two will focus on attacking industrial control systems, including how vulnerability research of ICS devices may be conducted and later applied to live systems. Day two will conclude with applying students newly acquired knowledge to securing SCADA applications, including the ways in which embedded ICS devices may be secured.
Students must at minimum possess a fundamental understanding of computing and networking technologies, including Switching, Routing, Windows and UNIX based operating systems at an intermediate level. A prior understanding of IP based network protocol fundamentals, including the use of simple packet inspection tools (such as tcpdump and wireshark) is also recommended.
Students should bring a laptop capable of running VMware, with at least 4GB of RAM. Students are recommended to pre-install a functioning version of VMWare Workstation or VMWare Player. The host operating system may be either 32 or 64bit. Students should be familiar with networking fundamentals (switching, routing etc) and have an intermediate grasp of security concepts, including application security, firewalls and intrusion detection. Students are advised that a basic understanding for IP based network protocol design is beneficial.
Printed Course Materials & Sample Code
Tom Parker is the Chief Technical Officer and Vice President of Security Services at FusionX. Tom is recognized throughout the security industry for his research in multiple areas including adversary profiling, industrial control systems security and software vulnerability research & analysis. Tom has published over four books on the topic of information security including Cyber Adversary Characterization - Auditing the Hacker Mind and a contributor to the popular Stealing the Network Series. Tom is a frequent speaker at conferences including a past speaker at Black Hat. Tom often lends his time to guest lecturing at Universities, involvement in community research initiatives, and is often called to provide his expert opinion to mass media organizations, including BBC News, CNN, and online/print outlets such as The Register, Reuters News, Wired and Business Week.
Jonathan Pollet, Founder and Principal Consultant for Red Tiger Security, USA has over 12 years of experience in both Industrial Process Control Systems and Network Security. After graduating from the University of New Orleans with honors and receiving a B.S. degree in Electrical Engineering, he was hired by Chevron and designed and implemented PLC and SCADA systems for onshore and offshore facilities. In 2001 he began to publish several white papers that exposed the need for security for Industrial Control Systems (ICS), and is still active in the research of vulnerabilities within critical infrastructure systems. He has led security teams on over 150 assessments, penetration tests, and red team physical breaches involving SCADA and Industrial Control Systems. He is also the co-developer of the 5-day SCADA Security Advanced training course initially offered in February 2009, and is currently at version 2.4.