rss feed link header graphic

Black Hat DC Training 2008

Westin Washington DC City Center • Feburary 18-19

SCADA Defense: Protecting Critical Infrastructure


The This course is designed to provide process control professionals with a fundamental understanding of the steps needed to effectively defend their critical infrastructure assets. Defending infrastructure controls systems (SCADA, PCS, DCS, and ICS) has never been more important, nor more in the public eye. This course is designed as an introduction for owners and managers of critical infrastructure on the tools and methods being employed by modern attackers. Besides reviewing the methods and tools, participants will have active classroom exercises focused on defending systems against simulated attacks. These hands-on exercises include scenarios where the attendees will perform analysis, and participate in the defense of a live process and both live and simulated attackers. This uniquely designed atmosphere includes pathways of attack and architectural flaws that the attendees have to identify, diagnose, and protect. Students gain hands-on experience using available tools.

Learning Objectives

  • Understand the perimeter from the attacker’s point of view
  • Take advantage of the static nature of a process environment to build custom IDS rules
  • Be able to manipulate the anonymous control surface present in most control environments
  • Implement effective scanning and patch management without crashing the process
  • Understand the four stages of a SCADA attack and what each of those stages look like in the logs

Who Should Attend?

  • Controls systems managers
  • Developers of Controls system technology
  • Security specialists

At least one year of control system experience.

Course Length: Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. You must provide your own laptop.


Jason Larsen

is a Principal Security Consultant at IOActive and a recognized thoughtleader in control systems and IDS/IPS creation and modification. Mr. Larsen specializes in software-related audits and testing, including deep experience in protocol reverse engineering and custom binary exploits. At IOActive, he helps clients develop secure software using innovative methods to detect weakness and anticipate exploits through his application review design, threat modeling, and auditing of environment and application code-base.

Mr. Larsen has established some of the key tools used in the history of IPS development, including the creation of a Supervisory Control and Data Acquisition (SCADA) Penetration Toolkit, a Shellcode Compression tool, Hogwash, Snort, and SPUD. His work as Chief Security Architect and Analyst of Last Resort for the Department of Energy has won him national recognition, most notably for his on-record penetration and control of the electrical power grid. He is expert with a wide range of operating systems, including Windows, Linux, Unix, Tru64, Solaris, embedded systems, cell phones and cell towers.

Ends January 1

Ends February 8

Begins February 8

$2000 USD

$2200 USD

$2400 USD

1997-2008 Black Hat ™