Students must bring their own Windows® XP or VISTA Laptop with a CDROM drive.
Black Hat DC Training 2008
Westin Washington DC City Center • Feburary 18-19
SCADA Defense: Protecting Critical Infrastructure
The This course is designed to provide process control professionals with a fundamental understanding of the steps needed to effectively defend their critical infrastructure assets. Defending infrastructure controls systems (SCADA, PCS, DCS, and ICS) has never been more important, nor more in the public eye. This course is designed as an introduction for owners and managers of critical infrastructure on the tools and methods being employed by modern attackers. Besides reviewing the methods and tools, participants will have active classroom exercises focused on defending systems against simulated attacks. These hands-on exercises include scenarios where the attendees will perform analysis, and participate in the defense of a live process and both live and simulated attackers. This uniquely designed atmosphere includes pathways of attack and architectural flaws that the attendees have to identify, diagnose, and protect. Students gain hands-on experience using available tools.
Understand the perimeter from the attacker’s point of view
Take advantage of the static nature of a process environment to build custom IDS rules
Be able to manipulate the anonymous control surface present in most control environments
Implement effective scanning and patch management without crashing the process
Understand the four stages of a SCADA attack and what each of those stages look like in the logs
Who Should Attend?
Controls systems managers
Developers of Controls system technology
At least one year of control system experience.
Course Length: Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. You must provide your own laptop.
is a Principal Security Consultant at IOActive and a recognized thoughtleader in control systems and IDS/IPS creation and modification. Mr. Larsen specializes in software-related audits and testing, including deep experience in protocol reverse engineering and custom binary exploits. At IOActive, he helps clients develop secure software using innovative methods to detect weakness and anticipate exploits through his application review design, threat modeling, and auditing of environment and application code-base.
Mr. Larsen has established some of the key tools used in the history of IPS development, including the creation of a Supervisory Control and Data Acquisition (SCADA) Penetration Toolkit, a Shellcode Compression tool, Hogwash, Snort, and SPUD. His work as Chief Security Architect and Analyst of Last Resort for the Department of Energy has won him national recognition, most notably for his on-record penetration and control of the electrical power grid. He is expert with a wide range of operating systems, including Windows, Linux, Unix, Tru64, Solaris, embedded systems, cell phones and cell towers.