Industrial control systems (ICS), including supervisory control and data acquisition (SCADA) are found in many national critical infrastructure industries such as oil and natural gas, electric utilities, transportation, petrochemical and refining, water and wastewater, pharmaceutical, and manufacturing. Due to the high availability nature of these systems, any security testing must ensure that these systems are not affected operationally. Traditional IT Penetration Testing techniques are too harsh and potentially damaging to these sensitive systems. This educational presentation will first provide an overview of how ICS systems work, their vulnerabilities, and threats to these systems. The second part of this short training course will dive into proven methodologies and tools that our team has used to safely perform penetration testing on these systems. Lastly, this talk will conclude with best practices to secure and defend ICS and OT systems from cyber incidents.
Curriculum
- 1.Introduction - About Speaker (0:59)
- 2.Introduction - About Course, Topics Covered (2:28)
- 3.Fundamentals 1 (16:19)
- 4.Fundamentals 2 (12:22)
- 5.Automation (19:27)
- 6.Demo (35:02)
- 7.Analysing Recent Threats, Types Of Threats (34:44)
- 8.Types of security Testing - ICS Systems, SCADA Lifecycle, Red Team Lifecycle (17:53)
- 9.How A Hacker Does Business Profiling Of A Target (Shodan, Google Hacking) (18:16)
- 10.Metadata In The Pen Test (15:38)
- 11.Radio Technology And Capturing Spectrum Signature (14:04)
- 12.Requirements To Persist In ICS Environment (10:25)
- 13.Sniffing, Listening For Host, Tools (21:17)
- 14.Detection And Entry Point (22:57)
- 15.Common SCADA Attack surface (17:15)
- 16.SCADA Static Analysis, Challenges, Analysis Basic (11:33)
- 17.ICS Environment Entry Points (2:31)
- 18.Demo (12:52)
- 19.SCADA Design, LAN vs SCADA (40:20)
- 20.Summary Of Topics Covered (7:53)
- 21.Sample high risk gaps from a controls framework assessment (7:10)
Other Courses
Here are a few more courses you may be interested in
