Pentesting ICS 102

ICS cybersecurity has been a new subject for years now, especially since Stuxnet. Has the security level of ICS improved?

Well, we can probably say yes for network segmentation and patching. And it is mostly true for critical infrastructures that must comply with multiple laws. But what about the most critical components such as PLCs?

In this workshop, you will learn how to attack PLCs, by attacking ICS protocols: a legacy protocol, Modbus, and an open source protocol considered as the future of ICS communications, OPC-UA. To do so, what could be better than giving you hands-on experience on real devices by hacking our model train?

We will start by defining industrial control systems and its main components, and explaining the key risks and vulnerabilities that affect them. We will then focus on their key assets, Programmable Logic Controllers, and discover how they work, how they communicate, how they can be programmed to learn the methods and tools you can use to p*wn them.

Then we will move on to real-world by attacking real PLCs on a dedicated setup featuring robot arms and a model train! And to conclude, probably the most difficult, let’s discuss how to secure ICS.

Presented by