This course aims to provide insights into the attackers targeting ICS devices, offering intelligence on their profiles and methods. The course covers topics such as ICS honeypots, attacker profiling, attack demonstrations, geolocation of attackers, and tracking their movements. Students will learn about ICS devices, typical deployments, Modbus, DNP, threats, attack statistics, vulnerability overview, and targeted attacks. The teaching method includes presentations, demos, statistics, and attack details. The course is intended for cybersecurity professionals, ICS security specialists, and individuals interested in understanding and defending against attacks on industrial control systems.
The SCADA That Didn't Cry Wolf - Who's Really Attacking Your ICS Devices
Overview
Syllabus
Intro
Who Am I
Agenda
ICS Devices
Glossary
Typical ICS Deployment
Modbus
DNP
Big Threats
ICS vs IT Security
Pure Numbers
Internetfacing
Water Pump
Control Units
The Environment
What does the attacker see
New Architecture
Tools
Vulnerability Overview
What is an Attack
Attack Statistics
NonCritical Attacks
Critical Attacks
Automated Attacks
Attacks
snort
Decoy Doc
Dump Files
Execution
APT1 Report
Contact Information
Attribution Framework
Beef
The Targeted Attack
Attacker Profile
Recommendations
USB Lockdown
Questions
Question 1 Modbus
Taught by
Black Hat
