ICS FORENSICS / BT223

FIVE   |   EIGHT   |   90%   |   40

           SCENARIOS                     LABS                      HANDS-ON          DURATION

Participants will learn about the security threats that are unique to ICS/SCADA systems and the inherent weaknesses and vulnerabilities in Programmable Logic Controllers (PLCs) and Remote Terminal Units (RTUs) through the use of real-world examples, the frameworks and standards available to help develop an effective ICS/SCADA cyber-security strategy.

LAB 01

Modbus

LAB 02

CSET

LAB 03

ICS Protocols

LAB 04

Filtering with Bro

LAB 05

Log Analysis

LAB 06

Static Analysis

LAB 07

Dynamic Analysis

LAB 08

Hardening

Scenario: ICF001

Iranian hackers were able to gain access to control-system software that could allow them to manipulate oil or gas pipelines in the USA; Security researchers suspect a malware installed on their systems. You were summoned to investigate the incident and identify the source of the attack and to harden the control system.

photo_2019-08-27_15-36-42.jpg

Scenario: ICF002

Honda Motor Company released a statement this week, saying the company was forced to halt its production for more than 24 hours in one of its Japan-based factories after finding the WannaCry infections in its computer networks. Honda motor company hired you to perform malware analysis on the WannaCry using the tools you mastered.

photo_2020-05-14_19-04-58.jpg

Scenario: ICF003

Recently, researchers at security firm FireEye have discovered a new variant of Havex remote access Trojan that can actively scan OPC (Object linking and embedding for Process Control) servers, used for controlling SCADA. "NewEnergy", an Italian green energy company, was a victim of the attack and managed to monitor some of the traffic for you to analyze. Use your skill to help them.

photo_2020-05-14_19-07-21.jpg

Scenario: ICF004

A cyber-attack on the Ukrainian Electric power grid caused the power outage in the northern part of Kyiv. The incident causes Blackouts all over the city. The Forensics team started the investigation that day to identify the source of the attack causing the Blackout.

photo_2020-05-14_19-16-01.jpg

Scenario: ICF005

An attacker was able to break a 200-megawatt wind turbine system owned by NextEra Energy Resources. The IT team discovered a vulnerability in the company's Cisco security management software. They require your assistant to disclose the incident.

photo_2020-05-14_19-17-46.jpg

© 2020 by ThinkCyber

THE 2020

CYBERIUM