AppSec USA 2016 has ended
Back To Schedule
Wednesday, October 12 • 9:00am - 5:00pm
Training Session - Assessing and Exploiting Control Systems & IoT Day 2 (2 Day)

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

This is not your traditional SCADA/ICS/IoT security course! How many courses send you home with your own PLC and a set of hardware/RF hacking tools?!? This course teaches hands-on penetration testing techniques used to test individual components of a control system, including embedded electronic field devices, network protocols, RF communications, Human Machine Interfaces (HMIs), and various forms of master servers and their ICS applications. Skills you will learn in this course will apply directly to systems such as the Smart Grid, PLCs, RTUs, smart meters, building management, manufacturing, Home Area Networks (HAN), smart appliances, SCADA, substation automation, and synchrophasors. This course is structured around the formal penetration testing methodology created by UtiliSec for the United States Department of Energy. Using this methodology and Control Things Pentest Platform (previously SamuraiSTFU), an open source Linux distribution for pentesting energy sector systems and other critical infrastructure, we will perform hands-on penetration testing tasks on user interfaces (on master servers and field device maintenance interfaces), control system protocols (modbus, DNP3, IEC 60870-5-104), RF communications (433MHz, 869MHz, 915MHz), and embedded circuit attacks (memory dumping, bus snooping, JTAG, and firmware analysis). We will tie these techniques and exercises back to control system devices that can be tested using these techniques. The course exercises will be performed on a mixture of real world and simulated devices to give students the most realistic experience as possible in a portable classroom setting. 

Advances in modern control systems such as the energy sector’s Smart Grid has brought great benefits for asset owners/operators and customers alike, however these benefits have often come at a cost from a security perspective. With increased functionality and addition inter-system communication, modern control systems bring a greater risk of compromise that vendors, asset owners/operators, and society in general must accept to realize the desired benefits. To minimize this risk, penetration testing in conjunction with other security assessment types must be performed to minimize vulnerabilities before attackers can exploit critical infrastructures that exist in all countries around the world. Ultimately, this is the goal of this course, to help you know how, when, and where this can be done safely in your control systems.


Laptop with at least two USB ports (three ports preferred). If only
two USB ports exist on the laptop AND they are right next to each
other (such as found on a Macbook Air), a USB extension cable must be
brought as well
Latest VMware Player, VMware Workstation, VWware Fusion installed.
Other virtualization software such as Parallels or VirtualBox may work
if the attendee is familiar with its functionality, however VMware
Player should be prepared as a backup just in case
Access to an account with administrative permissions and the ability
to disable all security software on their laptop such as Antivirus
and/or firewalls if needed for the class
At least thirty (30) GB of free hard drive space
At least four (4) GB of RAM, optimally eight (8) GB or RAM
Windows 7, 8.x, or 10.x installed on your host laptop or inside a VM



Power for your laptop
Internet connectivity may or may not be available depending on the
facility hosting the course.
Latest version of SamuraiSTFU distribution
PDF version of the course slide deck
Student hardware kits to keep



For those with little or no ICS experience, these Wikipedia articles
provide a brief introduction to the concepts and history of control
systems that will be helpful to know for class.

http://nostarch.com/xboxfree (Note: While this has nothing to do with
control systems, it provides a great introduction to the concepts and
techniques taught in this class to pen test embedded electronic
hardware in ICS field/floor devices.)
(Chapter 7 of the NIST Interagency Report 7628, titled Bottom-up
Security Analysis of the Smart Grid, provides a great overview of the
challenges faced in Smart Grid and energy sector systems, many of
which we are testing for and exploiting in this class.)

avatar for Justin Searle

Justin Searle

Justin Searle is a Managing Partner of UtiliSec, specializing in Smart Grid security architecture design and penetration testing. Justin led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and played key roles in the Advanced Security Acceleration... Read More →

Wednesday October 12, 2016 9:00am - 5:00pm EDT
Meeting Room 12