Announcement

Collapse
No announcement yet.

Arnaud Soullie, Alexandrine Torrents - Pentesting Industrial Control Systems 101: Capture the Flag!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Arnaud Soullie, Alexandrine Torrents - Pentesting Industrial Control Systems 101: Capture the Flag!

    Abstract:

    Thursday from 1400 to 1800
    EventBrite Link: https://www.eventbrite.com/e/arnaud-...s-378972074677

    Do you want to learn how to hack Industrial Control Systems? Let’s participate in the one and only CTF in which you really have to capture a flag, by hacking PLCs and taking control of a robotic arm!
    We’ll start by explaining the basics of Industrial Control Systems : what are the components, how they work, the protocols they use…
    We’ll learn how PLC work, how to program them, and how to communicate with them using Modbus, S7comm and OPCUA.

    Then we’ll start hacking! Your goal will be to take control of a model train and robotic arms to capture a real flag!
    The CTF will be guided so that everyone learns something and gets a chance to get most flags!

    Skill Level: Beginner to Intermediate
    Materials Needed: Just a laptop with a modern web browser. Students will be provided with cloud VMs to perform the exercises.

    Bio:
    Arnaud Soullié (@arnaudsoullie) is a Senior Manager at Wavestone, a global consulting company. For 12 years, he has been performing security assessments and pentests on all types of targets. He started specializing in ICS cybersecurity 10 years ago. He spoke and taught workshops at numerous security conferences on ICS topics : BlackHat Europe, BruCon, CS3STHLM, BSides Las Vegas, DEFCON... He is also the creator of the DYODE project, an open­source data diode aimed at ICS. He has been teaching ICS cybersecurity training since 2015.

    Twitter:
    https://twitter.com/arnaudsoullie

    Alexandrine Torrents is a cybersecurity consultant at Wavestone, a French consulting company. She started as a penetration tester, and performed several cybersecurity assessments on ICS. She worked on a few ICS models to demonstrate attacks on PLCs and developed a particular tool to request Siemens PLCs. Then, she started working at securing ICS, especially in the scope of the French military law, helping companies offering a vital service to the nation to comply with security rules. Now, Alexandrine works with different industrial CISOs on their cybersecurity projects: defining secure architectures, hardening systems, implementing detection mechanisms. She is also IEC 62443 certified and still performs assessments on multiple environments.

    Twitter:
    []

    Max Class Size: 40
    Last edited by number6; July 5, 2022, 14:03.

  • #2
    What day and time slot will this be at ?

    Comment


    • number6
      number6 commented
      Editing a comment
      Original post edited to add:
      Thursday from 1400 to 1800
      EventBrite Link: Coming Soon!
      Last edited by number6; July 5, 2022, 14:03.

  • #3
    Hey folks, looks like the EventBrite time and date are different from what this post says:

    EventBrite says Thursday 1400-1800, and just above it says Friday 1400-1800.

    Which one is the correct time?

    Comment


    • number6
      number6 commented
      Editing a comment
      This page content now reflects what the eventbrite claims for days and time. Thanks for the report!

  • #4
    If anyone has an extra ticket for this I have one I could trade for another workshop. This is one I really wanted to get into but it disappeared quickly. Thanks!

    Comment

    Working...
    X