Early Bird (< 30th April): SGD2999

Normal (> 1st May): SGD3999

Seats Available: 15


ICS/SCADA systems including power plants, factories, and transportation systems are some of the most critical systems in use today. There are lots of vulnerabilities in SCADA systems that lie within not only the core protocols but also specific product vulnerabilities and and network structures could expose an installation to attacks far more complex than traditional networks. This 3-day course has everything you need to take SCADA systems apart, examine them for inherent weaknesses and plan on how to protect these facilities – many of which are ‘unpatchable’.

This three days course caters to security professionals who wish to explore ICS/SCADA systems and will take them from the fundamentals of SCADA security up to more advanced techniques. You will come away with the knowledge needed to perform real-world penetration tests against SCADA installations and find your own 0-day vulnerabilities in SCADA environments.

All subjects in this course are taught using actual SCADA products and miniaturized SCADA systems for visualization. 

Who should attend

  • Red Team members, who want to pen-test ICS/SCADA system.
  • ICS/SCADA Bug Hunters, who want to write exploits for all the crashes they find.
  • Members of military or government cyberwarfare units.
  • Penetration testers tasked with bypassing air-gap

Key Learning Objectives

  • Learn an effective strategy for using the latest tools and technology to discover vulnerabilities
  • Understand applications of static analysis for bug hunting
  • Learn how to decompose programs and analyze them with powerful frameworks
  • Learn how to write basic clang-analyzer plugins
  • Introduction to intermediate languages for program analysis
  • Introduction to graph search, transformation, and slicing
  • Leverage dynamic binary translation for efficient tracing and deep program inspection
  • Master the latest fuzzing techniques and strategies for file and network fuzzing
  • Learn grammar fuzzing, evolutionary fuzzing, in-memory fuzzing, and symbolic fuzzing
  • Best practices for corpus generation, fuzzer deployment, and targeting
  • Apply powerful techniques like taint analysis and graph slicing towards crash analysis

Prerequisite Knowledge

Students should be prepared to tackle challenging and diverse subject matter and be comfortable writing functions in in C/C++ and python to complete exercises involving completing plugins for the discussed platforms. Attendees should have basic experience with debugging native x86/x64 memory corruption vulnerabilities on Linux or Windows.

Hardware / Software Requirements

Students should have the latest VMware Player, Workstation, or Fusion working on their machine.


Day 01: Overview of ICS, Protocols & More

  • ICS/SCADA Architecture
  • ICS/SCADA Components
  • Scanning and Web Hacking on HMI/PLC
  • Incident Cases Study
  • Product Vulnerabilities (1-Day)

Day 02: Bypassing the Airgap

  • Network Protocols for ICS/SCADA
  • ICS Network Analysis for SCADA
  • Bypassing the Air Gap with HackRF, BadUSB, BadDNS and others
  • Pentest the power plant and rail system (0-day))

Day 03: Forensics, Fuzzing & Beyond

  • SCADA Network forensic
  • Fuzzing the ICS/SCADA Interface
  • Fuzzing the PLC Software
  • Fuzzing the ICS/SCADA Protocol
  • Sharing real world 0-day cases with trainees.

We will also provide trainees with access to our Cyber-War game system. This is a cyber drill simulation for ICS/SCADA hacking demonstrations and trainees will be able to evaluate their skill and knowledge with our system using our real-time ‘cyber-war’ simulation that includes a live score board! Trust us, You’ll love it!

Location: TRAINING ROOMS Date: August 21, 2017 Time: 9:00 am - 6:00 pm Louis Hur Edward Lee Ellie Kim