CSFI-CSCOE - Certified SCADA Cyberspace Operations Engineer

$3,800.00


  • Classroom

  • Onsite
Duration: 4 Days

This course provides you with a thorough understanding of supervisory control and data acquisition (SCADA) devices and their inner workings. You will learn how to execute cyber missions where a SCADA environment is part of the greater cyberspace operational environment. By performing incident response on SCADA devices, you will learn in-depth concepts about SCADA devices.

Certification: CSFI-CSCOE

What You Will Learn

  • Concepts of SCADA devices
  • SCADA devices work and function
  • Security concepts and challenges directly with SCADA devices
  • Vulnerability assessments within SCADA environments
  • Incident response within a SCADA environment
  • Penetration tests on Industrial Control systems
  • Vulnerabilities in web applications used in industrial control systems
  • Hardware, network, user interface, and server-side vulnerabilities
  • Incident response on industrial control systems
  • Unique differences between ICS incident response and traditional

Audience

Anyone involved with designing, monitoring, or operating SCADA networks

Prerequistes

  • Familiarity with basic network topology such as switching, routing, and IP addressing
  • Recommended course book: Cybersecurity for Industrial Control Systems: SCADA, DCS, PLC,
    HMI, and SIS

Course Outline

1. Pentesting SCADA Network Protocols

  • ICS Systems Overview
  • Controllers, Embedded Systems and Protocols
  • PLCS, DCS, Hybrid Controllers, PC-Control
  • SCADA and ICS Protocols
  • Working with Modbus, OPC, and HMIs
  • Different levels of network communication penetration testing
    • Testing of network mediums vs network protocols
    • Where security defenses should be placed and tested
  • Serial communications
    • RS-485 and RS-232
    • Modbus RTU

2. Pentesting SCADA Field and Floor Devices

  • Tests performed against SCADA networks
  • External Penetration Testing
  • Internal Penetration Testing
  • Vulnerability Assessments
  • Wireless Audits
  • SCADA Vulnerability Assessment Methodology
    • Physical Security
    • Network Infrastructure (Switches, Routers, and Firewalls)
    • Assets in the SCADA DMZ
    • Control Room Servers, Workstations, and Applications
  • SCADA Protocols
  • PLC, RTU, DCS, and Embedded Controllers
  • SCADA Exploitation
    • Discuss SCADA exploitation
    • Discuss methods for exploitation
    • Perform exploitation of SCADA devices/embedded controllers
  • Analysis of embedded electronics in SCADA field and floor devices
    • Discussion of device disassembly

3. Pentesting SCADA Field and Floor Devices Continued and Intro to SCADA Incident Response

  • Introduction to SCADA Incident Response
    • Prepare
    • Identify
    • Contain
    • Eradicate
    • Respond
    • Lessons Learned
  • SCADA Incident Response Overview
    • Challenges seen
    • Reasoning
    • Actions
  • SCADA Incident Response In-Depth
    • How to perform SCADA Incident Response
    • Lessons learned phase
  • Analyzing data obtained from data dumping and bus snooping
    • Hands-on exercise doing string analysis of datasets
    • Hands-on exercise doing entropy analysis of datasets
    • Hands-on exercise doing systematic key searches through datasets
    • Hands-on exercise doing file carving from datasets
  • End-to-end analysis and reporting
    • Strategies for end-to-end analysis after targeted pentesting
    • Strategies for reporting and remediation recommendations

4. SCADA Active Defense Methodologies

  • Introduction to SCADA Active Defense
    • Concepts
    • What to be concerned about
  • SCADA Secure Architecture
    • DMZ
    • Bastion Hosts
    • ACLs
    • Network Segmentation
  • Network Segmentation
  • Remote Access
  • IDS/AV Considerations
  • Bastion hosts/firewalls

Course Labs

Lab 1: Introduction to SamuraiSTFU (Security Testing Framework for Utilities)

  • Setting up the virtual machine
  • Walk through the tools and functionality
  • Introduction to the student hardware kits

Lab 2: Pentesting RF communications between master servers and field devices

  • Hands-on network traffic extraction
  • Traffic transmission and exploitation

Lab 3: Pentesting TCP/IP based SCADA protocols

  • Protocol capture and analysis
  • modbus, DNP3, IEC 61850, ICCP, ZigBee, C37.118, and C12.22
  • Dealing with unknown protocols
  • Hands-on entropy analysis of network payloads
  • Reverse engineering unknown protocols
  • Hands-on SCADA protocol fuzzing

Lab 4: Pentesting technician interfaces on SCADA field and floor devices

  • Functional analysis of field technician interfaces
  • Hands-on exercise capturing USB communications to tech interfaces
  • Hands-on exercise analyzing captured USB communications
  • Impersonating endpoints in field tech interface communications
  • Exploiting vulnerabilities found during analysis

Lab 5: Analyzing field and floor device firmware

  • Obtaining field and floor device firmware
  • Hands-on exercise disassembling firmware
  • Hands-on exercise analyzing disassembled firmware
  • Exploiting firmware flaws

Lab 6: Overview of pentesting field and floor device embedded circuits

  • Local attack through physically exposed devices
  • Expanding physical attacks to remote attacks

Lab 7: Dumping data at rest on embedded circuits

  • Using the Bus Pirate and other similar tools

Lab 8: Bus Snooping on embedded circuits

  • Overview of bus snooping
  • Hands-on exercise snooping busses

Lab 9: Capture the Flag Event

  • Pits two teams against each other
  • One group is active defender
  • One group is active attacker