Arnaud SOULLIE - Pentesting Inductiral Control Systems: OCP-U-HACK

Arnaud SOULLIE - Pentesting Inductiral Control Systems: OCP-U-HACK

Thursday Morning DEF CON Workshop Starting at 0900 PDT

By DEF CON WORKSHOPS

Date and time

Thursday, August 10, 2023 · 9am - 1pm PDT

Location

Flamingo Las Vegas

3555 South Las Vegas Boulevard Las Vegas, NV 89109

About this event

Max Class Size: 40

Abstract:

Let’s capture the flag, literally! In this workshop you’ll participate in an engaging CTF during which you’ll take control of a robotic arm to capture a real flag on a model train!

To do so, we’ll start with an introduction to Industrial Control Systems to discover the specific components, the network architectures, and even program a PLC simulator.

We’ll then discover some ICS-specific protocols, with a focus on OPC-UA, a modern ICS protocol.

Finally, you’ll connect to our ICS setup composed of real ICS hardware and software and compete against other attendees to capture the flags with robotic hands!

Skill Level: Beginner

Prerequisites for students: No specific knowledge is required

Materials or Equipment students will need to bring to participate: Students should have a laptop capable of running 64-bits virtual machines

Bio:

Arnaud Soullié (@arnaudsoullie) is a Senior Manager at Wavestone, a global consulting company. For 12 years, he has been performing security assessments and pentests on all types of targets. He started specializing in ICS cybersecurity 10 years ago. He spoke and taught workshops at numerous security conferences on ICS topics : BlackHat Europe, BruCon, CS3STHLM, BSides Las Vegas, DEFCON... He is also the creator of the DYODE project, an open­source data diode aimed at ICS. He has been teaching ICS cybersecurity training since 2015.

Alexandrine Torrents is a cybersecurity expert at Wavestone. She started as a penetration tester, and performed several cybersecurity assessments on ICS. She worked on a few ICS models to demonstrate attacks on PLCs and developed a particular tool to request Siemens PLCs. Then, she started working at securing ICS, especially in the scope of the French military law, helping companies offering a vital service to the nation to comply with security rules. Now, Alexandrine works with different industrial CISOs on their cybersecurity projects: defining secure architectures, hardening systems, implementing detection mechanisms. She is also IEC 62443 certified and still performs assessments on multiple environments.

Organized by

DEF CON WORKSHOPS

DEF CON Workshops are an opportunity to learn from others in our community in a four hour class. The workshops range in difficulty from n00b to hardcore hacker and on almost any topic that you can think of in the realm of hacking.

Now on to some things to keep in mind while you look at which workshop(s) to register for:

Workshop Registration will be handled online. Announcement will be made as we get ready to open reg the day before.

In order to decrease the number of no-shows, DEF CON Workshops will be instituting a $25 registration fee to attendees. Tickets are available on a first come, first served basis. Additional costs include possible low-fee for material costs, if applicable, and will be collected by the instructor at the time of the workshop.

There will be a limited number of students on standby lists for each class, should a registration cancel.

There will be NO onsite registration, period. Anyone on standby will be notified they are on standby before the conference. There will be NO onsite standby line or list to sign up for. Everything will be arranged pre-con.

Students will be limited to purchasing 2 tickets per class.

You can register for as many classes as you can attend in one day. ( No two classes at the same time. If you have mastered occupying two spaces at the same time, there are some physics academics who would be pleased to meet you among others)

Sales Ended