Last year participants asked for a one-day advanced training course before S4. Good idea.

Our thought behind the course is many in the control system community are now familiar with Nessus and nmap for scanning and some are familiar with Metasploit as an exploit framework, but that is where it stops. These tools look for and exploit known vulnerabilities and are a good starting point, but what’s next? Our answer is advanced testing of control system components.

The course has two three-hour modules. The first module teaches students techniques to test web applications for application vulnerabilities. This is important because many control systems have a historian with a web server or some other component on the DMZ to serve up data to corporate users. There is an authorized hole in the firewall to reach these web servers from the corporate network. If an attacker can take control of that server, he has a beachhead to launch attacks on the control center.

The second module will teach students how to customize a fuzzing framework. We originally planned to focus on fuzzing PLC and other field device stacks, and we will still teach this. Some of the advanced students may also want to customize a fuzzer to test application protocols in other control system components. Fuzz testing is important in general, Microsoft has indicated it is one of their most effective techniques for finding bugs/vulns in their SDL. It is particularly important in control systems where negative testing has been largely ignored in QA.

In addition, we will be making our lab available to the students so they can bang on a variety of PLC’s and control system applications as extra credit. There will be at least 4 instructors, which we felt necessary because students will have a variety of skill levels. The students with the most experience may finish the standard exercises and work on building proof of concept exploits or attacking other systems in the lab. The students with no experience past Nessus/Metasploit will likely need additional help from our instructors.

S4 Registration Update
Now is the time to register for the course and conference if you want to get a spot. We have 24 seats left for Physical Attendees at S4 and 13 seats left for the training course.

• Register for S4 and the Advanced Course at this link
• See the full S4 program

Other S4 Previews

• Jamming and Interference Induced Denial of Service Attacks on IEEE 802.15.4 Based Wireless Networks
• Hardware Vulnerabilities in 802.15.4 Implementations
• Estimating 0days in Control Systems
• Security Metrics for Cyber Security Assurance