Security / Governance, Risk & Compliance

Advanced pentesting techniques in OT environments

Szkolenie odpowiada na rosnącą potrzebę weryfikacji rzeczywistego poziomu bezpieczeństwa systemów OT poprzez kontrolowane, symulowane ataki. Program obejmuje intensywne warsztaty praktyczne z maksymalnym naciskiem na ćwiczenia 'hands-on' w bezpiecznym środowisku laboratoryjnym. Uczestnicy zdobywają zaawansowane umiejętności planowania i przeprowadzania testów penetracyjnych specyficznych dla środowisk przemysłowych. Metodyka łączy teoretyczne podstawy z praktycznymi scenariuszami typu Capture The Flag skoncentrowanymi na celach OT, wykorzystując framework MITRE ATT&CK for ICS.

Issues

Pentesting methodologies adapted to OT environments
MITRE ATT&CK Framework for ICS
Pentesting tools specialized for industrial systems
Firmware analysis of OT devices
Industrial protocols: Modbus, S7, DNP3, Ethernet/IP, OPC UA
Lateral movement techniques in industrial networks
Exploitation of vulnerabilities in PLCs
Attacks on HMI panels and SCADA systems
Post-exploitation in OT environments
Reporting the results of OT penetration tests
Legal and ethical aspects of pentesting industrial control systems
Simulators and laboratory environments for OT safety testing

Benefits

They will gain the ability to plan and execute penetration testing in OT environments with a deep understanding of their specifics
They will learn to practically use advanced tools and techniques for reconnaissance, vulnerability identification and exploitation in industrial control systems
They will be able to analyze and attack popular industrial protocols such as Modbus, S7, DNP3 and Ethernet/IP
They will gain skills in security testing of key OT components, including PLCs, HMIs and RTUs
They will learn to effectively apply the MITRE ATT&CK for ICS framework for threat modeling and test planning
They will be able to professionally document and report OT penetration test results with a focus on business risks
They will receive hands-on experience in emulating adversary activities in an industrial environment
They will gain advanced competence in post-exploitation and access maintenance in critical infrastructure

Who is this training for?

Experienced IT pentesters specializing in industrial environments

OT security engineers responsible for proactive security assessment

Members of incident response teams (CSIRT/SOC)

Security consultants advising entities in the industrial sector

Red Team specialists performing tests on critical infrastructure

OT systems security auditors

Security analysts in industrial organizations

Security researchers specializing in control systems

Prerequisites

Solid knowledge of penetration testing in IT environments
OT security basics (completion of basic course or equivalent knowledge)
Experience working with pentesting tools (Kali Linux, Metasploit, Nmap)
Knowledge of Python or bash programming
Ability to analyze network traffic (Wireshark)
Understand the basic TCP/IP network protocols

Training program

Specifics of penetration testing in OT: differences from IT
OT pentesting methodologies adapted to industrial environments
Legal, ethical and contractual aspects of OT penetration testing
Safe testing procedures: risk minimization, contingency plans

Construction and configuration of laboratory environment for OT pentesting
Exercise: Scenario analysis and identification of testing risks
Reconnaissance and Mapping of the OT Environment
Passive reconnaissance: OSINT, analysis of technical documentation
Active reconnaissance in OT networks: asset identification, fingerprinting

Analysis of intercepted OT network traffic
Lab: Using OSINT tools, analyzing network traffic
Vulnerability Scanning and Analysis of OT Systems
Challenges of vulnerability scanning in OT environments
Overview of commercial and open source scanners with modules for OTs
Firmware analysis of OT devices: extraction, decompilation
Identification of vulnerabilities in the configuration of SCADA/HMI/DCS systems
Lab: OT device vulnerability scan, firmware analysis

Detailed analysis of attacks on Modbus TCP/RTU protocol
Vulnerabilities and attack techniques against the S7 Communication protocol
Attacks on DNP3, Ethernet/IP, OPC UA protocols
Use of Wireshark tools, Scapy, Python scripts
Lab: Practical attacks on Modbus and S7 protocols
Exploitation of Vulnerabilities in OT Equipment
Attacks on PLCs: modification of control logic

Attacks on RTU systems and edge devices
Security bypass techniques in OT systems
Lab: Exploiting vulnerabilities on PLCs and HMIs

A detailed discussion of the MITRE ATT&CK for ICS framework
Vulnerability mapping to the ATT&CK for ICS matrix.
Planning test scenarios using the framework
Emulation of enemy actions in a laboratory environment
Exercise: Developing a test plan based on MITRE ATT&CK
Post-exploitation and Maintenance of Access in OT
Lateral movement techniques in segmented OT networks
Escalation of authority in control systems
Hiding activity traces in OT systems
Risks of long-term maintenance of access in critical infrastructure
Lab: Post-explosion scenario with lateral movement
Reporting and Communication of OT Pentest Results
Specifics of reporting in OT penetration testing
Structure of the OT pentest report for different audiences
Presentation of results to technical and management staff
Formulating practical recommendations for mitigation
Exercise: Preparation of an excerpt from the pentest report

Delivery Methods

Online

Convenience of participating from anywhere
Interactive live sessions with trainer
Materials available for 30 days
No travel costs

On-site

Direct contact with trainer and group
Intensive hands-on workshops
Networking with other participants
Full focus on learning

Frequently asked questions

What are the prerequisites for this training?

For Advanced pentesting techniques in OT environments we recommend: Solid knowledge of penetration testing in IT environments; OT security basics (completion of basic course or equivalent knowledge); Experience working with pentesting tools (Kali Linux, Metasploit, Nmap).

What is the format and duration of this training?

The training lasts 5 days and is available in online and on-site format. Sessions run from 9:00 AM to 4:00 PM. We can also customize the schedule to fit your team's needs.

Who is this training designed for?

This training is designed for: Experienced IT pentesters specializing in industrial environments; OT security engineers responsible for proactive security assessment; Members of incident response teams (CSIRT/SOC).