Security Training ▸ ICS/SCADA
ICS/SCADA Training
Get your hands on real devices that are used in the industrial settings
#ICS/OTvulnerabilities
#PLC&HMI
#RF
#BadUSB
#BadDNS

What is ICS/SCADA Training?
As internet and automation is adapted in the industrial world, ICS/SCADA systems are mandatory nowadays. Daily-used automation systems such as elevator, automated doors and big facilities such as nuclear powerplants and dams are all vulnerable to hacking, and it may result in economical loss.
As if Iran experienced Stuxnet incident, which Uranium facility was attacked, industrial systems and automated machines are open to the hackers. In this course, you can simulate various hacking scenarios on the testbed and may understand how hackers attack the industrial systems. By doing so, you will be able to secure your own ICS/SCADA system!
Who should take this course?

OT Engineers

Automated Facility
Security Manager

ICS/SCADA system
managers

Network Managers

Security Professionals

IT Technicians
Why ICS/SCADA Training?

Security Threats on ICS/SCADA facilities

Increasing importance of safety and security design for industrial facilities

Understanding vulnerabilities of ICS/OT Systems

Tracking hackers and unauthorized user’s attack paths

Preventing automated machines from getting hacked

Strengthening IT & OT Security in facilities
Curriculum
[ICS/SCADA Overview]
1. OT/ICS Security Trends
– Introducing Various cyber attacks and attack paths
2. Intro. To ICS/SCADA
– Looking into ICS/SCADA in Cyber Security perspective
3. Comparing with IT Security
– New technologies, new threats
[The ICS/OT Reconnaissance]
1. Introduction
– OSINT Approach
2. Case Studies
3. OSINT Methodologies for ICS/OT
1. Finding attack paths using OSINT tools (e.g. Censys & Shodan)
2. OSINT Monitoring with DarkTracer
[IEC 62443 Standards]
1. Introducing International Standards for OT cybersecurity
– Understanding OT cybersecurity standardization
– Case studies
2. Overview of IEC 62443 Standards
– Components of IEC 62443 and its application to the real world
3. Details of IEC 62443 3-3 Standards
– Understanding Intentions, Requirement and Expectations of IEC 62443
[Advanced Attacks on ICS Vulnerabilities] - Part 1
1. Fuzzing & Exploit Overview
– Vulnerabilities of current systems and software
– Understanding fuzzing and exploits
– Real life Scenarios and Attack Cases Studies
[PLC/HMI Programming - Basic] - Part 1
1. Overview of PLC Simulation
– Intro. to PLC
– Intro. to HMI
2. PLC/HMI Attack Scenarios
– Understanding normal behavior of PLC/HMI operation
– Understanding the causes of accidents of the automation device
3. Ladder Logic Programming
– intro. To Runway control system scenario
1. PLC/HMI Configuration
2. PLC Ladder Logic Programming
[PLC/HMI Programming - Basic] - Part 2
1. Runway HMI Configuration
– Understanding the components of Runway control system HMI
1. PLC/HMI Simulation
2. Connecting HMI Simulation and PLC
[PLC/HMI Programming - Basic] – Part 3
1. Runway HMI Configuration
– Understanding the components of Runway control system HMI
2. Attacking the program to resimulate the accident
– Understanding attacker’s intention and cause of the accident
1. Ladder Logic Programming
2. Downloading HMI Screen
3. Runway Operation and attack
[PLC/HMI Programming - Advanced] – Part 1
1. Overview of ICS Protocols
– Understanding how PLC works (Advanced)
– Application to ICS Network
2. ICS Network – Basics
3. PLC ↔️ HMI Packet Analysis
– How to capture Packet
– Understanding how Packet communication works (Advanced)
[PLC/HMI Programming - Advanced] – Part 2
1. Analyzing ICS Protocols
– Introducing various ICS Protocols
2. Modulation Attacks on ICS Protocols
– The vulnerabilities of ICS Protocols
– ICS Protocols Attack Methodology
3. Malware Injection
– Understanding attack scenarios
– Different types of tools for Malware Injection
1. Analyzing S7 Comm Plus packet and attacking vulnerabilities
2. Tempering ICS Protocols
[Air Gap Bypass Techniques] – Part 1
1. Airgap Bypassing Overview
– Intro. To Closed Network
– Understanding Airgap Bypassing of IoT Devices
2. Intro. to Bad USB
– Vulnerabilities, attack path, attack methodology, Real-life cases
1. Creating Bad USB
2. Attacking the target device using Bad USB
[Air Gap Bypass Techniques] – Part 2
1. Intro, to Bad DNS
– Understanding how DNS works
– DNS Tunneling
2. Bad DNS attack scenarios
– Bad DNS attack and defense
[Radio Frequency Attack] - Part 1
1. RF Attack Overview
– Case Studies
– Preparation for RF attack
2. Tools for RF Attack
– Introducing various tools for RF attack
[Radio Frequency Attack] - Part 2
1. RF Signal Detection, Regeneration, Tampering, Resending
– Radio Frequency Wireless Signal
– Capturing and analyzing the wireless signal from the remote controller
2. Attacks on Model Cranes
– Various scenarios
1. Capturing wireless signals using HackRF
2. Replay Attack
3. Jamming Signals
4. Analyzing the signal
Tools
Simulations, TestBed, Hardware
RA-T Runway, RA-T Crane, RA-T SFPCS, RA-T SmartCity, HackRF, P4wnP1, Teensy
Programs and Software
VMWare Workstation, Siemens TIA Portal, Shodan, Censys, DarkTracer, Python, WireShark
Prerequisites

Basic knowledge on cyber security

Linux OS & Kali Linux

Python Basics

Network Vulnerability Analysis
Instructors

CEO

Louis Hur | CEO
Main Training Area
OSINT Intro.
- NSHC Co-Founder
- DarkTracer CEO
- SCADA Security Adviser
- DarkWeb Intelligence Researcher/Investigator
- 2017-Present | NSHC Training (OSINT) Instructor
- 2015-Present | Interpol Adviser for Threat Hunting
- 2010-Present | RedAlert Lab Researcher
- 2016 | CODE BLUE ICS Security Training Instructor
- 2015-2016 | Info-Security Speaker at BLACKHAT, HITCON, CCS, etc.

Head of RedAlert Lab

Ocean Moon | Head of RedAlert Lab
Main Training Area
ICS/SCADA Advanced
- ICS Device Zero-Day Vulnerability Chief Detector/Analyst
- IoT Device & Application Zero-Day Vulnerability Chief Detector/Analyst
- 2021 | ICS/OT Training (for Singapore Government Agency) Instructor
- 2019-2021 | MOTIE CTF Organizer
- 2019-2020 | DSTA CDDC CTF Organizer
- 2018-2019, 2021 | DEF CON ICS/SCADA CTF Organizer
- 2016-Present | NSHC Training (ICS/SCADA, IoT Exploitation) Instructor
- 2017, 2019 | STUD S3 CTF Winner
- 2015, 2017 | CODE BLUE Hack2Win Winner
- 2009, 2013 | DEF CON 17th, 21st CTF Finalist

Researcher

SungHun Do | Researcher
Main Training Area
PLC/HMI Basics & Programming
- PLC/HMI TestBed Asst. Engineer
- 2021-Present | NSHC Training (ICS/SCADA) Instructor
- 2021 | ICS/OT Training (for Singapore Government Agency) Instructor
- 2021 | DEF CON ICS/SCADA CTF Organizer
- 2020-2021 | MOTIE CTF Organizer
- 2018-2020 | PLC-based Factory Automation Engineer

Researcher

Researcher

Rana Jose | Researcher
Main Training Area
ICS Security Standards/Frameworks
Airgap Bypassing
- ICS/SCADA Security Researcher
- Regional Manager (EMEA)
- 2022 | DEFCON RED ALERT ICS CTF Organizer
- 2022 | DSTA CDDC CTF Organizer
- 2021 | Hack In The Box - CyberWeek - OT Security Villager
- 2019 - Present | NSHC Training (ICS/SCADA) Instructor
- 2019 | International Atomic Energy Agency - Instructor/SME for Protecting Computer Based Systems in Nuclear Security

CEO

Louis Hur | CEO
Main Training Area
OSINT Intro.
- NSHC Co-Founder
- DarkTracer CEO
- SCADA Security Adviser
- DarkWeb Intelligence Researcher/Investigator
- 2017-Present | NSHC Training (OSINT) Instructor
- 2015-Present | Interpol Adviser for Threat Hunting
- 2010-Present | RedAlert Lab Researcher
- 2016 | CODE BLUE ICS Security Training Instructor
- 2015-2016 | Info-Security Speaker at BLACKHAT, HITCON, CCS, etc.

Head of RedAlert Lab

Ocean Moon | Head of RedAlert Lab
Main Training Area
ICS/SCADA Advanced
- ICS Device Zero-Day Vulnerability Chief Detector/Analyst
- IoT Device & Application Zero-Day Vulnerability Chief Detector/Analyst
- 2021 | ICS/OT Training (for Singapore Government Agency) Instructor
- 2019-2021 | MOTIE CTF Organizer
- 2019-2020 | DSTA CDDC CTF Organizer
- 2018-2019, 2021 | DEF CON ICS/SCADA CTF Organizer
- 2016-Present | NSHC Training (ICS/SCADA, IoT Exploitation) Instructor
- 2017, 2019 | STUD S3 CTF Winner
- 2015, 2017 | CODE BLUE Hack2Win Winner
- 2009, 2013 | DEF CON 17th, 21st CTF Finalist

Researcher

SungHun Do | Researcher
Main Training Area
PLC/HMI Basics & Programming
- PLC/HMI TestBed Asst. Engineer
- 2021-Present | NSHC Training (ICS/SCADA) Instructor
- 2021 | ICS/OT Training (for Singapore Government Agency) Instructor
- 2021 | DEF CON ICS/SCADA CTF Organizer
- 2020-2021 | MOTIE CTF Organizer
- 2018-2020 | PLC-based Factory Automation Engineer

Researcher

Researcher

Rana Jose | Researcher
Main Training Area
ICS Security Standards/Frameworks
Airgap Bypassing
- ICS/SCADA Security Researcher
- Regional Manager (EMEA)
- 2022 | DEFCON RED ALERT ICS CTF Organizer
- 2022 | DSTA CDDC CTF Organizer
- 2021 | Hack In The Box - CyberWeek - OT Security Villager
- 2019 - Present | NSHC Training (ICS/SCADA) Instructor
- 2019 | International Atomic Energy Agency - Instructor/SME for Protecting Computer Based Systems in Nuclear Security
Training Kit

Airport Runway Simulations
Runway simulation is equipped with Siemens PLC and HMI units. The operation of runway guidance lights is inserted into the units via Siemens Tia Portal program.

Crane
This model of industrial crane operates with radio frequency, which can demonstrate related mock attack and incident situation.

SmartCity
Railway system, power plants, airport runways, digital billboards and such infrastructures with different systems and protocols are installed in the Smart City diorama.

SFPCS
Spent Fuel Pool Cooling System, a.k.a SFPCS, visualizes the neutralization incident of cooling system in a nuclear power plant.
Reviews
Corporate Trainee (South Korea)
I finally got a chance to work on the devices such as PLC/HMI that I couldn’t encounter before. And especially the TA were a great help. Thank you so much for the wonderful experience.
Government Trainee (South Korea)
Frankly speaking, It was the best training that I have ever had! I think I got a really good understanding of ICS/SCADA security through the training, and the training kit was very helpful, too.
Government Trainee (Japan)
I had no problem with Hands-on training even though it was an online training. I really enjoyed the training overall, but one thing that I liked the most is that all the hands-on scenarios were based on the real-life cases. I was able to experience the ICS/SCADA through this training.
Corporate Trainee (Singapore)
This training became a good introduction to the ICS for me. And I loved every activity I had during the training. The instructors and staffs were very passionate, and they never hesitated to help when I am in need.
Videos
Notice
NSHC provides following items for your convenience.
1) Laptop
We provide laptop with software that you will need for hands-on training.
2) Textbook
All the learning materials will be provided in form of a textbook.
3) Training fee
Lunches and snacks are included in your training fee.
Transportation, accommodation, and dinner are excluded.
4) Certificate of Completion
We give the certificate of completion to those who finish the training.
Location
- 18th ICS/SCADA Training (Singapore)
<Park Avenue Rochester> 31 Rochester Dr, Singapore 138637
- 19th ICS/SCADA Training (Republic of Korea)
<SKY31> 300, Olympic-ro, Songpa-gu, Seoul, Republic of Korea
Registration and Payment
There are two ways to pay the training fee: PayPal or bank transfer.
You may select preferred payment method when submitting the registration form.
We will assist you after your registration form is received.
If you have any question regarding the payment, please contact us at training@nshc.net.
Refund Policy
You may receive a full refund without a penalty if you make cancellation a week prior to the training.
Or, you will be charged for 10% cancellation fee.
Cancellation made until [8 days] before the training : fully refundable
Cancellation made within [7 days ~ the day of training]: 10% cancellation fee is charged.
Refund policy may be changed without a notice.
Security Training ▸ ICS/SCADA
ICS/SCADA Training
#ICS/OTvulnerabilities
#PLC&HMI
#RF
#BadUSB
#BadDNS
$4,500(SGD)
VAT incl.
$3,300(USD)
VAT incl.
18th (Confirmed)
- DateOct 19 ~ Oct 21
- Time09:30 ~ 18:00
- LocationPark Avenue Rochester, Singapore
- DeadlineOct 12, 2022
- Capacity12
19th (Confirmed)
- DateDec 13 ~ Dec 15
- Time09:30 ~ 18:00
- LocationLotte Tower, Seoul
- DeadlineDec 6, 2022
- Capacity12