ICS and IoT Village


ICS and IoT Village

New generation malware and attacks have been targeting ICS and IoT systems causing huge monetary and human life losses. Penetration testing on ICS and IoT systems is a very niche field which requires in-¬depth knowledge and has a huge dependency in terms of the Hardware availability. This village will concentrate on methodologies to conduct penetration testing of commercial Hardware devices such as PLCs, home automation, smart sensors as well as simulators. The village will provide an excellent opportunity for attendees to have hands-on experience on Penetration Testing of these devices and systems. The ICS setup will simulate the ICS infrastructure with real time PLCs and SCADA applications. The IoT setup will include home automation devices and sensors which the attendees can try and break into. It will also cover basic briefing of ICS/IoT components, jargons, architecture, various protocols used and need for security.

The ICS & IoT Village is targeted toward Pentesters, hackers, students and enthusiastics who really want to study and want to have experience on Scada (ICS) Hacking.

Village CTF: There will be certain challenges for the attendees and some GOODIES to give away for the winners.

Setup:

  • Modbus communication setup
  • Fuel station over Modbus and AST (Above surface Tank) monitoring system
  • Building Automation System (BAS) and Building Monitoring system(BMS) over BACnet communication
  • Smart Home

Equipment:

  • Delta DVPEN01+DVP28SV plc
  • SMPS
  • Electric simulator board– Consist of Push buttons, PNP sensors, Indicators, Alarm indicators
  • Raspberry Pi
  • BAS and BMS systems
  • Router
  • Smart Camera
  • Smart Socket
  • BLE Bulb
  • Smart Hub

Village CTF:

  • Modbus Network Scanning: - This attack involves sending benign messages to all possible addresses on a Modbus network to obtain information about field devices
  • Passive Reconnaissance: - This attack involves passively reading Modbus and other protocols messages or network traffic.
  • Reading register values
  • Reading coil values
  • Writing Register and coil values to toggle the actuators
  • Writing status of AST monitoring systems (Changing level of Diesel-petrol tank, Name of the Tank)
  • Scanning and enumeration of BACnet communication.
  • Toggle BMS actuators over BACnet communication.
  • Hijacking home sensors
  • Hacking mobile application

SPEAKERS

Arun Mane

Sr. Security Researcher
Payatu Software Labs, India

Arun Mane is a Hardware, IOT and ICS Security Researcher, working with Payatu Software Labs as Sr. Security Researcher. His areas of interest are Hardware Security, SCA, Fault Injection, RF protocols and Firmware Reverse Engineering. He also has experience in performing Security Audits for both Government and private clients. He has presented a talk at the nullcon 2016,2017 Goa, GNUnify 2017 and also co-trainer for IOT hacking training and delivered in HITB 2017, HITP 2017, private clients in London, Australia, Sweden, Netherland etc He is an active member of null - The open Security community (www.null.co.in) and Garage4Hackers Community (http://garage4hackers.com/).

Abhijith Soman

Sr. Security Researcher
Payatu Software Labs, India

Abhijith is a security researcher at Payatu Software Labs. His research interests lie in hardware, embedded systems, wireless and RFID security, building tools, etc. Abhijith used to design and build industrial access control systems, RFID/NFC readers, vending machines and connected devices in the past.