Mosse Cyber Security Offensive SCADA/ICS Exploitation


2 days


$2200.00 (inc GST)

Offensive SCADA/ICS Exploitation is a unique course offering attendees the opportunity to understand the security issues in ICS/SCADA architectures, along with attacking and exploiting the implementations. This training covers all different aspects of the ICS including PLC, HMI, Hardware Hacking, SDR, Risk calculation and security policies.

Hardware Requirements:

  • The students are responsible for bringing their laptops and powercable to the course.
  • Internet is provided by the training provider.
  • Attendees will have to install a VPN client to connect to the security lab infrastructure.
  • Attendees are required to have an RDP client (installed by default on all Windows machines)


Please be advised that this is a reseller course which is not held at DDLS. Students are expected to organise their own meals.

Skills Gained

This hands-on course has a 60-40 split between the exercises and demos/discussions. At the end of the course, attendees will be able to complete a final 'Capture the Flag' challenge, where you will be presented with a custom developed Incident Command System Implementation, which you will pen-test and exploit.

Key Topics

Module 1: Getting Started 

  • Introduction to Industrial Control Systems
  • (In)Evolution of ICS over past 10 years
  • Sensors, Controllers, Actuators
  • Case studies of previous ICS/SCADA attacks


Module 2: PLCs and HMIs

  • Programmable Logic Controllers
  • Hands-on with PLCs
  • Getting familiar with HMI


Module 3: Network Based security vulnerabilities

  • Master-slave architecture
  • ICS network structure
  • Firewall rules
  • Default policies for firewalls


Module 4: Web and Network based attacks

  • Setting up the pentest lab
  • Information gathering and Reconnaissance of the end targets
  • Conventional attacks on ICS systems – web and network based
  • MITM attacks on SCADA system
  • Network traffic capturing
  • Reversing network captures and forensics
  • Fuzzing ICS systems


Module 4: Digging Deeper and Advanced Exploitation

  • Mapping attack surface in ICS systems
  • Scanning ICS implementation
  • Exploiting services
  • Encryption related security issues
  • Protocols in use
  • Getting familiar with DNP3, IEC 61850 and PROFIBUS
  • Introduction to Modbus
  • Modbus based vulnerabilities
  • Using exploits against SCADA/ICS implementations


Module 5: Hardware hacking 101

  • Embedded systems
  • Introduction to Serial communications
  • UART, JTAG and SPI
  • Dumping device firmware
  • Reversing and Analysing firmwares
  • Firmware based vulnerabilities


Module 6: Radio Hacking

  • Introduction to Software Defined Radio
  • Radio Hacking 101
  • Using RTL-SDRs
  • Capturing radio traffic
  • Replay attacks
  • Hands-on with GNU Radio


Module 7: Defence Strategies

  • Writing scripts to automate pen-testing
  • Securing ICS networks
  • Risk calculation and threat modelling
  • Defence in Depth
  • Patch Management
  • NIST SP800-82 and API STD 1164 Review
  • Final conclusions, wrap-up and discussions
Target Audience

Infrastructure Manager, Penetration tester, IT Engineer


Basic understanding of computer infrastructure and networking; basic understanding of penetration testing and application security.

The supply of this course by ACTE Pty Ltd (trading as DDLS) is governed by the booking terms and conditions. Please read the terms and conditions carefully before enrolling in this course, as enrolment in the course is conditional on acceptance of these terms and conditions.

Course Availability

Please call DDLS on 1800 U LEARN (1800 853 276) or register your interest below.

Pre-Course Requirements

DDLS offers this training through a third party. This arrangement requires DDLS to provide your details to our partner for course registration purposes.