In this workshop, participants engage in a high-stakes cyber battle within a factory's OT systems. Divided into Red and Blue Teams, they alternate between offensive and defensive strategies in an interactive game. The workshop emphasizes real-world relevance, dynamic decision-making, and collaborative learning, providing practical cybersecurity insights in an industrial environment.
This workshop offers an interactive cybersecurity experience through a gamified scenario. Participants will be divided into two teams: Red & Blue Team. The game board is a demo factory, where the Red Team's objective is to inflict harm, while the Blue Team's mission is to defend it.
The games starts with an interactive setup phase. The Red Team will choose their tactics and techniques to be able to reach their objectives. The Blue Team will concentrate on understanding their environment and selecting appropriate initial defenses. Following the team introductions, the core of the workshop begins: the game loop, where each team alternates between planning and executing their actions. The Red Team will have different opportunities for their next actions aimed at breaching the Blue Team's defenses. The Blue Team will decide on their countermeasures to thwart the Red Team's efforts. Each round concludes with an evaluation phase, where the effectiveness of the actions taken by both teams is assessed. The workshop wraps up with a recap session, summarizing key learnings and discussing the outcomes of the game.
The workshop's interactive and gamified approach aims to enhance participants' understanding of cybersecurity dynamics with focus of OT environments. Participants will work alongside peers to develop and implement strategies, enhancing their understanding of both offensive and defensive cybersecurity measures. The workshop draws on the extensive experience of seasoned Red and Blue Team specialists to focus on real-world scenarios and case studies. It leverages the deep expertise of Nick and Nicholas, who are OT Blue Team specialists, and Sarah, a Senior Red Teamer with an OT specialization. Their combined knowledge ensures that the workshop addresses current industry challenges in both offensive and defensive OT cybersecurity.
Attendees will acquire a comprehensive understanding of both offensive and defensive cybersecurity strategies, along with enhanced teamwork and communication skills. Additionally, participants will learn to prioritize actions and strategies in emergency situations, gaining knowledge not only about specific tools and techniques but also the strategic approaches fundamental to Red and Blue Team operations in industrial environments.

START

Day1:

About me
Course Overview
impact on the world
Research on going on the following topics
Fundamentals of IoT Security
Some case studies
Information gathering of hardware
FCC.io (practical)
Datasheet (practical)
Fcc.io information (practical)
Tools of trade
Getting your hands dirty
How to use a multimeter (practical)
How to do visual analysis (practical)
How to recon hardware (practical)
Things which people miss in Hardware Recon

How to recon radio (practical)
How to do datasheet analysis (practical)
How to use a logic analyser (practical)
How to do protocol analysis
Samy Kamkar’s attack
Basic communication system diagram
SDR replay using GNURADIO
SDR using SDRSharp on windows
Esp32 WiFi attacks
Limited results
Secure boot attacks on esp32 (only brief)
Possible attacks
Conclusion
Homework or assignments
QnA


Day2:

hacking with sensors and physics
some cases
lamphone paper
SoK paper
hacking with physics (my talk) and other papers
screaming channels
See no evil, hear no evil: Hacking invisibly & silently with light & sound
HW
QnA


Day3

Firmware theory
Firmware Hacking (practical)
Extracting firmware using various methods
Tools of the trade
Debugging attacks
SPI
I2C
Jtag
How to find Jtag UART using Arduino (practical)
How to find Jtag uart using raspberry pi
How to flash firmware on esp32 (practical)
How to study or program esp32
Firmware extraction and finding Hardcoded credentials
Hands on lab for firmware (practical)
DVRF (practical)
Readout Protection Bypass (theory only)
Introduction to secure boot and esp32 attacks
Flash encryption and secure boot
Vlind Glitch
Conclusion
Homework/ Assignments
QnA


Day3: (bonus content)

Car hacking (car hacking 101)
CAN vulnerabilites
ECU hacking
TCU Hacking
Radio/ keyfobes Attacks
QnA

END