Milad Kahsari Alhadi Website
Description:

An important aspect of cyber security for critical infrastructure protection focuses on a basic understanding and awareness of real-world threats and vulnerabilities that exist within the industrial automation and control system architectures used in most process industries and manufacturing facilities.

These issues face the Distribution Control Systems (DCS) and Supervisory Control and Data Acquisition Systems (SCADA) that comprise most industrial environments, and impact not on the common IT infrastructure like Windows-based computers and network appliances (switches, routers and firewalls), but also embedded "proprietary" equipment such as programmable logic controllers (PLC), remote terminal units (RTU), intelligent electrical device (IED), basic process controllers (BPCS, safety instrumented systems (SIS), operator panels, and ancillary systems that are the basis of most integrated ICS architectures.

Nevertheless, in this course, we are going to discuss about Penetration Testing Execution Standard Phases, Information Reconissance and Analysis, Threat or Target Modeling, Vulnerability Analysis and Exploit Development, Malware Analysis and also ICS Security and Hacking.

Instructor:

My name is Milad Kahsari Alhadi. I am a computer science student and a part-time Security Consultant at Kashef Banking Security Governance and Iran Oil-Petrochemical Industry.

I am a huge System Security enthusiast and I have been researching about Mathematics, Electronics, Exploit Development, Vulnerability Analysis, Embedded-PLC Systems Security and Malicious Software Synthesis-Analysis since 2008.

  • Email:
    1. m.kahsari@gmail.com
    2. 0xc3phalex1n@gmail.com
  • Course Language:
    1. Persian
    2. English (Currently, I am recording this course with English language.)
  • Course Fee:
    1. Iranian: 7,000,000 Rial
    2. International: 300 US Dollar
  • Last Update:
    1. February - March 2018
Topics:
  • Module 01 - Introduction to the ICS Course
  • Module 02 - Virtualization Essentials:
    1. Hypervisors Part 1
    2. Hypervisors Part 2
    3. Virtual OSes
    4. VIM Editor
    5. VIM Editor Commands Set
    6. Linux Internal and Commands Overview
    7. VMware Snapshot Concept
    8. VMware Network Adapters
  • Module 03 Understanding Basic Hacking Terms:
    1. System and Threat
    2. Security Engineering
    3. Vulnerability
    4. Exploits
    5. Shellcode
    6. Exploit Mitigation
  • Module 04 Understanding Basic Security Terms:
    1. Firewall
    2. Anti-Virus
    3. Intrusion Detection Systems (IDS)
    4. Intrusion Prevention Systems (IPS)
    5. Unified Threat Management (UTM)
    6. Security Information and Event Management (SIEM)
  • Module 05 System Programming:
    1. Assembly Programming
    2. Python Programming
    3. C/C++ Programming
  • Module 06 Reverse Engineering:
    1. Software Engineering Process
    2. Software Reverse Engineering Process
    3. Linux Executable Structure
    4. Windows Executable Structure
    5. Extract Algorithms and Data Structures
    6. Dynamic Executable Reverse Engineering
    7. Static Executable Reverse Engineering
    8. Reconstruct the Executable Code
  • Module 07 Exploit Development:
    1. Stack Frame and Return Address
    2. Buffer Overflow Vulnerability
    3. Redirect Program Execution
    4. Exploit Buffer Overflow with Shellcode
    5. Doing Ret2libc with a Buffer Overflow
    6. Stack cookie protection
    7. SEH exploitation
  • Module 08 Malicious Software Analysis:
    1. Introduction to Malware Analysis
    2. Basic Static Techniques
    3. Basic Dynamic Techniques
    4. Recognizing C Code Constructs in Assembly
    5. Analyzing Malicious Windows Programs
  • Module 09 Industrial Security and Hacking:
    1. Basic Concepts of Communication
    2. Understanding Air Gapped Infrastructure
    3. Stuxnet Attack Analysis
    4. Home Heat Automation Scenario
    5. Thermostat System Internals
    6. Problem in Large Scale Infrastructure
    7. Programmable Logic Controller (PLC)
    8. PLC Runtime
    9. PLC Control Logic
    10. PLC Program Scan Cycle
    11. PLC Variable (Virtual) Table
    12. Control Algorithms
    13. Process Control Safety
    14. Why Control Loop is Important for Industry?
    15. Current Attacks against Embedded Systems
    16. Current Defense against Embedded Systems
    17. System-level protection for PLCs
    18. Pin Control Subsystem
    19. Pin Control Attack
    20. Real-Time Operating Systems
    21. Embedded OS Exploit Mitigation Mechanism