Red Team vs. Blue Team Exercises for ICS/SCADA Security

November 19th @ 16:00 - 18:00 (GMT +4) // Track 3 @ HITB Labs


Skill Level








In recent years, there have been an endless stream of information security incidents in critical infrastructure areas (refining, power, smart manufacturing, etc.), and critical infrastructures in countries around the world have been attacked.

There is a considerable gap between the background knowledge of industrial control systems and information security practitioners. Often, practitioners in the industrial control field do not understand information security, and the information security practitioners do not know anything about the industrial control field.

This LAB will specifically target students of various backgrounds, so that they can get a glimpse of the mystery of industrial control information security.

Based on MITRE ATT&CK for ICS, we will share and implement how to successfully obtain control of ICS from attacking industrial control protocols, and then share and implement how to detect and defend malicious attacks on these protocols.


a. What are ICS/SCADA?
b. The Threat of ICS/SCADA?
c. ICS Communication Protocols

i. Public – Modbus/TCP, OPC-UA (Deeply discuss Modbus/TCP for later parts)

ii. Private – Siemens S7, Mitsubishi MELSEC

a. What Kinds of Threats in ICS?
b. How Hackers Attack ICS?

i. T836 Modify Parameter (Lab)

ii. T841-Network Service Scanning (Lab)

iii. T842-Network Sniffing (Lab)

iv. T855 Unauthorized Command Message (Lab)

v. T856-Spoof Reporting Message (Lab)

i. T833 Modify Control Logic (Demo)

ii. T875 Change Program State (Demo)

a. Snort Introduction
b. Design Modbus/TCP Snort Rules (Demo and Lab)

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on whatsapp


TXOne Networks

Mars Cheng

Mars Cheng is a threat researcher for TXOne Networks, blending a background and experience in both ICS/SCADA and Enterprise cybersecurity systems. Mars has directly contributed to more than 10 CVE-IDs, and has had work published in three Science Citation Index (SCI) applied cryptography journals. Before joining TXOne, Mars was a security engineer at the Taiwan National Center for Cyber Security Technology (NCCST). Mars is a frequent speaker and trainer at several international cyber security conferences such as ICS Cyber Security Conference USA and Asia 2020, and USA 2019, HITB Lockdown 002 and Abu Dhabi 2019, SecTor 20, and HITCON 2019, as well as other conferences and seminars related to the topics of ICS and Internet of Things (IoT) security. Mars is general coordinator of HITCON 2021 and was vice general coordinator of HITCON 2020.

Ready To HACK?