Overview What You Will Learn Curriculum Instructor

Course Overview

In today's technologically driven world, the reliance on systems that oversee and govern industrial processes continues to grow. Industries such as the electric power grid, water and sewage systems, oil and gas pipelines, and various other critical infrastructures heavily rely on Industrial Control Systems/Supervisory Control and Data Acquisition (ICS/SCADA) systems. These systems are instrumental in monitoring and controlling the operations of essential infrastructure. The Advanced OT Cyber Security course offered is designed to equip participants with a solid foundation in the realm of ICS/SCADA Cyber Security.

The curriculum covers a range of topics including an overview of ICS/SCADA, an exploration of the current threat landscape faced by ICS/SCADA systems, defensive strategies, and more. It's important to note that Industrial Control Systems (ICS) are frequently targeted by cybercriminals due to the crucial nature of the processes they oversee, which encompass a variety of critical services such as power distribution, water supply, transportation, and manufacturing. Given the vulnerabilities inherent in ICS systems, an attack or breach could have catastrophic consequences, leading to widespread outages, substantial user impacts, and even national emergencies. Penetration testing specific to ICS systems necessitates a deep understanding of the field and access to relevant hardware.

By the end of the course, you will have mastered ICS/SCADA Cyber Security.

The necessary resources for this course are in the "Resources" section of Video 1.1. You can also access them through this direct link - https://github.com/ec-council-learning/Advanced-OT-Cyber-Security-ICS-DCS-SCADA

What You Will Learn

  • Understand OT components and terminology
  • Differentiate between DCS and SCADA systems
  • Identify vulnerabilities in Industrial Control Systems (ICS)
  • Learn PLC Programming with Ladder Logic
  • Conduct Pentesting on ICS systems and protocols
  • Implement security measures for ICS systems
  • Develop comprehensive OT security plans
  • Cultivate a defensive mindset for safeguarding ICS/SCADA environments

Program Curriculum

  • Introduction to ICS
  • IT vs. OT
  • Architecture and ICS Components
  • The Purdue Model
  • Standards and Guidelines
  • IEC 62443 Security Levels
  • Chapter 1 Quiz

  • PLCs and Control Loops
  • PLC Programming Languages
  • Ladder Logic Programming Introduction
  • Download and Use Rockwell RSLogix
  • Writing a Ladder Program
  • Chapter 2 Quiz

  • ICS Protocols
  • Lab Setup
  • Network PDUs
  • Modbus Architecture, Weaknesses, and Vulnerabilities
  • Virtual PLC Emulation Running Modbus
  • Modbus Packet Analysis in Wireshark
  • S7Comm Architecture, Weaknesses, and Vulnerabilities
  • Virtual PLC Emulation Running S7
  • S7Comm Packet Analysis in Wireshark
  • DNP3 and DNP3 SA Architecture, Weaknesses, and Vulnerabilities
  • DNP3 Emulation
  • DNP3 Packet Analysis in Wireshark
  • OPC UA Architecture, Weaknesses, and Vulnerabilities
  • OPC UA Emulation
  • OPC UA Packet Analysis in Wireshark
  • Profinet Architecture, Weaknesses, and Vulnerabilities
  • Profinet Traffic Generation and Analysis in Wireshark
  • BACnet Architecture, Weaknesses, and Vulnerabilities
  • BACnet Emulation
  • BACnet Packet Analysis in Wireshark
  • Chapter 3 Quiz

  • Common ICS Vulnerabilities
  • ICS MITRE ATT&CK vs. ICS Cyber Kill Chain
  • IIOT Attack Surface
  • Incidents that Change the World
  • PLC Vulnerabilities and Security
  • OSINT Overview
  • Google Dorks in ICS
  • Shodan OSINT
  • Zoomeye OSINT
  • Censys OSINT
  • Artificial Intelligence and OSINT
  • ICS pentest Methodology
  • What to Attack?
  • ICS pentest Tools
  • NMAP in ICS
  • Scanning for Modbus with Metasploit
  • Hands-on pentest for Modbus with Metasploit
  • Attacking Modbus with MBTGET
  • Attacking Modbus with Python Scripts
  • Hands on pentest for S7comm
  • SNMP Enumeration
  • Attacking PLC Features
  • Attacking HMI
  • Attacking Historians
  • Attacking Active Directory
  • Fuzzing ICS Protocols
  • Fuzzing Modbus
  • Fuzzing Profinet
  • BACnet Enumeration
  • Attacking OPC UA
  • Deploy an ICS Honeypot (Conpot)
  • What is an Airgap?
  • Issues with Airgap
  • Does Airgap Exist?
  • Airgap and Network Topologies
  • Attacking Airgaps
  • Airgap Channels
  • Securing the Airgap
  • Artificial Intelligence and ICS Threats
  • Chapter 4 Quiz

  • ICS Risk Management and Threat Modeling
  • Roadmap to ICS Cyber Security Program
  • Organizational ICS Cyber Security Measures
  • Technical ICS Cyber Security Measures
  • ICS Cyber Security Awareness
  • Physical Security Measures
  • How to Build a Comprehensive ICS Cyber Security Program?
  • How to Monitor ICS Systems?
  • OT SIEM Use Cases
  • ICS Cyber Insurance
  • Chapter 5 Quiz
Load more modules

Instructor

Mohamad Mahjoub

Mohamad Mahjoub is a highly accomplished author, trainer, speaker, and esteemed expert in the field of cyber security. Holding a prestigious array of licenses and certifications, including CISSP, ISO 27005 Risk Manager, ISO 27001 Lead Implementer, CISA, PMP, ITIL, and Data Protection Officer (GDPR), he brings a wealth of knowledge and experience to the realm of information security. Mohamad earned his Master's Degree in Computer Science with magna cum laude distinction from the Lebanese American University, a testament to his dedication to academic excellence. He is notably recognized as the author of the influential book "Ethical Hacking with Kali and More" and has been a featured speaker at prominent cyber security events. With an unwavering commitment to professionalism, Mohamad leverages his extensive training and certifications to provide expert cyber security services to both individuals and organizations. Since 2012, he has conducted numerous cyber security courses and seminars, catering to a diverse audience, including recent graduates, IT professionals, senior executives, and business owners. Additionally, he has reached a global audience through his multilingual online cyber security courses, boasting an enrolment of over 100,000 students worldwide. Currently serving as the Chief Information Security Officer (CISO) for a multinational corporation, Mohamad oversees the security of IT and OT operations across the Middle East region. With a remarkable 17-year career in the field of cyber security, he has earned a reputation as a trusted authority, consistently achieving success in the domain. In an era dominated by pervasive technology, Mohamad's steadfast belief underscores the critical importance of cyber security in safeguarding our digital world.

Join over 1 Million professionals from the most renowned Companies in the world!

certificate

Empower Your Learning with Our Flexible Plans

Invest in your future with our flexible subscription plans. Whether you're just starting out or looking to enhance your expertise, there's a plan tailored to meet your needs. Gain access to in-demand skills and courses for your continuous learning needs.

Monthly Plans
Annual Plans
Save 20% with our annual plans!

Pro

Ideal for continuous learning, offering extensive resources with 600+ courses and diverse Learning Paths to enhance your skills.

$ 499.00
Billed annually or $59.00 billed monthly
Get Started Now
Start your 7-day trial for $1

What is included

  • 700+ Premium Short Courses
  • 50+ Structured Learning Paths
  • Validation of Completion with all courses and learning paths
  • New Courses added every month
Early Access Offer

Pro +

Experience immersive learning with Practice Labs, CTF Challenges, and exclusive EC-Council certifications for comprehensive skill-building.

$ 599.00
Billed annually or $69.00 billed monthly
Get Started Now
Start your 7-day trial for $1

Everything in Pro and

  • 800+ Practice Lab exercises with guided instructions
  • 150+ CTF Challenges with detailed walkthroughs
  • New Practice Labs and Challenges added every month
  • 3 Official EC-Council Essentials Certifications¹ (retails at $897!)
    Exclusive Bonus with Annual Plans

¹This plan includes Digital Forensics Essentials (DFE), Ethical Hacking Essentials (EHE), and Network Defense Essentials (NDE) certifications. No other EC-Council certifications are included.

Related Courses

  • 5G Strategies for Businesses

    5G Strategies for Businesses

    Short Course

    5G Strategies for Businesses

    Industrial Security Controls

    Expertise on 5G technology and business trends by putting 5G ...

    $59.99

    Intermediate

    4 hr 0 m

  • Introduction to System Design

    Introduction to System Design

    Short Course

    Introduction to System Design

    Industrial Security Controls

    Learn about the system design process, and components, and de...

    $49.99

    Beginner

    3 hr 33 m

  • Introduction to IoT Hacking

    Introduction to IoT Hacking

    Short Course

    Introduction to IoT Hacking

    Industrial Security Controls

    Unlock Success: Common IoT attacks and vulnerabilities and ho...

    $99.99

    Beginner

    0 hr 39 m

  • AI Mastery in OT Security: Securing ICS/OT Infrastructures

    AI Mastery in OT Security: Securing ICS/OT Infrastructures

    Short Course

    AI Mastery in OT Security: Securing ICS/OT Infrastructures

    Industrial Security Controls

    Harness Advanced AI Strategies to Shield Critical Infrastruct...

    $99.99

    Intermediate

    2 hr 59 m

  • Internet of Things IoT, Robotics and Hacking with NodeMCU

    Internet of Things IoT, Robotics and Hacking with NodeMCU

    Short Course

    Internet of Things IoT, Robotics and Hacking with NodeMCU

    Industrial Security Controls

    Learn NodeMCU by doing fun IOT projects, robotics and ethical...

    $59.99

    Advanced

    6 hr 20 m

  • Practical Internet of Things Hacking

    Practical Internet of Things Hacking

    Short Course

    Practical Internet of Things Hacking

    Industrial Security Controls

    Conducting Reverse Engineering on Internet of Things Firmware...

    $59.99

    Intermediate

    2 hr 24 m

  • Applied IoT Forensics

    Applied IoT Forensics

    Short Course

    Applied IoT Forensics

    Industrial Security Controls

    Unraveling the Digital Mysteries: Enroll in Applied IoT Foren...

    $99.99

    Advanced

    4 hr 0 m

  • Build Secure Transportable Data Center with VMWare

    Build Secure Transportable Data Center with VMWare

    Short Course

    Build Secure Transportable Data Center with VMWare

    Industrial Security Controls

    No cloud, no internet, no servers, no problem! Ruggedized Tra...

    $59.99

    Advanced

    4 hr 30 m

1 8