Text: NIST SP 800-82r3


Reference, Free

Securing Critical Infrastructure

Sam Bowne

Online class--connect to:
https://zoom.us/j/4108472927

Schedule · Projects

Class Description

Critical infrastructure like water treatment plants and air traffic control towers are under constant attack by hostile nations, and securing them is a national priority. This workshop covers industrial automation systems, network security monitoring, incident response, and machine learning. Participants will perform many hands-on projects configuring systems, attacking them, and defending them.

All class materials are freely available on the Web and may be easily used in other classes.

Pre-requisites

Participants should understand networking at the Network+ level.

At-home computer requirements

Participants should have a computer with at least two monitors, so they can easily read instructions while performing projects.

Three specific goals

  • Identify the main Operational Technology network protocols and their weaknesses
  • Detect intrusions and respond effectively to them
  • Build machine learning systems and defend them

Reference

NIST SP 800-82r3: Guide to Operational Technology (OT) Security (free)

Schedule

Tue, Dec 10 

Operational Technology

Preparing Windows and Linux Servers
Implementing Modbus
Configuring OpenPLC
Using Ladder Logic
Examining DNP3 Traffic
Simulating a factory with FactoryIO
Destroying a factory with Metasploit

Network Security Monitoring

Threat Hunting with Splunk

Wed, Dec 11 

Incident Response

Threat Intelligence

The ATT&CK Matrix

Threat Hunting

Using Zeek to analyze network traffic
Detecting ransomware with Splunk and Sysmon

Analyzing Attacks

Using Velociraptor
Using VirusTotal
Using Yara to classify files
Prefetch forensics to identify recent processes

Network Forensics

Using Nmap to identify network processes
Analyzing an attack with Wireshark
Packet crafting with Scapy
Using Packettotal to analyze network malware

Thu, Dec 12 

Machine Learning

Understanding Prompts

ML 130: Prompt Injection

Google Learning

GL_Badges: Google Learning

Security Risks

ML 150: OWASP Machine Learning Security Top Ten
ML 151: OWASP Top 10 for LLM Applications
ML 152: Microsoft Copilot Security

Awareness: Demonstrating Capabilities

ML 100: Machine Learning with TensorFlow
ML 101: Computer Vision
ML 102: Breaking a CAPTCHA (
ML 103: Deblurring Images

Technical: Inner Components

ML 104: Analyzing Input Data
ML 105: Classification
ML 112: Support Vector Machines
ML 113: Decision Trees
ML 114: Ensemble Learning and Random Forests
ML 115: Dimensionality Reduction
ML 116: k-Means Clustering

Attacks

ML 106: Data Poisoning
ML 107: Evasion Attack with SecML
ML 108: Evasion Attack on MNIST dataset
ML 109: Poisoning Labels with SecML
ML 110: Poisoning by Gradients
ML 111: Poisoning the MNIST dataset

Defenses

ML 140: Deep Neural Rejection

Large Language Models

ML 120: Bloom LLM
ML 121: Prompt Engineering Concepts
ML 122: Comparing LLMs on Colab
ML 123: Running Llama 3 Locally
ML 124: Evaluating an LLM with Trulens
ML 126: Building RAGs
ML 127: Encoding Text with BERT
ML 128: Using AnythingLLM to Embed Custom Data
ML 129: Embedding Words with BERT

Lectures

1 Understanding Operational Technology KEY · PDF
2 Fundamentals of OT Systems KEY · PDF

Projects

Scoreboard · Submit Flags · Details

Windows and Linux Machines

IR 100: Windows and Linux Machines20

Operational Technology

OT 100: Modbus (30 pts + 50 extra)
OT 101: OpenPLC (15 pts)
OT 102: Ladder Logic (15 pts)
OT 110: DNP3 (15 pts)
OT 111: DNP3 Protocol (30 pts)
OT 120: FactoryIO (10 pts)
OT 121: Destroying a Factory (25 pts)

Extra Credit Projects

H 201: Google Cloud Linux Server (10 pts extra)
F 60: Cloud Server on Azure (15 pts extra)
F 61: Windows Server on Google Cloud (15 pts extra)
D 7: Windows Server on Mac M1 or M2 (15 pts extra)
D 1: Windows 2022 Server Virtual Machine (15 pts)

Incident Response

Splunk Boss of the SOC

BOTSv1: Threat Hunting with Splunk  325

ATT&CK Matrix v9

Reference: ATT&CK Matrix v9 for Enterprise
ATT 1: ATT&CK Tactics  10
ATT 2: ATT&CK Techniques for Tactics 43, 42, & 1‑3  10
ATT 3: ATT&CK v9 Techniques for Tactics 4-6  10
ATT 4: ATT&CK v9 Techniques for Tactics 7-9  10
ATT 5: ATT&CK v9 Techniques for Tactics 11, 10, and 40  10
ATT 6: ATT&CK v9 Groups  10
ATT 7: ATT&CK v9 Navigator  10 extra

Velociraptor

IR 371: Velociraptor Server on Linux  20 + 5 extra
IR 372: Investigating a PUP with Velociraptor  25 + 15 extra
IR 373: Investigating a Bot with Velociraptor  50 extra
IR 374: Investigating a Two-Stage RAT with Velociraptor  35 extra
IR 370: Installing Velociraptor on Windows  30 extra

Zeek

IR 350: Zeek Interactive Tutorial  15 + 44 extra
IR 351: Installing and Using Zeek  25 extra

Defending Windows

IR 301: Installing Splunk on a Windows Server  15 extra
IR 330: Detecting Ransomware with Splunk and Sysmon  20 extra
IR 303: Capturing RAM from a Process  15 extra
IR 304: VirusTotal & Wireshark  35 extra
IR 305: PacketTotal  45 extra
IR 306: Yara  40 extra
IR 307: Prefetch Forensics  15 extra

Defending Linux Servers

ED 200: Google Cloud Linux Server  15 extra
IR 201: Splunk & Suricata  45 extra
IR 202: Metasploit & Drupalgeddon  85 extra
IR 308: osquery  15 extra

Binary (Extra Credit)

H 101 - 104: Binary Games  40 extra

Networking

H 410: Nmap  40 extra
H 420: Wireshark  110 extra
H 430: Scapy  20 extra

  

Machine Learning

Presentation: AI Workshop Summary

KEY · PPTX· PDF

Understanding Prompts

ML 130: Prompt Injection (25 pts + 60)

Google Learning

GL_Badges: Google Learning (30 pts + 60 or more)

Security Risks

ML 150: OWASP Machine Learning Security Top Ten (15 pts)
ML 151: OWASP Top 10 for LLM Applications (15 pts)
ML 152: Microsoft Copilot Security (15 pts)

Awareness: Demonstrating Capabilities

ML 100: Machine Learning with TensorFlow (20 pts + 45)
ML 101: Computer Vision (10 pts)
ML 102: Breaking a CAPTCHA (10 pts)
ML 103: Deblurring Images (10 pts + 30)

Technical: Inner Components

ML 104: Analyzing Input Data (20 pts)
ML 105: Classification (15 pts + 10)
ML 112: Support Vector Machines (40 pts)
ML 113: Decision Trees (15 pts)
ML 114: Ensemble Learning and Random Forests (15 pts)
ML 115: Dimensionality Reduction (20 pts)
ML 116: k-Means Clustering (30 pts)

Attacks

ML 106: Data Poisoning (10 pts)
ML 107: Evasion Attack with SecML (15 pts + 25)
ML 108: Evasion Attack on MNIST dataset (20 pts + 20)
ML 109: Poisoning Labels with SecML (20 pts + 10)
ML 110: Poisoning by Gradients (15 pts + 15)
ML 111: Poisoning the MNIST dataset (20 pts + 20)

Defenses

ML 140: Deep Neural Rejection (45 pts)

Large Language Models

ML 120: Bloom LLM (15 pts + 15)
ML 121: Prompt Engineering Concepts (20 pts)
ML 122: Comparing LLMs on Colab (10 pts + 10)
ML 123: Running Llama 3 Locally (15 pts)
ML 124: Evaluating an LLM with Trulens (15 pts)
ML 126: Building RAGs (15 pts)
ML 127: Encoding Text with BERT (10 pts)
ML 128: Using AnythingLLM to Embed Custom Data (10 pts)
ML 129: Embedding Words with BERT (40 pts)

ML 125: Jupyter Notebook on a Mac M1 (10 pts)

Generating Code

ML 160: GitHub Copilot (15 pts)
ML 161: Codeium (15 pts)
ML 131: Generating Python Code with Gemini (40 pts)
Violent Python Challenges (extra)

Quantum Computing

C 510: Quantum Computing (20 pts)
ML 170: Modeling Chemical Reactions with ML and Quantum Computing (10 pts)

Kolmogorov-Arnold Networks (KANs)

ML 180: Fitting Polynomials to Data (30 pts)
ML 181: B-Splines for Kolmogorov-Arnold Networks (KANs) (15 pts)

Attack References

It's disturbingly easy to trick AI into doing something deadly
GhostStripe attack haunts self-driving cars by making them ignore road signs
MadRadar hack can make self-driving cars 'hallucinate' imaginary vehicles and veer dangerously off course
Two big computer vision papers boost prospect of safer self-driving vehicles

References

SecML: Secure and Explainable Machine Learning in Python
ChatGPT Prompt Engineering for Developers
Prompt Engineering Guide
Google's Generative AI learning path
A jargon-free explanation of how AI large language models work

Pinecone Makes Accurate, Fast, Scalable Generative AI Accessible to Organizations Large and Small with Launch of its Serverless Vector Database

Pinecone Vector Database
Free Training Building Applications with Vector Databases

The Databricks Data Intelligence Platform
Attention in transformers, visually explained

  

Last Updated: 12-9-24 9 am