|
Class Description
Critical infrastructure like water treatment plants and air traffic control towers are under constant attack by hostile nations, and securing them is a national priority. This workshop covers industrial automation systems, network security monitoring, incident response, and machine learning. Participants will perform many hands-on projects configuring systems, attacking them, and defending them.
All class materials are freely available on the Web and may be easily used in other classes.
Pre-requisites
Participants should understand networking at the Network+ level.
At-home computer requirements
Participants should have a computer with at least two monitors, so they can easily read instructions while performing projects.
Three specific goals
- Identify the main Operational Technology network protocols and their weaknesses
- Detect intrusions and respond effectively to them
- Build machine learning systems and defend them
Reference
NIST SP 800-82r3: Guide to Operational Technology (OT) Security (free)
|
Schedule |
Tue, Dec 10 | |
Operational Technology
Preparing Windows and Linux Servers
Implementing Modbus
Configuring OpenPLC
Using Ladder Logic
Examining DNP3 Traffic
Simulating a factory with FactoryIO
Destroying a factory with Metasploit
Network Security Monitoring
Threat Hunting with Splunk
|
|
Wed, Dec 11 | |
Incident Response
Threat Intelligence
The ATT&CK Matrix
Threat Hunting
Using Zeek to analyze network traffic
Detecting ransomware with Splunk and Sysmon
Analyzing Attacks
Using Velociraptor
Using VirusTotal
Using Yara to classify files
Prefetch forensics to identify recent processes
Network Forensics
Using Nmap to identify network processes
Analyzing an attack with Wireshark
Packet crafting with Scapy
Using Packettotal to analyze network malware
|
|
Thu, Dec 12 | |
Machine Learning
Understanding Prompts
ML 130: Prompt Injection
Google Learning
GL_Badges: Google Learning
Security Risks
ML 150: OWASP Machine Learning Security Top Ten
ML 151: OWASP Top 10 for LLM Applications
ML 152: Microsoft Copilot Security
Awareness: Demonstrating Capabilities
ML 100: Machine Learning with TensorFlow
ML 101: Computer Vision
ML 102: Breaking a CAPTCHA (
ML 103: Deblurring Images
Technical: Inner Components
ML 104: Analyzing Input Data
ML 105: Classification
ML 112: Support Vector Machines
ML 113: Decision Trees
ML 114: Ensemble Learning and Random Forests
ML 115: Dimensionality Reduction
ML 116: k-Means Clustering
Attacks
ML 106: Data Poisoning
ML 107: Evasion Attack with SecML
ML 108: Evasion Attack on MNIST dataset
ML 109: Poisoning Labels with SecML
ML 110: Poisoning by Gradients
ML 111: Poisoning the MNIST dataset
Defenses
ML 140: Deep Neural Rejection
Large Language Models
ML 120: Bloom LLM
ML 121: Prompt Engineering Concepts
ML 122: Comparing LLMs on Colab
ML 123: Running Llama 3 Locally
ML 124: Evaluating an LLM with Trulens
ML 126: Building RAGs
ML 127: Encoding Text with BERT
ML 128: Using AnythingLLM to Embed Custom Data
ML 129: Embedding Words with BERT
|
|
Lectures
1 Understanding Operational Technology
KEY ·
PDF
2 Fundamentals of OT Systems
KEY ·
PDF
|
|