Reference: NIST SP 800-82r3
Guide to Operational Technology
(OT) Security (free)

Securing Critical Infrastructure

Sam Bowne

Workshop Description

Critical infrastructure like water treatment plants and air traffic control towers are under constant attack by hostile nations, and securing them is a national priority. This workshop covers industrial automation systems, network security monitoring, incident response, and machine learning. Participants will perform many hands-on projects configuring systems, attacking them, and defending them.

Introduction: KEY · PDF

Projects

Scoreboard · Submit Flags · Details

Windows and Linux Machines

Recommended Systems

IR 100: Windows and Linux Machines (20 pts)

Alternative Systems

H 201: Google Cloud Linux Server (10 pts)
F 60: Cloud Server on Azure (15 pts)
F 61: Windows Server on Google Cloud (15 pts)
D 1: Windows 2022 Server Virtual Machine (15 pts)

Operational Technology

OT 100: Modbus (30 pts + 50 extra)
OT 101: OpenPLC (15 pts)
OT 102: Ladder Logic (15 pts)
OT 110: DNP3 (15 pts)
OT 111: DNP3 Protocol (30 pts)
OT 120: FactoryIO (10 pts)
OT 121: Destroying a Factory (25 pts)
OT 130: MITRE ATT&CK Matrix for ICS (20 pts)

Incident Response

Splunk Boss of the SOC

BOTSv1: Threat Hunting with Splunk  325

Velociraptor

IR 371: Velociraptor Server on Linux  20 + 5 extra
IR 372: Investigating a PUP with Velociraptor  25 + 15 extra
IR 373: Investigating a Bot with Velociraptor  50 extra
IR 374: Investigating a Two-Stage RAT with Velociraptor  35 extra
IR 370: Installing Velociraptor on Windows  30 extra

Zeek

IR 350: Zeek Interactive Tutorial  15 + 44 extra
IR 351: Installing and Using Zeek  25 extra

Defending Windows

IR 301: Installing Splunk on a Windows Server  15 extra
IR 330: Detecting Ransomware with Splunk and Sysmon  20 extra
IR 303: Capturing RAM from a Process  15 extra
IR 304: VirusTotal & Wireshark  35 extra
IR 305: PacketTotal  45 extra
IR 306: Yara  40 extra
IR 307: Prefetch Forensics  15 extra

Defending Linux Servers

ED 200: Google Cloud Linux Server  15 extra
IR 201: Splunk & Suricata  45 extra
IR 202: Metasploit & Drupalgeddon  85 extra
IR 308: osquery  15 extra

Binary (Extra Credit)

H 101 - 104: Binary Games  40 extra

Networking

H 410: Nmap  40 extra
H 420: Wireshark  110 extra
H 430: Scapy  20 extra

Scores from Winter Working Connections 2024

Last Updated: 4-27-25 5:15 pm