4 – 6 Dec, 2019 Singapore Open for registration
Click here
22 – 24 Oct, 2019 Singapore Registration Full
11 – 13 Sep, 2019 Singapore CSA X NSHC training
28 – 30 Aug, 2019 Seoul, Korea NSHC initiative
4 – 5 Feb, 2019 Japan IPA: Information-technology Promotion Agency

Offensive ICS/OT Cybersecurity Training

ICS/SCADA system controls most of the critical infrastructures today. The system may seem safe due to its OT nature or the latest patching technology, but it is still penetrable. One should truly understand how to penetrate, in order to find out effective ways to defend.

Students will learn the components and architecture,latest threat information, and how to pen-test ICS/SCADA system. Actual field devices and ICS/SCADA simulation will be utilized to teach zero-day vulnerabilities found on ICS/SCADA related product and how to find zero day vulnerabilities.

Why Advanced ICS/SCADA Security Training?

Learn how hackers discover vulnerabilities in ICS/SCADA 

Identify and analyze existing zero-day vulnerabilities found on ICS

Understand wide range of ICS fundamentals and case studies

Gain offensive techniques in compromising ICS facilities

Weigh the benefit and cost of patching the facilities

Secure the IT & OT area

Unique Strengths

Hands-On Kit

Trainees are offered with hands-on kit where they can use to hack the system and understand offensive point of view

Localized Training

Our training is customized to fit into
the local context for better understanding

Impact Visualization

Utilizing our very own simulation test-bed
with PLC and HMI used in real world scenario

Red Alert’s Analysis Report

Training also provides detailed report made by NSHC’s professional researchers

Who should take this training?

OT Facility Managers or staffs with basic network and system knowledge

IT Team or Cybersecurity Teams

OT Engineer who work with industrial network or SCADA software

System/Network Admin for ICS/OT facility

Security Researchers with interest in ICS/OT

Standard Curriculum

TopicsLearning Outcome
1. ICS/SCADA Introduction & Case Study– Recap on the basics learnt regarding ICS/SCADA with few additional case studies in mind
2. ICS Attack Surfaces & Scanning – Reveal Internet Connected System Whether It is Intended or Not
– How the Web Hacking Applied to ICS/SCADA System
3. ICS System Vulnerabilities– Figure out What Kind of Vulnerabilities are Exist in ICS/SCADA
– How It Could be Used by the Hacker
4. Fuzzing the PLC Software– How to Find Vulnerability of ICS/SCADA Software
– Possible to Find the Vulnerability First then Patch Before the Hacker Uses
– Best practice for Engineers to self-examine and test fuzzing themselves on their own software.
5. ICS Network Protocol Vulnerabilities– Understand How Many Vulnerabilities are Existed on Protocol and How It Works
– How to Validate the Vulnerabilities on the Protocol to Harden the ICS/SCADA Network Monitoring on Specific Traffic Used by Protocol Vulnerabilities
6. Malware Injection to Control System– Figure out that We Can Not Rely on Anti-Virus Engine and Security Solution
– There is No Effective Defense Mechanism. Only White List Based Will be the Protection
– Understand How the Actual Attack is an Elaborate Work
7. Bypass Airgap using Bad DNS– Learn the Importance of Why DNS Server Should be Removed from Internal Network
8. ICS/SCADA Network Analysis for Incident Response– Understand How the Hacker Approach to ICS/SCADA System
– Figure out Any Suspicious Activity on Network Traffic
– Through the network packet analysis on this session, they will figure out what kind of attack pattern will be deployed. Trainee could apply the protection to their network based on these pattern
9. Bypass Airgap using Radio Frequency– How Easily Does Radio Frequency Conducted
– Get Everything in Readiness Against Radio Frequency Attack
10. Bypass Airgap using Bad USB– Figure out that We Can Not Rely on Anti-Virus Engine and USB Security Solution
– How Creative Attack the Hacker Uses
– Need to Block the USB Port Physically


e.g. 1234F