Jim Gilsinn and Bryan Singer, from Kenexis, will be teaching one of the advanced training courses at the S4x15 conference, titled “Why Does the Red Team Get All the Fun?” (http://www.cvent.com/events/s4x15-week/custom-22-6527b763e4b94569a3612510327b7278.aspx) This class will allow students to participate in an industrial control system (ICS) cyber security red/blue exercise during the course. The emphasis will be on how to defend a system against an attacker using different techniques.

The course will start with some basic instruction on different attack and defense techniques and tools. This class will not provide an in-depth look at any specific tools, but will try to present the students with a useful set and give them some basic instruction on how they can be used.

After that, the students will participate in a live red/blue exercise. Kenexis will be bringing along with us 5 fully-operational, portable ICS laboratories. The students will be randomly divided into red and blue teams and assigned to a particular lab system, with 2-3 students per side per lab.

Due to the short time scale of this training class, the assumption will be that the red team has already gained access to the ICS network through the external network defenses. The red team will be given a network cable connected to the control system’s network switch and presented with an end goal. A series of challenges will be laid out for the red team that will generally follow a reconnaissance, compromise, and attack process, although they will not be absolutely required to follow these series of challenges.

While the red team is trying to attack the control system, the blue team will be performing a series of tasks to monitor and report on the performance of the system. If the blue team detects an attack in process, they will have to prevent it as best they can. Their end goal will be to keep the control system up and running.

At the end of the red/blue exercise, the students will be brought back together. The red teams will be asked to present what they tried and how well it worked, and the blue teams will be asked to present what they detected and how they prevented the attacks. After that, the students will be given time to experiment with some of the different techniques presented by the other students and others described by the instructors.

Each of the students will receive bootable USB installations of Kali Linux and Security Onion Linux distributions.