CSIP
(Cyber Scheme IoT/ICS Practitioner)
Exploitation Training and Assessment for Practitioner Pen Testers and Engineers
Upcoming training course and assessment dates for 2024:
JUNE 24th – 27th | JULY 23rd – 26th | AUG 20th -23rd
Learn essential practical skills with this groundbreaking course, and test your competence with the related practical assessment
Training
The Cyber Scheme’s new CSIP Practitioner Training Course and associated practical assessment have been developed to teach candidates the skills to securely test and assess connected systems and devices in consumer, industrial, and critical infrastructure environments.
CSIP is designed for beginner-intermediate level security professionals, whether they are engineers, technicians, analysts, or penetration testers. It is assumed that attendees will have little or no knowledge of ICS, SCADA, or IOT.
This practical, classroom based course is run by our IoT/OT Subject Matter Expert Alex Teague PCSP.
Alex began his career in Web Development and UX/UI Design and Application Development, progressing to a role in HM Government and subsequently focussing on Operational Technologies, with a particular focus on Automotive Applications. Alex is also a trained and approved Assessor for the Cyber Scheme, and a Principal Registrant with the UK Cyber Security Council.
Alex will teach each and every candidate to be a confident, skilled, well rounded IoT/OT professional with proven and tested skills in commercial and industrial theatres. The small group format has a practical and technical bias, and allows lots of time for Q & A, helping candidates navigate complex technical topics.
This four day, in-person course covers the range of expertise and the skill sets needed to fully understand, and act on, vulnerabilities found within an IoT or OT environment, and teaches a range of practical skills which can be used in multiple scenarios. It offers a concise combination of traditional hacking/pen testing methodology and the hacking of hardware as well as a focus on the practicalities of consulting within an IoT/OT environment, rather than solely concentrating on the technical aspects of a test.
Candidates will complete this course as self-sufficient, billable consultants, able to detect and advise on vulnerabilities independently of senior consultants. Having an IoT/OT expert on hand, whether as a full time employee on the factory floor or as an independent consultant, is an essential addition to an offensive security team, providing the ability to exploit and/or assess infrastructure not covered by traditional pen testing services.
Topics to be covered include:
- Understanding IoT & OT Ecosystems
- Edge Devices
- The Cyber Kill Chain
- Common Vulnerabilities in IoT and OT Technologies
- The CAN Protocol
- Passive & Active Assessment Of OT Environments & Special Considerations
- The Devices Found Within ICS Environments
- Assessment and Exploitation Of Exclusive Virtualised Factory
- UART
- JTAG
- Reverse Engineering Firmware.
Practical sessions:
- Attacking MQTT.
- Car Hacking.
- CAN Injection
- Obtaining A Shell Via UART.
- Firmware Extraction Via JTAG.
- Code Analysis:
- Logic Flaws.
- Command Injection.
- Exploitation Of Virtualised Factory.
- Abusing Anti-Rollback And Firmware Validation Mechanisms.
- OSINT On
- Devices
- Components.
Recommended Reading:
There are many helpful introductions to ICS and IoT resources on YouTube. Please take the time to familiarise the subject, as well as read all the resources we have provided here, before attending the course.
In addition, we recommend that you read the NIST Guide to Operational Technology Security here.
Assessment
Candidates will be assessed on the final afternoon of the training course. The assessment will encompass a two hour practical exam covering the enumeration and exploitation of IoT hardware and ICS (in a virtualised factory scenario).
Candidates must be able to demonstrate:
• An understanding of the fundamental principles of electrical engineering.
• An understanding of passive analysis techniques and when to apply them.
• Ability to accurately record and research information about their targets using a mix of offline and online resources.
• Ability to identify and leverage Hardware Debug Interfaces.
• Ability to increase on device capability and enumerate targets.
• Ability to classify devices in an ICS network against the purdue model.
• Knowledge of the type of devices likely found in an ICS environment.
• An understanding of the Modbus protocol.
• Ability to leverage Modbus to alter logic in ICS applications.
Successful completion of the assessment will be certified by The Cyber Scheme and a CSIP certificate issued by our IoT Assessor Alex Teague PCSP. This will provide a pathway to more advanced IoT hacking courses and assessments currently in development.
Why should you learn IoT/ICS skills with The Cyber Scheme?
The Cyber Scheme have many years’ experience of creating and assessing technical candidates in real-world situations that mimic actual testing environments as closely as possible. We have translated this experience into a comprehensive IoT/OT hacking course using the same principals. Our course has been written by, and will be delivered by, subject matter experts with experience in both traditional hacking techniques and those employed specifically in IoT/OT environments. We use real hardware, and real techniques; we believe it would be impossible to self-learn the techniques and skills required due to the wide areas of expertise covered, and we include supervised practicals mentored by course leaders. Our certification will be recognised within our industry as Best Practice alongside the assessments we already manage for the CHECK Scheme and Cyber Advisor. As a Licensed Body for the UK Cyber Security Council, we are embedding this training course into the route to Chartership for cybersecurity professionals aiming to gain recognition within their specialism.
What makes this course different?
The IoT training space currently revolves around two learning models; background information and academic learning on what IoT/OT is (with no practical learning element), and lab-based technical sessions which do not take into account the fragility of real-world machinery and legacy systems. Try Googling ‘IoT’ or ‘OT’ training course and it becomes apparent very quickly that there is a lack of practical testing content available, either within academic settings or within commercial training courses. Theory-based learning and sessions within sterile lab settings will not mimic real world scenarios; this course addresses the reality of undertaking a security assessment prior to undertaking any technical hacking. How have the engineers connected existing devices? How fragile is the equipment and how easy will it be to break – and what are the repercussions of that? What should the post-test report consist of, and what advice can be given? These consultative skills can be used across multiple scenarios, giving our candidates the best chance of success in their careers, regardless of the environment they are working in.
Our intensive series of training sessions takes place over four days in our assessment centre in central Cheltenham. To ask any questions not covered below, or to book a place please click the button at the top of this page.
Please contact us for detailed information on pricing. Discounts are given for bookings of two or more candidates.