Advanced SCADA/ICS/OT Hacking and Security

Stay at the forefront of the cybersecurity field by enrolling in Advanced SCADA/ICS/OT Hacking and Security course! This training will equip you with the tools and insights needed to address the unique cybersecurity needs of SCADA/ICS/OT systems.

Enroll now

Course Description

This course focuses on Advanced SCADA and ICS security, teaching how industrial systems communicate and how they can be analyzed and tested. Students will learn how reconnaissance is performed in industrial networks, including how to read and interact with values in PLCs, sensors, and controllers using both common and advanced SCADA protocols. The training covers SCADA architecture and how different components exchange and log data. Students will also build a basic industrial honeypot to support early detection and skill development. In addition, the training explores real-world SCADA attacks, including analysis of malware used in those incidents and an introduction to firmware reverse engineering and credential extraction.

Labs demonstrate how different attack vectors can impact industrial environments, showing how even simple techniques may lead to significant consequences. The course concludes with realistic scenarios simulating the compromise of a natural gas power generation environment to reinforce practical understanding.

Why it’s important

SCADA and ICS environments are becoming more important targets as industrial systems face increasing attention from criminal groups and state-backed actors. Understanding how these systems work, how protocols expose operational data, and how attackers may move through them is essential for improving resilience. This course helps students build the technical awareness needed to identify weak points, recognize suspicious activity earlier, and strengthen industrial defenses before real incidents occur.

Real-world relevance

The knowledge gained in this course applies directly to industrial operations, critical infrastructure protection, security monitoring, incident response, and threat analysis. Students will see how protocol knowledge helps in both defense and assessment, how honeypots can support detection and research, and how industrial environments can be studied safely in a lab to better prepare for real-world threats.

Learning Objectives & Outcomes

By the end of this course, students will be able to understand SCADA system architecture, identify and analyze common industrial protocols, inspect values from PLCs, sensors, and controllers, and recognize how industrial systems exchange information. They will also gain skills in honeypot design, basic firmware reverse engineering, credential extraction awareness, and malware analysis as it relates to SCADA/ICS threats. In addition, students will learn how to evaluate recent industrial attacks and understand the kinds of attack vectors that are commonly discussed in modern SCADA security research.

Who this course is for

This course is intended for industrial security professionals, OT security engineers, SOC analysts working with critical infrastructure, incident responders, threat researchers, red and purple team members, and technical staff responsible for SCADA or ICS environments. It is also suitable for learners who want to understand how industrial systems operate and how attackers and defenders approach them differently.

Prerequisites or Tools Needed

Students should have a basic understanding of networking, Windows and Linux systems, and general cybersecurity concepts. Familiarity with industrial operations is helpful. A laptop capable of running virtual machines is recommended.

Course Format and Structure

The course combines lecture, demonstration, and lab work. Students will first learn the theory behind industrial systems and protocols, then apply that knowledge in exercises that reinforce observation and analysis. The teaching style is practical with an emphasis on understanding how systems behave and how defenders can gather insight from those behaviors.

Time Commitment

Typically, this course can be completed in about five to seven days, combining classroom instruction with lab work. If additional time is needed for deeper exploration or a slower pace, the course can be extended to up to 10 days.

Course curriculum

1. 1 Introduction
2. 2 Reconnaissance with SHODAN
3. 3 Reading PLC Values on LIVE Systems
4. 4 Modifying Values on LIVE Systems
5. 5 Advanced Protocols Part I
6. 6 Reconnaissance with Censys
7. 7 Gathering Information on LIVE Systems
8. 8 Advanced Reconnaissance
9. 9 Advanced Protocols Part II
10. 10 Advanced Protocols Part III
11. 11 Advanced Protocols Part IV
12. 12 Zero-Day in SCADA Systems Part I
13. 13 Zero-Day in SCADA Systems Part II
14. 14 Advanced Protection Strategies
15. 15 Real Cases Analysis
16. 16 IEC-104 on Metasploit
17. 17 Hands-On Lab Part I
18. 18 Hands-On Lab Part II
19. 19 Hands-On Lab Part III
20. 20 SCADA Honeypot Part I
21. 21 SCADA Honeypot Part II
22. 22 SCADA Honeypot Part III
23. 23 Physical Security in SCADA Systems
1. 1 Introduction to Advanced SCADA ICS OT Part II
2. 2 Purdue Model
3. 3 Finding ICS Devices Online Part I
4. 4 Finding ICS Devices Online Part II
5. 5 Advanced Protocols Profinet
6. 6 Profinet Lab Analysis
7. 7 Hacking Lab Targeting to Profinet
8. 8 Hacking SCHNEIDER ELECTRIC
9. 9 Advanced Protocols DNP3
10. 10 DNP3 Lab Analysis
11. 11 Hacking Lab Targeting DNP3
12. 12 Advanced Protocols OPC Analysis
13. 13 Hacking Lab Targeting to OPC
14. 14 Advanced Protocols HART
15. 15 HART Lab Analysis
16. 16 Hacking Lab Targeting HART
17. 17 Advanced Protocols MQTT
18. 18 OWASP IoT and IIoT
19. 19 Hacking Into a Natural Gas Power Generation Plant Part I
20. 20 Hacking Into a Natural Gas Power Generation Plant Part II
21. 21 Hacking Into a Natural Gas Power Generation Plant Part III
22. 22 Recent SCADA Vulnerabilities Part I
23. 23 Recent SCADA Vulnerabilities Part II
24. 24 Recent SCADA Vulnerabilities Part III