Tuesday September 19 : 1300 – 1500
In this course, get hands on experience with the BACnet protocol in a simulated server room cooling system to understand how to attack and harden one of the most common building automation system (BAS) protocols. After completing this course you will be able to:
· Explore building automation systems in Shodan
· Run nmap scripts to enumerate BACnet devices
· Set up a rogue BACnet master to read process data and send commands
· Fuzz BACnet servers to check for vulnerabilities
· Write Suricata/Snort content rules to detect suspicious BACnet activity
· Set up a basic BACnet honeypot to study attacker behavior
Duration: ~2 hours
Requirements: Attendees must have a laptop with either Chrome or Firefox installed. Some Linux knowledge is helpful but not required.
Your Trainer
