Group Purchasing
Group Purchasing

WORKSHOP | NEW TO ICS/OT | Introduction to ICS Malware Analysis - References

WORKSHOP | NEW TO ICS/OT | Introduction to ICS Malware Analysis - References (PDF, 0.07MB)Last updated: 09 Jun, 2026
Presented by:
Jimmy Wylie
Jimmy Wylie

This hands-on workshop provides a foundational understanding of ICS/OT malware: how it's categorized, how it works and how to begin analyzing it. Topics include a brief history of ICS malware, the types of ICS malware, and a focused look at control protocol malware such as FrostyGoop. Students will complete beginner-friendly malware analysis labs to learn how to analyze “unknown” malware and identify targeted ICS protocols and manipulated process values. Target Audience: Security professionals interested in malware analysis or ICS/OT protocols. No prior reverse engineering experience is required. Attendees should be comfortable with general security concepts, command-line usage, Linux, and Wireshark. Attendees should bring a laptop capable of running an x86-64 virtual machine. Learning Outcomes: - Understand the categories of ICS malware and how control protocol malware  differs from traditional malware threats. - Use dynamic analysis to identify the industrial protocol targeted by an unknown malware sample. - Perform introductory static analysis of decompiled code.

SANS ICS Security Summit 2026