Explore the worlds best online cybersecurity training with OnDemand - view a Demo Today!


To attend this webcast, login to your SANS Account or create your Account.

Demonstration of an ICS attack chain using non-technical exploitation techniques

  • Thursday, December 13th, 2018 at 1:00 PM EDT (18:00:00 UTC)
  • Conor Leach and Jackson Evans-Davies
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • Honeywell International

You can now attend the webcast using your mobile device!


In industrial environments segmentation between IT and OT systems is paramount. It is no longer enough to perform network segmentation alone; instead, domain, application, and platform segmentation is equally as important. Attackers are exploiting domain trusts, credential re-use, and shared management applications which creates attack chains with non-traditional exploitation.


In this webinar, we will be enumerating and exploiting the IT/OT boundary by focusing on its a feature, not a bug. In our Offensive Security lab, Honeywell will demonstrate an attack chain which includes the following:

  • Initial foothold on the enterprise network via external spear-phishing
  • Perform an internal spear-phish attack called email pivoting
  • Hook Microsoft Outlook to enumerate the ICS network
  • Use non-technical methods (users) to exploit the IT/OT boundary
  • Inject and deploy a malicious update via Microsoft Windows Software Update Services (WSUS)

Join us on Dec 13 1pm EST to follow an attack chain where we exploit the users of the fictitious m2generation.com while using non-traditional tactics and techniques.

Speaker Bios

Connor Leach

Connor is a Senior Penetration Tester with the Honeywell Industrial Cybersecurity (HICS) team. A graduate of Computer Engineering Technology from Conestoga College, Connor is also an Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), GIAC Penetration Tester (GPEN), Cisco Certified Network Professional (CCNP), and VMware Certified Professional (VCP).

Connor has over 9 years of experience providing offensive and defensive consulting to industrial clients, including penetration testing, blue team preparation, security research of industrial software and hardware, and securing industrial environments.

Jackson Evans-Davies

Jackson is a Penetration Tester with Honeywell Industrial Cybersecurity (HICS) team and has been employed with Honeywell for over 8 years. Jackson graduated with a diploma in Network Engineering Technogym (NET) and a bachelor’s degree in Computer Network Management (BAIST) in 2011 from the Northern Alberta Institute of Technology (NAIT), located in Edmonton, Alberta, Canada.

Jackson began working with HICS as a Project Specialist, primarily as a network and domain consultant. Over the years, Jackson strengthened his network knowledge by achieving Cisco certifications CCNA and CCNA-Security. 

In recent years, Jackson has shifted his focus to Offensive Security which includes Penetration Testing and Red Teaming engagements. To gain appropriate Offensive Security knowledge and experience, Jackson successfully completed the SANS - GPEN training and exam which certified him as a GIAC Penetration Tester. He also achieved his Offensive Security Certified Professional (OSCP).

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.