Practical Industrial Control System Penetration Testing
- Description
- Curriculum
- FAQ
- Reviews
Hacking ICS/OT on shodan or in your own company? Better not!
I believe that the best way to learn is with practical experience. ICS/OT Security is a new and important skill for all technicians and engineers working on industrial control systems. There are quite a few open source tools that can be used to investigate the cyber security of industrial control systems, but unfortunately there is no suitable training opportunity.
For learners of IT pentesting, there are plenty of opportunities like HackTheBox or VulnHub, where pentest tools and hacking skills can be tried out. Training platforms with ICS focus either don’t exist or come in the form of a boring seminar with over 1000€ participation fee.
In this workshop you will learn important pentest tools from Kali and open source tools and you can try them out in 6 interactive simulations of industrial controllers. Of course the simulations are not perfect, so I will show you the tools and techniques on two real PLCs.
The workshop has a high practical part and encourages you to participate! There are more than 30 exciting tasks waiting for you, with which you can deepen your skills bit by bit!
Important: The pentesting of ICS cannot be compared to the typical pentesting of the IT world. Industrial plants need to be continuously available and hardly any plant operator wants to risk a production stop. Typically, security testing is performed at the lowest or second lowest aggressiveness level. So if you are hoping to pwn your device with buffer overflows, kernel exploits, privilege escalation and root shells, you are in the wrong place.
Are you interested in security analysis of ICS and do you already have basic knowledge of industrial cyber security? Then this is the right place for you!
Are you currently studying for the (CEH) Certified Ethical Hacker? From v12 on knowledge in OT is required! This course offers you a hands-on introduction to understand the typical vulnerabilities of OT hardware!
Curious about safeguarding of ICS/OT devices? Join my course Assessing and Protecting Industrial Control Systems.
Please note that the software used is not mine. I can only offer limited assistance in case of problems. Please contact the publisher of the software for help. The installation instructions were created to the best of my knowledge, but the responsibility for the installation lies with the participants.
-
1Welcome and Introduction to the WorkshopVideo lesson
-
2IT x OTVideo lesson
-
3ICS are easy targets for attackersVideo lesson
-
4Typical ICS Attack SurfaceVideo lesson
-
5Default credentials and exposed ICS webserversVideo lesson
-
6Typical OT Pentest Scenarios and Focus of this WorkshopVideo lesson
-
7Classification of a PentestVideo lesson
-
8Understanding Security Goals of IT and OTVideo lesson
-
9IPv4 Address and SubnettingVideo lesson
-
16Welcome to Setting up your ICS LabVideo lesson
-
17Introduction to your Lab and Virtual MachinesVideo lesson
-
18Installation of Virtual BoxVideo lesson
-
19Downloading the Kali Linux VMVideo lesson
-
20Installation of Ubuntu ServerVideo lesson
Please ensure to download Ubuntu server 22.04
-
21Setting up the ICS SimulationsVideo lesson
-
22Setting up Kali Linux and installation of open source toolsVideo lesson
-
23Welcome to Brief Overview of your Pentest PlatformVideo lesson
-
24Starting a simple honeypot and Kali LinuxVideo lesson
Please ensure typing the command to start honeypots without spaces between the services!
sudo python3 -m honeypots --setup telnet,http,smb,vnc,snmp -
25Host discovery with netdiscoverVideo lesson
-
26Fingerprinting with nampVideo lesson
-
27Enumeration with snmp-checkVideo lesson
-
28Metasploit: The Pentesters ToolkitVideo lesson
-
29Open source toolsVideo lesson
-
30Welcome to S7 PLC Simulation 1 and preparation of the VMVideo lesson
-
31Shodan taskVideo lesson
-
32Shodan solutionVideo lesson
-
33Google Dorks TaskVideo lesson
-
34Google Dorks SolutionVideo lesson
-
35Default credentials taskVideo lesson
-
36Default credentials solutionVideo lesson
-
37Starting the simulation and host discovery taskVideo lesson
-
38Host discovery solutionVideo lesson
-
39nmap taskVideo lesson
-
40nmap solutionVideo lesson
-
41Snmp enumeration taskVideo lesson
-
42Snmp enumeration solutionVideo lesson
-
43Welcome to S7 PLC Simulation 2Video lesson
-
44Starting the simulation and host discovery taskVideo lesson
-
45Host discovery solutionVideo lesson
-
46nmap taskVideo lesson
-
47nmap solutionVideo lesson
-
48nmap NSE taskVideo lesson
-
49nmap NSE solutionVideo lesson
-
50plcscan taskVideo lesson
-
51plcscan solutionVideo lesson
-
52Search exploits in metasploit and exploit DBVideo lesson
-
53Adding external exploits to the metasploit frameworkVideo lesson
-
54Attacking the simulation taskVideo lesson
-
55Attacking the simulation solutionVideo lesson
-
56SiemensScanVideo lesson
-
61Welcome to Gas Station Controller SimulationVideo lesson
-
62Shodan taskVideo lesson
-
63Shodan solutionVideo lesson
-
64Starting the simulation and host discovery taskVideo lesson
-
65Host discovery solutionVideo lesson
-
66nmap taskVideo lesson
-
67nmap solutionVideo lesson
-
68nmap NSE taskVideo lesson
-
69nmap NSE solutionVideo lesson
-
70OSINT taskVideo lesson
-
71OSINT solutionVideo lesson
-
72Attack taskVideo lesson
-
73Attack solutionVideo lesson
-
74Welcome to Modbus PLC Simulation 1Video lesson
-
75Shodan search taskVideo lesson
-
76Shodan search solutionVideo lesson
-
77Google dorks taskVideo lesson
-
78Google dorks solutionVideo lesson
-
79Default credentials taskVideo lesson
-
80Default credentials solutionVideo lesson
-
81Starting the simulation and host discovery taskVideo lesson
-
82Host discovery solutionVideo lesson
-
83nmap taskVideo lesson
-
84nmap solutionVideo lesson
-
85Finding metasploit modules taskVideo lesson
-
86Finding metasploit modules solutionVideo lesson
-
87Running metasploit modules against the target taskVideo lesson
-
88Running metasploit modules against the target solutionVideo lesson
External Links May Contain Affiliate Links read more