Practical Industrial Control System Penetration Testing

Published 3/2023
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 1.24 GB | Duration: 2h 12m

PICSPT - Your practical and offensive workshop for newcomers to ICS/OT Security 2023

What you'll learn
Show your pentest skills on 6 interactive industrial controller simulations
Build your own ICS pentest platform with open source tools
NO exploits, privilege escalation nor root shells
Learn the typical attack surfaces of an ICS
Workshop with high practical part with more than 30 tasks

Don't be afraid to use the Linux command line!
No licenses needed. All tools are open source!
Windows 10 system with 8GB RAM and virtualization enabled.
Basic knowledge or interest in industrial process automation.

Hacking ICS/OT on shodan or in your own company? Better not!I believe that the best way to learn is with practical experience. OT Security is a new and important skill for all technicians and engineers working on industrial control systems. There are quite a few open source tools that can be used to investigate the cyber security of industrial control systems, but unfortunately there is no suitable training opportunity.For learners of IT pentesting, there are plenty of opportunities like HackTheBox or VulnHub, where pentest tools and hacking skills can be tried out. Training platforms with ICS focus either don't exist or come in the form of a boring seminar with over 1000€ participation fee.In this workshop you will learn important pentest tools from Kali and open source tools and you can try them out in 6 interactive simulations of industrial controllers. Of course the simulations are not perfect, so I will show you the tools and techniques on two real PLCs.The workshop has a high practical part and encourages you to participate! There are more than 30 exciting tasks waiting for you, with which you can deepen your skills bit by bit!Important: The pentesting of ICS cannot be compared to the typical pentesting of the IT world. Industrial plants need to be continuously available and hardly any plant operator wants to risk a production stop. Typically, security testing is performed at the lowest or second lowest aggressiveness level. So if you are hoping to pwn your device with buffer overflows, kernel exploits, privilege escalation and root shells, you are in the wrong place.Are you interested in security analysis of ICS and do you already have basic knowledge of industrial cyber security? Then this is the right place for you!Are you currently studying for the (CEH) Certified Ethical Hacker? From v12 on knowledge in OT is required! This course offers you a hands-on introduction to understand the typical vulnerabilities of OT hardware!Please note that the software used is not mine. I can only offer limited assistance in case of problems. Please contact the publisher of the software for help. The installation instructions were created to the best of my knowledge, but the responsibility for the installation lies with the participants.

Section 1: Basics
Lecture 1 Welcome and Introduction to the Workshop
Lecture 2 IT x OT
Lecture 3 ICS are easy targets for attackers
Lecture 4 Typical ICS Attack Surface
Lecture 5 Default credentials and exposed ICS webservers
Lecture 6 Typical OT Pentest Scenarios and Focus of this Workshop
Lecture 7 Classification of a Pentest
Lecture 8 Understanding Security Goals of IT and OT
Lecture 9 IPv4 Address and Subnetting
Section 2: Offensive OSINT
Lecture 10 Welcome to the section
Lecture 11 Default credentials in ICS
Lecture 12 Google Dorks for finding exposed ICS
Lecture 13 Shodan
Lecture 14 Find and scan public IP Address Ranges with Shodan
Lecture 15 Hunt for vulnerabilities with CISA
Section 3: Setting up your ICS Lab
Lecture 16 Welcome to the section
Lecture 17 Introduction to your Lab and Virtual Machines
Lecture 18 Installation of Virtual Box
Lecture 19 Downloading the Kali Linux VM
Lecture 20 Installation of Ubuntu Server
Lecture 21 Setting up the ICS Simulations
Lecture 22 Setting up Kali Linux and installation of open source tools
Section 4: Brief overview of your pentest platform
Lecture 23 Welcome to the section
Lecture 24 Starting a simple honeypot and Kali Linux
Lecture 25 Host discovery with netdiscover
Lecture 26 Fingerprinting with namp
Lecture 27 Enumeration with snmp-check
Lecture 28 Metasploit: The Pentesters Toolkit
Lecture 29 Open source tools
Section 5: S7 PLC Simulation 1
Lecture 30 Welcome to the section and preparation of the VM
Lecture 31 Shodan task
Lecture 32 Shodan solution
Lecture 33 Google Dorks Task
Lecture 34 Google Dorks Solution
Lecture 35 Default credentials task
Lecture 36 Default credentials solution
Lecture 37 Starting the simulation and host discovery task
Lecture 38 Host discovery solution
Lecture 39 nmap task
Lecture 40 nmap solution
Lecture 41 Snmp enumeration task
Lecture 42 Snmp enumeration solution
Section 6: S7 PLC Simulation 2
Lecture 43 Welcome to the section
Lecture 44 Starting the simulation and host discovery task
Lecture 45 Host discovery solution
Lecture 46 nmap task
Lecture 47 nmap solution
Lecture 48 nmap NSE task
Lecture 49 nmap NSE solution
Lecture 50 plcscan task
Lecture 51 plcscan solution
Lecture 52 Search exploits in metasploit and exploit DB
Lecture 53 Adding external exploits to the metasploit framework
Lecture 54 Attacking the simulation task
Lecture 55 Attacking the simulation solution
Lecture 56 SiemensScan
Section 7: Pentesting real Siemens S7 industrial hardware
Lecture 57 Welcome to the section
Lecture 58 Recon and fingerprinting with nmap
Lecture 59 Enumeration and exploitation with metasploit
Lecture 60 Enumeration and exploitation with open source tools
Section 8: Gas station controller simulation
Lecture 61 Welcome to the section
Lecture 62 Shodan task
Lecture 63 Shodan solution
Lecture 64 Starting the simulation and host discovery task
Lecture 65 Host discovery solution
Lecture 66 nmap task
Lecture 67 nmap solution
Lecture 68 nmap NSE task
Lecture 69 nmap NSE solution
Lecture 70 OSINT task
Lecture 71 OSINT solution
Lecture 72 Attack task
Lecture 73 Attack solution
Section 9: Modbus PLC Simulation 1
Lecture 74 Welcome to the section
Lecture 75 Shodan search task
Lecture 76 Shodan search solution
Lecture 77 Google dorks task
Lecture 78 Google dorks solution
Lecture 79 Default credentials task
Lecture 80 Default credentials solution
Lecture 81 Starting the simulation and host discovery task
Lecture 82 Host discovery solution
Lecture 83 nmap task
Lecture 84 nmap solution
Lecture 85 Finding metasploit modules task
Lecture 86 Finding metasploit modules solution
Lecture 87 Running metasploit modules against the target task
Lecture 88 Running metasploit modules against the target solution
Section 10: Modbus PLC Simulation 2
Lecture 89 Welcome to the section
Lecture 90 Starting the simulation and nmap scan task
Lecture 91 nmap scan solution
Lecture 92 metasploit task
Lecture 93 metasploit solution
Lecture 94 Read memory blocks task
Lecture 95 Read memory blocks solution
Lecture 96 Manipulate memory blocks task
Lecture 97 Manipulate memory blocks solution
Section 11: Pentesting real modicon hardware
Lecture 98 Welcome to the section
Lecture 99 Recon and fingerprinting with nmap
Lecture 100 Enumeration and exploitation-trial with metasploit
Lecture 101 Enumeration and exploitation with open source tools
Section 12: Your Challenge: Pentesting an Infrastructure Substation
Lecture 102 Welcome to the section and preparation of the VM
Lecture 103 Your Red Team Assignment
Lecture 104 Hint: Methodology and Steps (No Spoilers)
Lecture 105 Step 1 Solution: Recon and Fingerprinting
Lecture 106 Step 2 Solution: Enumeration
Lecture 107 Step 3 Solution: Triggering the Shutdown
Curious people who want to look at an industrial control system from the attacker's perspective,Beginners with basic knowledge of industrial cyber security,CEHv12 Participants


To Support My Work Buy Premium From My Links.