Share Description
In this course, you will learn:
- Demonstrate your pentesting talents with six interactive industrial controller simulations.
- Create your own ICS pentesting platform using open source tools.
- No exploits, privilege escalation, or root shells.
- Learn about the typical attack surfaces of an ICS.
- Workshop with a heavy practical component, with over 30 challenges.
Syllabus:
1. The Basics
- ICS are easy targets for attackers
- Typical ICS Attack Surface
- Default credentials and exposed ICS webservers
- Typical OT Pentest Scenarios and Focus of this Workshop
- Classification of a Pentest
- Understanding Security Goals of IT and OT
- IPv4 Address and Subnetting
2. Offensive OSINT
- Default credentials in ICS
- Google Dorks for finding exposed ICS
- Shodan
- Find and scan public IP Address Ranges with Shodan
- Hunt for vulnerabilities with CISA
3. Setting up your ICS Lab
- Introduction to your Lab and Virtual Machines
- Installation of Virtual Box
- Downloading the Kali Linux VM
- Installation of Ubuntu Server
- Setting up the ICS Simulations
- Setting up Kali Linux and installation of open source tools
4. Brief Overview of your Pentest Platform
- Starting a simple honeypot and Kali Linux
- Host discovery with netdiscover
- Fingerprinting with namp
- Enumeration with snmp-check
- Metasploit: The Pentesters Toolkit
- Open source tools
5. S7 PLC Simulation 1
- Shodan task
- Shodan solution
- Google Dorks Task
- Google Dorks Solution
- Default credentials task
- Default credentials solution
- Starting the simulation and host discovery task
- Host discovery solution
- nmap task
- nmap solution
- Snmp enumeration task
- Snmp enumeration solution
6. S7 PLC Simulation 2
- Starting the simulation and host discovery task
- Host discovery solution
- nmap task
- nmap solution
- nmap NSE task
- nmap NSE solution
- plcscan task
- plcscan solution
- Search exploits in metasploit and exploit DB
- Adding external exploits to the metasploit framework
- Attacking the simulation task
- Attacking the simulation solution
- SiemensScan
7. Pentesting Real Siemens S7 Industrial Hardware
- Recon and fingerprinting with nmap
- Enumeration and exploitation with metasploit
- Enumeration and exploitation with open source tools
8. Gas Station Controller Simulation
- Shodan task
- Shodan solution
- Starting the simulation and host discovery task
- Host discovery solution
- nmap task
- nmap solution
- nmap NSE task
- nmap NSE solution
- OSINT task
- OSINT solution
- Attack task
- Attack solution
9. Modbus PLC Simulation 1
- Shodan search task
- Shodan search solution
- Google dorks task
- Google dorks solution
- Default credentials task
- Default credentials solution
- Starting the simulation and host discovery task
- Host discovery solution
- nmap task
- nmap solution
- Finding metasploit modules task
- Finding metasploit modules solution
- Running metasploit modules against the target task
- Running metasploit modules against the target solution
10. Modbus PLC Simulation
- Starting the simulation and nmap scan task
- nmap scan solution
- metasploit task
- metasploit solution
- Read memory blocks task
- Read memory blocks solution
- Manipulate memory blocks task
- Manipulate memory blocks solution
11. Pentesting Real Modbus Modicon Hardware
- Recon and fingerprinting with nmap
- Enumeration and exploitation-trial with metasploit
- Enumeration and exploitation with open source tools
12. Your Challenge: Pentesting an Infrastructure Substation
- Your Red Team Assignment
- Hint: Methodology and Steps (No Spoilers)
- Step 1 Solution: Recon and Fingerprinting
- Step 2 Solution: Enumeration
- Step 3 Solution: Triggering the Shutdown
