Practical Industrial Control System Penetration Testing

Focused View

Marcel Rick-Cen

2:12:00

133 View

1 - Basics

1 - Welcome and Introduction to the Workshop.mp4

02:29

2 - IT x OT.mp4

02:23

3 - ICS are easy targets for attackers.mp4

01:42

4 - Typical ICS Attack Surface.mp4

02:02

5 - Default credentials and exposed ICS webservers.mp4

01:12

6 - Typical OT Pentest Scenarios and Focus of this Workshop.mp4

01:35

7 - Classification of a Pentest.mp4

03:16

8 - Understanding Security Goals of IT and OT.mp4

02:19

9 - IPv4 Address and Subnetting.mp4

02:14

2 - Offensive OSINT

10 - ICS-OSINT.xlsx

10 - Welcome to the section.mp4

01:13

11 - Default credentials in ICS.mp4

02:00

12 - Google Dorks for finding exposed ICS.mp4

00:46

13 - Shodan.mp4

01:45

14 - Find and scan public IP Address Ranges with Shodan.mp4

01:04

15 - Hunt for vulnerabilities with CISA.mp4

00:52

3 - Setting up your ICS Lab

16 - Welcome to the section.mp4

00:31

17 - Introduction to your Lab and Virtual Machines.mp4

02:15

18 - Installation of Virtual Box.mp4

02:11

19 - Downloading the Kali Linux VM.mp4

00:49

20 - Installation of Ubuntu Server.mp4

03:50

21 - Setting up the ICS Simulations.mp4

02:41

22 - Links.txt

22 - Setting up Kali Linux and installation of open source tools.mp4

06:09

4 - Brief overview of your pentest platform

23 - Welcome to the section.mp4

01:10

24 - Starting a simple honeypot and Kali Linux.mp4

01:00

25 - Host discovery with netdiscover.mp4

01:15

26 - Fingerprinting with namp.mp4

02:29

27 - Enumeration with snmpcheck.mp4

01:20

28 - Metasploit The Pentesters Toolkit.mp4

02:14

29 - Open source tools.mp4

01:36

5 - S7 PLC Simulation 1

30 - VM-MAC.txt

30 - Welcome to the section and preparation of the VM.mp4

01:01

31 - Shodan task.mp4

00:23

32 - Shodan solution.mp4

01:14

33 - Google Dorks Task.mp4

00:20

34 - Google Dorks Solution.mp4

00:45

35 - Default credentials task.mp4

00:18

36 - Default credentials solution.mp4

00:18

37 - Starting the simulation and host discovery task.mp4

01:08

38 - Host discovery solution.mp4

01:08

39 - nmap task.mp4

00:58

40 - nmap solution.mp4

01:32

41 - Snmp enumeration task.mp4

01:00

42 - Snmp enumeration solution.mp4

00:38

6 - S7 PLC Simulation 2

43 - VM-MAC.txt

43 - Welcome to the section.mp4

00:34

44 - Starting the simulation and host discovery task.mp4

01:28

45 - Host discovery solution.mp4

00:47

46 - nmap task.mp4

00:48

47 - nmap solution.mp4

00:33

48 - nmap NSE task.mp4

01:02

49 - nmap NSE solution.mp4

01:14

50 - plcscan task.mp4

00:55

51 - plcscan solution.mp4

00:38

52 - Search exploits in metasploit and exploit DB.mp4

00:37

53 - Adding external exploits to the metasploit framework.mp4

01:43

54 - Attacking the simulation task.mp4

01:10

55 - Attacking the simulation solution.mp4

00:52

56 - SiemensScan.mp4

00:55

7 - Pentesting real Siemens S7 industrial hardware

57 - Welcome to the section.mp4

00:42

58 - Recon and fingerprinting with nmap.mp4

02:29

59 - Enumeration and exploitation with metasploit.mp4

01:41

60 - Enumeration and exploitation with open source tools.mp4

02:07

8 - Gas station controller simulation

61 - VM-MAC.txt

61 - Welcome to the section.mp4

01:13

62 - Shodan task.mp4

00:26

63 - Shodan solution.mp4

00:50

64 - Starting the simulation and host discovery task.mp4

00:49

65 - Host discovery solution.mp4

00:42

66 - nmap task.mp4

00:23

67 - nmap solution.mp4

00:25

68 - nmap NSE task.mp4

00:27

69 - nmap NSE solution.mp4

01:05

70 - OSINT task.mp4

00:32

71 - OSINT solution.mp4

01:54

72 - Attack task.mp4

00:41

72 - Function-Codes.txt

73 - Attack solution.mp4

00:36

9 - Modbus PLC Simulation 1

74 - VM-MAC.txt

74 - Welcome to the section.mp4

01:27

75 - Shodan search task.mp4

00:27

76 - Shodan search solution.mp4

00:50

77 - Google dorks task.mp4

00:17

78 - Google dorks solution.mp4

00:48

79 - Default credentials task.mp4

00:12

80 - Default credentials solution.mp4

00:17

81 - Starting the simulation and host discovery task.mp4

00:59

82 - Host discovery solution.mp4

00:30

83 - nmap task.mp4

00:27

84 - nmap solution.mp4

00:50

85 - Finding metasploit modules task.mp4

00:24

86 - Finding metasploit modules solution.mp4

00:35

87 - Running metasploit modules against the target task.mp4

00:27

88 - Running metasploit modules against the target solution.mp4

01:59

10 - Modbus PLC Simulation 2

89 - Welcome to the section.mp4

00:21

90 - Starting the simulation and nmap scan task.mp4

01:15

91 - nmap scan solution.mp4

01:27

92 - metasploit task.mp4

00:23

93 - metasploit solution.mp4

01:16

94 - Read memory blocks task.mp4

01:13

95 - Read memory blocks solution.mp4

00:30

96 - Manipulate memory blocks task.mp4

00:55

97 - Manipulate memory blocks solution.mp4

00:58

11 - Pentesting real modicon hardware

98 - Welcome to the section.mp4

00:41

99 - Recon and fingerprinting with nmap.mp4

02:04

100 - Enumeration and exploitationtrial with metasploit.mp4

01:40

101 - Enumeration and exploitation with open source tools.mp4

01:43

12 - Your Challenge Pentesting an Infrastructure Substation

102 - VM-MAC.txt

102 - Welcome to the section and preparation of the VM.mp4

01:51

102 - conpot-iec104-template-port-change.txt

103 - ChronoGuard-Manual.pdf

103 - Red-Team-Assignment.pdf

103 - Your Red Team Assignment.mp4

01:45

104 - Hints.pdf

104 - Hint Methodology and Steps No Spoilers.mp4

01:30

105 - Step 1 Solution Recon and Fingerprinting.mp4

02:04

106 - Step 2 Solution Enumeration.mp4

01:44

107 - Step 3 Solution Triggering the Shutdown.mp4

00:48

Description

PICSPT - Your practical and offensive workshop for newcomers to ICS/OT Security 2023

What You'll Learn?

Show your pentest skills on 6 interactive industrial controller simulations
Build your own ICS pentest platform with open source tools
NO exploits, privilege escalation nor root shells
Learn the typical attack surfaces of an ICS
Workshop with high practical part with more than 30 tasks

Who is this for?

Curious people who want to look at an industrial control system from the attacker's perspective

Beginners with basic knowledge of industrial cyber security

CEHv12 Participants

More details

Description
Hacking ICS/OT on shodan or in your own company? Better not!
I believe that the best way to learn is with practical experience. OT Security is a new and important skill for all technicians and engineers working on industrial control systems. There are quite a few open source tools that can be used to investigate the cyber security of industrial control systems, but unfortunately there is no suitable training opportunity.
For learners of IT pentesting, there are plenty of opportunities like HackTheBox or VulnHub, where pentest tools and hacking skills can be tried out. Training platforms with ICS focus either don't exist or come in the form of a boring seminar with over 1000â‚¬ participation fee.
In this workshop you will learn important pentest tools from Kali and open source tools and you can try them out in 6 interactive simulations of industrial controllers. Of course the simulations are not perfect, so I will show you the tools and techniques on two real PLCs.
The workshop has a high practical part and encourages you to participate! There are more than 30 exciting tasks waiting for you, with which you can deepen your skills bit by bit!
Important: The pentesting of ICS cannot be compared to the typical pentesting of the IT world. Industrial plants need to be continuously available and hardly any plant operator wants to risk a production stop. Typically, security testing is performed at the lowest or second lowest aggressiveness level. So if you are hoping to pwn your device with buffer overflows, kernel exploits, privilege escalation and root shells, you are in the wrong place.
Are you interested in security analysis of ICS and do you already have basic knowledge of industrial cyber security? Then this is the right place for you!
Are you currently studying for the (CEH) Certified Ethical Hacker? From v12 on knowledge in OT is required! This course offers you a hands-on introduction to understand the typical vulnerabilities of OT hardware!
Please note that the software used is not mine. I can only offer limited assistance in case of problems. Please contact the publisher of the software for help. The installation instructions were created to the best of my knowledge, but the responsibility for the installation lies with the participants.
Who this course is for:
Curious people who want to look at an industrial control system from the attacker's perspective
Beginners with basic knowledge of industrial cyber security
CEHv12 Participants

User Reviews

Rating

average 0

Total votes0

Focused display

Marcel Rick-Cen is an OT Security Consultant with years of experience in the field of automation technology. He holds a master's degree in automation engineering and has a strong background in fixing mechanical, electrical, software, and "people" problems on the shopfloor. Marcel has worked on the shopfloor in various international locations, gaining firsthand experience in the challenges of keeping OT systems running.Additionally, as an ethical hacker, he spends his nights trying open-source exploits against real industrial hardware in his ICS homelab. Marcel's unique blend of technical expertise and real-world experience make him an invaluable contributor to the OT security field.In his courses and workshops he teaches newcomers exciting basics about the possibilities to attack and defend an ICS/OT system and places special emphasis on practicality.

Udemy

View courses Udemy

Students take courses primarily to improve job-related skills.Some courses generate credit toward technical certification. Udemy has made a special effort to attract corporate trainers seeking to create coursework for employees of their company.