Practical Industrial Control System Penetration Testing from Udemy

Hacking ICS/OT on shodan or in your own company? Better not.

I believe that the best way to learn is with practical experience. ICS/OT Security is a new and important skill for all technicians and engineers working on industrial control systems. There are quite a few open source tools that can be used to investigate the cyber security of industrial control systems, but unfortunately there is no suitable training opportunity.

For learners of IT pentesting, there are plenty of opportunities like HackTheBox or VulnHub, where pentest tools and hacking skills can be tried out. Training platforms with ICS focus either don't exist or come in the form of a boring seminar with over 1000€ participation fee.

In this workshop you will learn important pentest tools from Kali and open source tools and you can try them out in 6 interactive simulations of industrial controllers. Of course the simulations are not perfect, so I will show you the tools and techniques on two real PLCs.

The workshop has a high practical part and encourages you to participate. There are more than 30 exciting tasks waiting for you, with which you can deepen your skills bit by bit.

Important: The pentesting of ICS cannot be compared to the typical pentesting of the IT world. Industrial plants need to be continuously available and hardly any plant operator wants to risk a production stop. Typically, security testing is performed at the lowest or second lowest aggressiveness level. So if you are hoping to pwn your device with buffer overflows, kernel exploits, privilege escalation and root shells, you are in the wrong place.

Are you interested in security analysis of ICS and do you already have basic knowledge of industrial cyber security? Then this is the right place for you.

Are you currently studying for the (CEH) Certified Ethical Hacker? From v12 on knowledge in OT is required. This course offers you a hands-on introduction to understand the typical vulnerabilities of OT hardware.

Curious about safeguarding of ICS/OT devices? Join my course Assessing and Protecting Industrial Control Systems.

Please note that the software used is not mine. I can only offer limited assistance in case of problems. Please contact the publisher of the software for help. The installation instructions were created to the best of my knowledge, but the responsibility for the installation lies with the participants.

What's inside

Learning objectives

Show your pentest skills on 6 interactive industrial controller simulations
Build your own ics pentest platform with open source tools
No exploits, privilege escalation nor root shells

Learn the typical attack surfaces of an ics
Workshop with high practical part with more than 30 tasks

Show your pentest skills on 6 interactive industrial controller simulations
Build your own ics pentest platform with open source tools
No exploits, privilege escalation nor root shells
Learn the typical attack surfaces of an ics
Workshop with high practical part with more than 30 tasks

Syllabus

The Basics

Welcome and Introduction to the Workshop

IT x OT

ICS are easy targets for attackers

Typical ICS Attack Surface

Default credentials and exposed ICS webservers

Typical OT Pentest Scenarios and Focus of this Workshop

Classification of a Pentest

Understanding Security Goals of IT and OT

IPv4 Address and Subnetting

Offensive OSINT

Welcome to Offensive OSINT

Default credentials in ICS

Google Dorks for finding exposed ICS

Shodan

Find and scan public IP Address Ranges with Shodan

Hunt for vulnerabilities with CISA

Setting up your ICS Lab

Welcome to Setting up your ICS Lab

Introduction to your Lab and Virtual Machines

Installation of Virtual Box

Downloading the Kali Linux VM

Please ensure to download Ubuntu server 22.04

Setting up the ICS Simulations

Finalizing Conpot Setup

Setting up Kali Linux and installation of open source tools

Brief Overview of your Pentest Platform

Welcome to Brief Overview of your Pentest Platform

Please ensure typing the command to start honeypots without spaces between the services!
sudo python3 -m honeypots --setup telnet,http,smb,vnc,snmp

Host discovery with netdiscover

Fingerprinting with namp

Enumeration with snmp-check

Metasploit: The Pentesters Toolkit

Open source tools

S7 PLC Simulation 1

Welcome to S7 PLC Simulation 1 and preparation of the VM

Shodan task

Shodan solution

Google Dorks Task

Google Dorks Solution

Default credentials task

Default credentials solution

Starting the simulation and host discovery task

Host discovery solution

nmap task

nmap solution

Snmp enumeration task

Snmp enumeration solution

S7 PLC Simulation 2

Welcome to S7 PLC Simulation 2

nmap NSE task

nmap NSE solution

plcscan task

plcscan solution

Search exploits in metasploit and exploit DB

Adding external exploits to the metasploit framework

Attacking the simulation task

Attacking the simulation solution

SiemensScan

Pentesting Real Siemens S7 Industrial Hardware

Welcome to Pentesting Real Siemens S7 Industrial Hardware

Recon and fingerprinting with nmap

Enumeration and exploitation with metasploit

Enumeration and exploitation with open source tools

Gas Station Controller Simulation

Welcome to Gas Station Controller Simulation

OSINT task

OSINT solution

Attack task

Attack solution

Modbus PLC Simulation 1

Welcome to Modbus PLC Simulation 1

Shodan search task

Shodan search solution

Google dorks task

Google dorks solution

Finding metasploit modules task

Finding metasploit modules solution

Running metasploit modules against the target task

Running metasploit modules against the target solution

Modbus PLC Simulation 2

Welcome to Modbus PLC Simulation 2

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Practical Industrial Control System Penetration Testing with these activities:

Review IPv4 Addressing and Subnetting

Show steps

Solidify your understanding of IPv4 addressing and subnetting to effectively identify and analyze network configurations within ICS environments.

Browse courses on IPv4 Addressing

Show steps

Review the structure of IPv4 addresses and subnet masks.
Practice subnetting exercises to calculate network and host addresses.
Understand CIDR notation and its relation to subnet masks.

Read 'Practical Industrial Control Systems Security' by Sergio Ferreira

Show steps

Gain a broader understanding of ICS security principles and practices to complement the practical pentesting skills learned in the course.

View Melania on Amazon

Show steps

Read the book, focusing on chapters related to risk assessment and security architecture.
Take notes on key concepts and best practices.
Relate the concepts to the pentesting techniques covered in the course.

Practice Nmap Scripting Engine (NSE) Scripting

Show steps

Enhance your Nmap skills by writing custom NSE scripts to identify specific vulnerabilities or configurations in ICS devices.

Show steps

Learn the basics of Lua scripting language.
Study existing NSE scripts related to ICS protocols (e.g., Modbus, S7).
Write a simple NSE script to detect a specific ICS service or vulnerability.
Test the script against the ICS simulations in the course.

Four other activities

Expand to see all activities and additional details

Show all seven activities

Document Pentesting Procedures

Show steps

Reinforce your understanding of pentesting techniques by creating a detailed guide on how to perform specific tests on ICS devices.

Show steps

Choose a specific pentesting technique covered in the course (e.g., SNMP enumeration, Modbus exploitation).
Document the steps involved in performing the technique, including tools used and commands executed.
Include screenshots and examples to illustrate the process.
Share your guide with other students for feedback.

Read 'Hacking Exposed: Industrial Control Systems' by Clint Bodungen, Bryan Singer, Aaron Shbeeb, Kyle Wilhoit, Stephen Hilt

Show steps

Gain a deeper understanding of ICS vulnerabilities and attack techniques to improve your pentesting skills and develop effective defense strategies.

View Hacking Exposed Industrial Control Systems: ICS... on Amazon

Show steps

Read the book, focusing on chapters related to specific ICS protocols and vulnerabilities.
Take notes on key attack techniques and defense strategies.
Relate the concepts to the pentesting techniques covered in the course.

Build a Custom ICS Pentesting VM

Show steps

Create a customized virtual machine with all the necessary tools and configurations for ICS pentesting, streamlining your workflow and improving efficiency.

Show steps

Choose a Linux distribution (e.g., Kali Linux, Parrot OS) as the base for your VM.
Install all the necessary pentesting tools, including Nmap, Metasploit, and specialized ICS tools (e.g., Modbus client, S7 client).
Configure the VM with the necessary network settings and security configurations.
Document the steps involved in building the VM for future reference.

Contribute to an Open-Source ICS Security Project

Show steps

Enhance your skills and contribute to the ICS security community by participating in an open-source project related to ICS pentesting or vulnerability analysis.

Show steps

Identify an open-source ICS security project that aligns with your interests and skills.
Review the project's documentation and contribution guidelines.
Contribute code, documentation, or bug reports to the project.
Participate in the project's community discussions.

Career center

Learners who complete Practical Industrial Control System Penetration Testing will develop knowledge and skills that may be useful to these careers:

Practical Industrial Control System Penetration Testing

What's inside

Learning objectives

Syllabus

Save this course

Activities

Career center

Reading list

Share

Similar courses