Book Image

Pentesting Industrial Control Systems

By : Paul Smith
Book Image

Pentesting Industrial Control Systems

By: Paul Smith

Overview of this book

The industrial cybersecurity domain has grown significantly in recent years. To completely secure critical infrastructure, red teams must be employed to continuously test and exploit the security integrity of a company's people, processes, and products. This is a unique pentesting book, which takes a different approach by helping you gain hands-on experience with equipment that you’ll come across in the field. This will enable you to understand how industrial equipment interacts and operates within an operational environment. You'll start by getting to grips with the basics of industrial processes, and then see how to create and break the process, along with gathering open-source intel to create a threat landscape for your potential customer. As you advance, you'll find out how to install and utilize offensive techniques used by professional hackers. Throughout the book, you'll explore industrial equipment, port and service discovery, pivoting, and much more, before finally launching attacks against systems in an industrial network. By the end of this penetration testing book, you'll not only understand how to analyze and navigate the intricacies of an industrial control system (ICS), but you'll also have developed essential offensive and defensive skills to proactively protect industrial networks from modern cyberattacks.

Related Content you might be interested in

Current Title:

Small book image
Pentesting Industrial Control Systems
Paul Smith
Dec, 2021 | 450 pages
Small book image
Industrial Cybersecurity
Pascal Ackerman
Oct, 2017 | 456 pages
Small book image
IoT and OT Security Handbook
Vasantha Lakshmi | Smita Jain
Mar, 2023 | 172 pages
Small book image
Industrial Cybersecurity
Pascal Ackerman
Oct, 2021 | 800 pages
Table of Contents (19 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Section 1 - Getting Started
Section 1 - Getting Started
Free Chapter
2
Chapter 1: Using Virtualization
Chapter 1: Using Virtualization
Technical requirements
Understanding what virtualization is
Discovering what VMware is
Turning it all on
Routing and rules
Summary
3
Chapter 2: Route the Hardware
Chapter 2: Route the Hardware
Technical requirements
Installing the Click software
Setting up Koyo Click
Configuring communication
Summary
4
Chapter 3: I Love My Bits – Lab Setup
Chapter 3: I Love My Bits – Lab Setup
Technical requirements
Writing and downloading our first program
Overriding and wiring the I/O
Testing control
Summary
5
Section 2 - Understanding the Cracks
Section 2 - Understanding the Cracks
6
Chapter 4: Open Source Ninja
Chapter 4: Open Source Ninja
Technical requirements
Understanding Google-Fu
Searching LinkedIn
Experimenting with Shodan.io
Investigating with ExploitDB
Traversing the NVD
Summary
7
Chapter 5: Span Me If You Can
Chapter 5: Span Me If You Can
Technical requirements
Installing Wireshark
Using a TAP during an engagement
Navigating IDS security monitoring
Summary
8
Chapter 6: Packet Deep Dive
Chapter 6: Packet Deep Dive
Technical requirements
How are packets formed?
Capturing packets on the wire
Analyzing packets for key information
Summary
9
Section 3 - I’m a Pirate, Hear Me Roar
Section 3 - I’m a Pirate, Hear Me Roar
10
Chapter 7: Scanning 101
Chapter 7: Scanning 101
Technical requirements
Installing and configuring Ignition SCADA
Introduction to NMAP
Port scanning with RustScan
Introduction to Gobuster
Web application scanning with feroxbuster
Summary
11
Chapter 8: Protocols 202
Chapter 8: Protocols 202
Technical requirements
Industry protocols
Modbus crash course
Turning lights on with Ethernet/IP
Summary
12
Chapter 9: Ninja 308
Chapter 9: Ninja 308
Technical requirements
Installing FoxyProxy
Running BurpSuite
Building a script for brute-forcing SCADA
Summary
13
Chapter 10: I Can Do It 420
Chapter 10: I Can Do It 420
Technical requirements
Installing corporate environment elements
Discovering and launching our attacks
Getting shells
Summary
14
Chapter 11: Whoot… I Have To Go Deep
Chapter 11: Whoot… I Have To Go Deep
Technical requirements
Configuring a firewall
I have a shell, now what?
Escalating privileges
Pivoting
Summary
15
Section 4 -Capturing Flags and Turning off Lights
Section 4 -Capturing Flags and Turning off Lights
16
Chapter 12: I See the Future
Chapter 12: I See the Future
Technical requirements
Additional lab configurations
User interface control
Script access
Summary
17
Chapter 13: Pwned but with Remorse
Chapter 13: Pwned but with Remorse
Technical requirements
Preparing a pentest report
Closing the security gap
Summary
Why subscribe?
18
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

What this book covers

Chapter 1, Using Virtualization, will walk you through the basic building blocks of virtualization, and then progress into building out a hypervisor that will support our virtual ICS lab.

Chapter 2, Route the Hardware, covers the principles of setting up a Programmable Logic Controller (PLC), and then moves on to the fundamentals of connecting that PLC to a virtual machine on our newly minted hypervisor.

Chapter 3, I Love My Bits – Lab Setup, takes us through the steps of writing, downloading, and uploading our first program to our PLC.

Chapter 4, Open Source Ninja, teaches you about the power of Google-Fu, oversharing on LinkedIn, exposed devices on Shodan.io, navigating ExploitDB, and finally, leveraging the national vulnerability database.

Chapter 5, Span Me If You Can, teaches you about SPANs and TAPs and how they can be leveraged in a pentesting engagement, and then we will take a deep dive into intrusion detection systems.

Chapter 6, Packet Deep Dive, walks through the structure of a typical packet, teaching you how to capture packets from the wire, and then analyzing those packets for key information.

Chapter 7, Scanning 101, starts out by building a live SCADA system, and then moves on to using NMAP, RustScan, Gobuster, and feroxbuster to perform scanning techniques on our live SCADA system.

Chapter 8, Protocols 202, takes a deep dive into Modbus and Ethernet/IP and the ways we can utilize these protocols to perform pentesting tasks inside the ICS.

Chapter 9, Ninja 308, leverages FoxyProxy and Burp Suite to analyze and attack the SCADA user interface.

Chapter 10, I Can Do It 420, starts off by installing and configuring a corporate-side firewall to provide a more holistic lab setup. Then, we continue on to scanning, exploiting, and then landing reverse shells.

Chapter 11, Whoot… I Have To Go Deep, now that we have the shells, looks at running post-exploitation modules to glean data from inside the network. We will escalate privileges on the machines that we compromise, and then pivot down to the lower segments.

Chapter 12, I See the Future, looks at the dangers of credential reuse by taking you through the steps of leveraging credentials discovered in previous steps and then accessing the SCADA interface for ultimate control of the system.

Chapter 13, Pwnd but with Remorse, discusses the core deliverable, the report. If there is no evidence, did a test actually occur? We will prepare a template for future assessments/pentests, then discuss the critical information that lands inside the report, and then finally, document recommendations that can be used by the blue team to protect their systems into the future.

Previous Section
Next Section