Pentesting Industrial Control Systems: An ethical hacker’s guide to analyzing, compromising, mitigating, and securing industrial processes
- Length: 450 pages
- Edition: 1
- Language: English
- Publisher: Packt Publishing
- Publication Date: 2021-12-09
- ISBN-10: 1800202385
- ISBN-13: 9781800202382
- Sales Rank: #1001350 (See Top 100 Books)
Discover modern tactics, techniques, and procedures for pentesting industrial control systems
Key Features
- Become well-versed with offensive ways of defending your industrial control systems
- Learn about industrial network protocols, threat hunting, Active Directory compromises, SQL injection, and much more
- Build offensive and defensive skills to combat industrial cyber threats
Book Description
The industrial cybersecurity domain has grown significantly in recent years. To completely secure critical infrastructure, red teams must be employed to continuously test and exploit the security integrity of a company’s people, processes, and products. This pentesting book takes a slightly different approach than most by helping you to gain hands-on experience with equipment that you’ll come across in the field. This will enable you to understand how industrial equipment interacts and operates within an operational environment.
You’ll start by getting to grips with the basics of industrial processes, and then see how to create and break the process, along with gathering open source intel to create a threat landscape for your potential customer. As you advance, you’ll find out how to install and utilize offensive techniques used by professional hackers. Throughout the book, you’ll explore industrial equipment, port and service discovery, pivoting, and much more, before finally launching attacks against systems in an industrial network.
By the end of this penetration testing book, you’ll not only understand how to analyze and navigate the intricacies of an industrial control system (ICS), but you’ll also have developed essential offensive and defensive skills to proactively protect industrial networks from modern cyberattacks.
What you will learn
- Set up a starter-kit ICS lab with both physical and virtual equipment
- Perform open source intel-gathering pre-engagement to help map your attack landscape
- Get to grips with the Standard Operating Procedures (SOPs) for penetration testing on industrial equipment
- Understand the principles of traffic spanning and the importance of listening to customer networks
- Gain fundamental knowledge of ICS communication
- Connect physical operational technology to engineering workstations and supervisory control and data acquisition (SCADA) software
- Get hands-on with directory scanning tools to map web-based SCADA solutions
Who this book is for
If you are an ethical hacker, penetration tester, automation engineer, or IT security professional looking to maintain and secure industrial networks from adversaries, this book is for you. A basic understanding of cybersecurity and recent cyber events will help you get the most out of this book.
Table of Contents
- Using Virtualization
- Route the Hardware
- I Love My Bits – Lab Setup
- Open Source Ninja
- Span Me If You Can
- Packet Deep Dive
- Scanning 101
- Protocols 202
- Ninja 308
- I Can Do It 420
- Whoot… I Have To Go Deep
- I See the Future
- Pwnd but with Remorse
Pentesting Industrial Control Systems
Contributors
About the author
About the reviewer
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Share Your Thoughts
Section 1 - Getting Started
Chapter 1: Using Virtualization
Technical requirements
Understanding what virtualization is
Discovering what VMware is
Turning it all on
How to install Fusion
How to install ESXi
How to install Hypervisor
Spinning up Ubuntu as a pseudo-PLC/SCADA
Spinning up Windows Engineering Workstation
Spinning up Kali Linux
Routing and rules
Summary
Chapter 2: Route the Hardware
Technical requirements
Installing the Click software
Setting up Koyo Click
Configuring communication
Summary
Chapter 3: I Love My Bits – Lab Setup
Technical requirements
Writing and downloading our first program
Overriding and wiring the I/O
Testing control
Summary
Section 2 - Understanding the Cracks
Chapter 4: Open Source Ninja
Technical requirements
Understanding Google-Fu
Searching LinkedIn
Experimenting with Shodan.io
Investigating with ExploitDB
Traversing the NVD
Summary
Chapter 5: Span Me If You Can
Technical requirements
Installing Wireshark
macOS
Linux distros
Windows 10
Using a TAP during an engagement
Navigating IDS security monitoring
Node license saturation
Alert exhaustion
Other protocol or uncommon port
Encrypted protocol usage
Living off the land
Summary
Chapter 6: Packet Deep Dive
Technical requirements
How are packets formed?
The Application layer
The Presentation layer
The Session layer
The Transport layer
The Network layer
The Data Link layer
The Physical layer
Capturing packets on the wire
Capture filters
Display filters
Analyzing packets for key information
Summary
Section 3 - I’m a Pirate, Hear Me Roar
Chapter 7: Scanning 101
Technical requirements
Installing and configuring Ignition SCADA
Introduction to NMAP
Port scanning with RustScan
Installing RustScan
Introduction to Gobuster
Installing Gobuster
Web application scanning with feroxbuster
Summary
Chapter 8: Protocols 202
Technical requirements
Industry protocols
Modbus crash course
Establishing a Modbus server
Turning lights on with Ethernet/IP
Establishing the EthernetIP server
Summary
Chapter 9: Ninja 308
Technical requirements
Installing FoxyProxy
Running BurpSuite
Building a script for brute-forcing SCADA
Summary
Chapter 10: I Can Do It 420
Technical requirements
Installing corporate environment elements
Installing and configuring the domain controller
Adding and installing the DNS server
Adding and installing the DHCP server
Adding and installing network file sharing
Configuring Kerberos
Installing and configuring workstations
Kali Linux tools
Discovering and launching our attacks
Getting shells
Summary
Chapter 11: Whoot… I Have To Go Deep
Technical requirements
Configuring a firewall
I have a shell, now what?
Escalating privileges
Pivoting
Summary
Section 4 -Capturing Flags and Turning off Lights
Chapter 12: I See the Future
Technical requirements
Additional lab configurations
LDAP connection
PHP setup
User interface control
Script access
Summary
Chapter 13: Pwned but with Remorse
Technical requirements
Preparing a pentest report
Attack vector
Probability of happening
Level of complexity
Security controls
Closing the security gap
MITRE ATT&CK
Industrial firewalls
Summary
Why subscribe?
Other Books You May Enjoy
Packt is searching for authors like you
Share Your ThoughtsDonate to keep this site alive
How to download source code?
1. Go to: https://github.com/PacktPublishing
2. In the Find a repository… box, search the book title: Pentesting Industrial Control Systems: An ethical hacker’s guide to analyzing, compromising, mitigating, and securing industrial processes, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.
