Published 3/2023MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHzLanguage: English | Size: 1.24 GB | Duration: 2h 12m
PICSPT - Your practical and offensive workshop for newcomers to ICS/OT Security 2023 What you'll learn Show your pentest skills on 6 interactive industrial controller simulations Build your own ICS pentest platform with open source tools NO exploits, privilege escalation nor root shells Learn the typical attack surfaces of an ICS Workshop with high practical part with more than 30 tasks Requirements Don't be afraid to use the Linux command line! No licenses needed. All tools are open source! Windows 10 system with 8GB RAM and virtualization enabled. Basic knowledge or interest in industrial process automation. Description Hacking ICS/OT on shodan or in your own company? Better not!I believe that the best way to learn is with practical experience. OT Security is a new and important skill for all technicians and eeers working on industrial control systems. There are quite a few open source tools that can be used to investigate the cyber security of industrial control systems, but unfortunately there is no suitable training opportunity.For learners of IT pentesting, there are plenty of opportunities like HackTheBox or VulnHub, where pentest tools and hacking skills can be tried out. Training platforms with ICS focus either don't exist or come in the form of a boring sar with over 1000€ participation fee.In this workshop you will learn important pentest tools from Kali and open source tools and you can try them out in 6 interactive simulations of industrial controllers. Of course the simulations are not perfect, so I will show you the tools and techniques on two real PLCs.The workshop has a high practical part and encourages you to participate! There are more than 30 exciting tasks waiting for you, with which you can deepen your skills bit by bit!Important: The pentesting of ICS cannot be compared to the typical pentesting of the IT world. Industrial plants need to be continuously available and hardly any plant operator wants to risk a production stop. Typically, security testing is performed at the lowest or second lowest aggressiveness level. So if you are hoping to pwn your device with buffer overflows, kernel exploits, privilege escalation and root shells, you are in the wrong place.Are you interested in security analysis of ICS and do you already have basic knowledge of industrial cyber security? Then this is the right place for you!Are you currently studying for the (CEH) Certified Ethical Hacker? From v12 on knowledge in OT is required! This course offers you a hands-on introduction to understand the typical vulnerabilities of OT hardware!Please note that the software used is not mine. I can only offer limited assistance in case of problems. Please contact the publisher of the software for help. The installation instructions were created to the best of my knowledge, but the responsibility for the installation lies with the participants. Overview Section 1: Basics Lecture 1 Welcome and Introduction to the Workshop Lecture 2 IT x OT Lecture 3 ICS are easy targets for attackers Lecture 4 Typical ICS Attack Surface Lecture 5 Default credentials and exposed ICS webservers Lecture 6 Typical OT Pentest Scenarios and Focus of this Workshop Lecture 7 Classification of a Pentest Lecture 8 Understanding Security Goals of IT and OT Lecture 9 IPv4 Address and Subnetting Section 2: Offensive OSINT Lecture 10 Welcome to the section Lecture 11 Default credentials in ICS Lecture 12 Google Dorks for finding exposed ICS Lecture 13 Shodan Lecture 14 Find and scan public IP Address Ranges with Shodan Lecture 15 Hunt for vulnerabilities with CISA Section 3: Setting up your ICS Lab Lecture 16 Welcome to the section Lecture 17 Introduction to your Lab and Virtual Machines Lecture 18 Installation of Virtual Box Lecture 19 ing the Kali Linux VM Lecture 20 Installation of Ubuntu Server Lecture 21 Setting up the ICS Simulations Lecture 22 Setting up Kali Linux and installation of open source tools Section 4: Brief overview of your pentest platform Lecture 23 Welcome to the section Lecture 24 Starting a simple honeypot and Kali Linux Lecture 25 Host discovery with netdiscover Lecture 26 Fingerprinting with namp Lecture 27 Enumeration with snmp-check Lecture 28 Metasploit: The Pentesters Toolkit Lecture 29 Open source tools Section 5: S7 PLC Simulation 1 Lecture 30 Welcome to the section and preparation of the VM Lecture 31 Shodan task Lecture 32 Shodan solution Lecture 33 Google Dorks Task Lecture 34 Google Dorks Solution Lecture 35 Default credentials task Lecture 36 Default credentials solution Lecture 37 Starting the simulation and host discovery task Lecture 38 Host discovery solution Lecture 39 nmap task Lecture 40 nmap solution Lecture 41 Snmp enumeration task Lecture 42 Snmp enumeration solution Section 6: S7 PLC Simulation 2 Lecture 43 Welcome to the section Lecture 44 Starting the simulation and host discovery task Lecture 45 Host discovery solution Lecture 46 nmap task Lecture 47 nmap solution Lecture 48 nmap NSE task Lecture 49 nmap NSE solution Lecture 50 plcscan task Lecture 51 plcscan solution Lecture 52 Search exploits in metasploit and exploit DB Lecture 53 Adding external exploits to the metasploit framework Lecture 54 Attacking the simulation task Lecture 55 Attacking the simulation solution Lecture 56 SiemensScan Section 7: Pentesting real Siemens S7 industrial hardware Lecture 57 Welcome to the section Lecture 58 Recon and fingerprinting with nmap Lecture 59 Enumeration and exploitation with metasploit Lecture 60 Enumeration and exploitation with open source tools Section 8: Gas station controller simulation Lecture 61 Welcome to the section Lecture 62 Shodan task Lecture 63 Shodan solution Lecture 64 Starting the simulation and host discovery task Lecture 65 Host discovery solution Lecture 66 nmap task Lecture 67 nmap solution Lecture 68 nmap NSE task Lecture 69 nmap NSE solution Lecture 70 OSINT task Lecture 71 OSINT solution Lecture 72 Attack task Lecture 73 Attack solution Section 9: Modbus PLC Simulation 1 Lecture 74 Welcome to the section Lecture 75 Shodan search task Lecture 76 Shodan search solution Lecture 77 Google dorks task Lecture 78 Google dorks solution Lecture 79 Default credentials task Lecture 80 Default credentials solution Lecture 81 Starting the simulation and host discovery task Lecture 82 Host discovery solution Lecture 83 nmap task Lecture 84 nmap solution Lecture 85 Finding metasploit modules task Lecture 86 Finding metasploit modules solution Lecture 87 Running metasploit modules against the target task Lecture 88 Running metasploit modules against the target solution Section 10: Modbus PLC Simulation 2 Lecture 89 Welcome to the section Lecture 90 Starting the simulation and nmap scan task Lecture 91 nmap scan solution Lecture 92 metasploit task Lecture 93 metasploit solution Lecture 94 Read memory blocks task Lecture 95 Read memory blocks solution Lecture 96 Manipulate memory blocks task Lecture 97 Manipulate memory blocks solution Section 11: Pentesting real modicon hardware Lecture 98 Welcome to the section Lecture 99 Recon and fingerprinting with nmap Lecture 100 Enumeration and exploitation-trial with metasploit Lecture 101 Enumeration and exploitation with open source tools Section 12: Your Challenge: Pentesting an Infrastructure Substation Lecture 102 Welcome to the section and preparation of the VM Lecture 103 Your Red Team Assignment Lecture 104 Hint: Methodology and Steps (No Spoilers) Lecture 105 Step 1 Solution: Recon and Fingerprinting Lecture 106 Step 2 Solution: Enumeration Lecture 107 Step 3 Solution: Triggering the Shutdown Curious people who want to look at an industrial control system from the attacker's perspective,Bners with basic knowledge of industrial cyber security,CEHv12 Participants HomePage:
TO MAC USERS: If RAR password doesn't work, use this archive program:
RAR Expander 0.8.5 Beta 4 and extract password protected files without error.
TO WIN USERS: If RAR password doesn't work, use this archive program:
Latest Winrar and extract password protected files without error.