Pentesting Industrial Control Systems
An ethical hacker's guide to analyzing, compromising, mitigating, and securing industrial processes
Published on 19. March 2021
Book
Paperback/Softback
450 pages
978-1-80020-238-2 (ISBN)
Description
Learn how to defend your ICS in practice, from lab setup and intel gathering to working with SCADA
Key Features
Become well-versed with offensive ways of defending your industrial control systems
Learn about industrial network protocols, threat hunting, Active Directory compromises, SQL injection, and much more
Build offensive and defensive skills to combat industrial cyber threats
Book DescriptionThe industrial cybersecurity domain has grown significantly in recent years. To completely secure critical infrastructure, red teams must be employed to continuously test and exploit the security integrity of a company's people, processes, and products.
This is a unique pentesting book, which takes a different approach by helping you gain hands-on experience with equipment that you'll come across in the field. This will enable you to understand how industrial equipment interacts and operates within an operational environment.
You'll start by getting to grips with the basics of industrial processes, and then see how to create and break the process, along with gathering open-source intel to create a threat landscape for your potential customer. As you advance, you'll find out how to install and utilize offensive techniques used by professional hackers. Throughout the book, you'll explore industrial equipment, port and service discovery, pivoting, and much more, before finally launching attacks against systems in an industrial network.
By the end of this penetration testing book, you'll not only understand how to analyze and navigate the intricacies of an industrial control system (ICS), but you'll also have developed essential offensive and defensive skills to proactively protect industrial networks from modern cyberattacks.
What you will learn
Set up a starter-kit ICS lab with both physical and virtual equipment
Perform open source intel-gathering pre-engagement to help map your attack landscape
Get to grips with the Standard Operating Procedures (SOPs) for penetration testing on industrial equipment
Understand the principles of traffic spanning and the importance of listening to customer networks
Gain fundamental knowledge of ICS communication
Connect physical operational technology to engineering workstations and supervisory control and data acquisition (SCADA) software
Get hands-on with directory scanning tools to map web-based SCADA solutions
Who this book is forIf you are an ethical hacker, penetration tester, automation engineer, or IT security professional looking to maintain and secure industrial networks from adversaries, this book is for you. A basic understanding of cybersecurity and recent cyber events will help you get the most out of this book.
Key Features
Become well-versed with offensive ways of defending your industrial control systems
Learn about industrial network protocols, threat hunting, Active Directory compromises, SQL injection, and much more
Build offensive and defensive skills to combat industrial cyber threats
Book DescriptionThe industrial cybersecurity domain has grown significantly in recent years. To completely secure critical infrastructure, red teams must be employed to continuously test and exploit the security integrity of a company's people, processes, and products.
This is a unique pentesting book, which takes a different approach by helping you gain hands-on experience with equipment that you'll come across in the field. This will enable you to understand how industrial equipment interacts and operates within an operational environment.
You'll start by getting to grips with the basics of industrial processes, and then see how to create and break the process, along with gathering open-source intel to create a threat landscape for your potential customer. As you advance, you'll find out how to install and utilize offensive techniques used by professional hackers. Throughout the book, you'll explore industrial equipment, port and service discovery, pivoting, and much more, before finally launching attacks against systems in an industrial network.
By the end of this penetration testing book, you'll not only understand how to analyze and navigate the intricacies of an industrial control system (ICS), but you'll also have developed essential offensive and defensive skills to proactively protect industrial networks from modern cyberattacks.
What you will learn
Set up a starter-kit ICS lab with both physical and virtual equipment
Perform open source intel-gathering pre-engagement to help map your attack landscape
Get to grips with the Standard Operating Procedures (SOPs) for penetration testing on industrial equipment
Understand the principles of traffic spanning and the importance of listening to customer networks
Gain fundamental knowledge of ICS communication
Connect physical operational technology to engineering workstations and supervisory control and data acquisition (SCADA) software
Get hands-on with directory scanning tools to map web-based SCADA solutions
Who this book is forIf you are an ethical hacker, penetration tester, automation engineer, or IT security professional looking to maintain and secure industrial networks from adversaries, this book is for you. A basic understanding of cybersecurity and recent cyber events will help you get the most out of this book.
More details
Language
English
Place of publication
Birmingham
United Kingdom
Dimensions
Height: 235 mm
Width: 191 mm
Thickness: 25 mm
Weight
834 gr
ISBN-13
978-1-80020-238-2 (9781800202382)
Copyright in bibliographic data and cover images is held by Nielsen Book Services Limited or by the publishers or by their respective licensors: all rights reserved.
Schweitzer Classification
Other editions
Additional editions
Paul Smith
Pentesting Industrial Control Systems
An ethical hacker's guide to analyzing, compromising, mitigating, and securing industrial processes
E-Book
06/2024
1st Edition
Packt Publishing Limited
from
€37.19
Available for download
Person
Paul Smith has spent close to 20 years in the automation control space, tackling the "red herring" problems that are thrown his way. He has handled unique issues such as measurement imbalances resulting from flare sensor saturation, database migration mishaps, and many more. This ultimately led to the later part of his career, where he has been spending most of his time in the industrial cybersecurity space pioneering the use of new security technology in the energy, utility, and critical infrastructure sectors, and helping develop cybersecurity strategies through the use of red team/pentest engagements, cybersecurity risk assessments, and tabletop exercises for some of the world's largest government contractors, industrial organizations, and municipalities.
Content
Table of Contents
Using Virtualization
Route the Hardware
I Love My Bits - Lab Setup
Open Source Ninja
Span Me If You Can
Packet Deep Dive
Scanning 101
Protocols 202
Ninja 308
I Can Do It 420
Whoot... I Have To Go Deep
I See the Future
Pwnd but with Remorse
Using Virtualization
Route the Hardware
I Love My Bits - Lab Setup
Open Source Ninja
Span Me If You Can
Packet Deep Dive
Scanning 101
Protocols 202
Ninja 308
I Can Do It 420
Whoot... I Have To Go Deep
I See the Future
Pwnd but with Remorse