67% Off Practical Industrial Control System Penetration Testing | Udemy Review & Coupon

PICSPT is a workshop designed for newcomers to ICS/OT Security in 2023, providing practical training and education.

This course covers:

This introductory 2-hour on-demand video course provides an overview of practical industrial control system penetration testing. The 12 downloadable resources accompany the video, making it easy to follow along with the concepts and techniques discussed in the lecture. With full lifetime access to the course materials, you can watch and rewatch as needed and even access them on mobile or TV. Upon completion of this course, you will receive a certificate of completion.

What will be learned

This workshop provides an opportunity for participants to showcase their penetration testing skills in an industrial controller setting. It contains six interactive simulations that enable students to practice commonly used methods on a simulated industrial control system (ICS). Participants will also learn how to build their own ICS pentest platform with open source tools. No privileged escalation or root shell exploits are necessary, allowing the midterm focus to be on testing and exploring typical attack surfaces of ICS environments.

The interactive nature of the workshop allows for a high amount of practical application, as there are more than 30 tasks included within it. This hands-on approach allows individuals to develop the requisite knowledge in order to more effectively conduct tests against ICS systems and applications found within various industries. As such, this workshop provides an invaluable opportunity for anyone interested in assessing the security posture of industrial control systems.

About the author

Marcel Rick-Cen is an OT Security Consultant with an impressive ten years of experience in the field of industrial automation technology. In his courses and workshops, he teaches newcomers to cyber security the basics about attacking and defending ICS/OT systems. His practical knowledge makes him a perfect instructor for learning these cyber skills. Rick-Cen puts special emphasis on practicality, believing that learning by doing is the most efficient method of instruction. He makes sure his students are equipped with the knowledge and experience they need to become professionals in this exciting field.

Marcel's work in the area of industrial automation technology has not gone unnoticed; he has been recognized for his contribution to protecting networked production systems. In addition to his work as an instructor, Marcel actively participates in conferences related to cyber security. There he speaks with experts and demonstrates how to protect production systems from malicious attacks against their networks. With such a wealth of expertise both inside and outside the classroom, Marcel Rick-Cen is a valuable resource for anyone wanting to learn more about OT Security and industrial automation technologies.

Requirements

In order to fulfill the requirements needed to successfully work with automation through the Linux command line, it is necessary to have a Windows 10 system with 8GB RAM and be able to enable virtualization. This will ensure that the system will be able to run the open source tools and scripts necessary for working with automation processes. To use these software effectively, one must also possess basic knowledge of or an interested in industrial process automation. No licenses are needed since all the tools used are open source.

Despite the initial challenges of working with a Linux command line, it is worth bearing in mind that such a setup can bring many advantages too, such as higher quality performance at lower costs due to no licensing fees being required and increased flexibility by being able to rapidly configure new tools and scripts easily. Additionally, due to its convenience and ability to be deployed remotely, accessing control systems located around the world becomes possible in no time at all. Providing knowledge and interest into industrial process automation have been established alongside having a Windows 10 system with valid virtualization credentials, one should not shy away from using the Linux command line!

Description

Hacking into industrial control systems (ICS/OT) is an issue that affects companies and organizations around the world. It can be done either by searching for open ICS/OT ports through a search engine like Shodan, or by breaching ICS/OT security on a private system. For those responsible for managing ICS/OT networks, it is imperative to ensure the systems are protected from cyber attack and maintain proper security standards. However, due to the lack of available training material about this topic, these cybersecurity experts often cannot obtain the necessary knowledge to do so efficiently.

For IT pentesters looking to gain experience in tackling this challenge, there are plenty of opportunities offered by platforms such as HackTheBox or VulnHub. These provide an interactive environment where serious hackers can test their skills and hone their craft in a safe and productive manner. Thanks to these tools, it is possible for IT professionals with limited knowledge to get more familiar with tactics and tools used for exploiting vulnerabilities in OT systems and familiarize themselves with the process of properly securing them against malicious actors.

This workshop provides instruction on pentest tools from Kali and open source tools, as well as the opportunity to practice using them in six interactive simulations of industrial controllers. Although the simulations have limitations, I will demonstrate the methods and instruments using two actual PLCs.

The workshop consists of a significant practical component and actively encourages participation. There are over 30 tasks available to help you improve your skills gradually.

It is important to note that pentesting for industrial control systems differs significantly from traditional IT pentesting. It is important for industrial plants to remain operational at all times and most plant operators aim to avoid any production interruptions. Security testing is commonly conducted at a moderate or low level of aggressiveness. If your intention is to perform techniques such as buffer overflows, kernel exploits, privilege escalation, and root shells on your device, this is not where you should be.

Do you possess foundational knowledge of industrial cyber security and have an interest in analyzing the security of ICS? This is the appropriate location for you.

Are you preparing for the Certified Ethical Hacker (CEH) exam? Starting from version 12, knowledge of OT is necessary. This course provides a practical introduction to comprehending the common vulnerabilities of OT hardware.

It should be noted that the software being utilized is not owned by myself. I am only able to provide a limited amount of assistance in the event of any issues. For assistance, please reach out to the software publisher. The installation instructions were provided to the best of my ability, however, participants are responsible for completing the installation.

This course is intended for:

This course is the ideal way for curious individuals to look at an industrial control system from the attacker's perspective. It is specially designed for beginners who possess basic knowledge in industrial cyber security and want to understand the nuances of industrial control system architecture and protocol. Moreover, it can also be useful for Certified Ethical Hacker (CEHv12) Participants who are keen on exploring advanced concepts related to vulnerability assessment, attack detection and mitigation.

From discovering a variety of Industrial Protocols like OPC-UA, IEC 60870-5-104, MODBUS, BACnet etc., participants will develop key understanding of conducting an optimal reconnaissance and effective penetration testing against those protocols. Educators will guide participants through various challenges by focusing on practical demonstrations through pen-testing tools such as MetaSploit and Sulley Python Fuzzing Framework. In conclusion, this course serves as an awesome platform supplying structured learning leading towards achieving mastery in recognizing vulnerabilities in Industrial Control Systems.