Zenler Player
Your course is loading. Hang tight.
Practical Offensive Industrial Security Essentials
Back to curriculum
0% Complete
0% Complete
1 Welcome to the Training
2 Contrasting IT and OT
3 Attack Surface and Common Security Challenges
4 Evolution of Industrial Devices
5 Evolution of Industrial Communication
6 Default Credentials and Exposed Controllers
7 Framework for OT Resilience Testing and Risk Evaluation in Security Scenarios
8 Classification of Penetration Testing in this Training
9 Recap of IPv4 Addresses and Subnetting
10 Section 1 Summary and Community Q&A
11 Welcome to Offensive OSINT
12 Default Credentials in Industrial Devices
13 Google Dorking for Finding Industrial Controllers and Human Machine Interfaces
14 Using Shodan, ICSRank and Ipinfo.io
15 Finding Vulnerabilities with CISA-s ICS Advisories
16 Section 2 Summary and Community Q&A
17 Welcome to Setting Up Your Virtual Lab
18 Understanding Virtualization and Virtual Machines
19 Installation of Oracle VirtualBox
20 Installation the Kali Linux VM and Running the Installation Script
21 Installing the Ubuntu Desktop VM
22 Running the Installation Script
23 Setting Up the Virtual HostOnly Network
24 Section 3 Summary and Community Q&A
25 Welcome to Kali Linux Penetration Testing Tools
26 Netdiscover
27 Nmap Essentials
28 Snmp-Check for Device Enumeration
29 Dirb for Industrial Webserver Directory Traversal
30 Nmap Scripting Engine
31 Metasploit Framework
32 Exploit Database (Exploit-DB)
33 Wireshark
34 Other Tools for Industrial Penetration Testing
Section 4 Quiz
35 Section 4 Summary and Community Q&A
36 Welcome to Siemens Simatic S7 Controller Penetration Testing
37 Introduction to Programmable Logic Controllers
38 Introduction to Simatic S7 Controllers
39 S7Comm Protocol Stack
40 NSE Script s7-info
41 Siemens_scanner and CPU Command (ExploitDB) in Metasploit
42 SiemensScan Python Script
43 Dissecting S7Comm with Wireshark
44 OSINT Task Exposed S7 Devices on Shodan
45 OSINT Solution Exposed S7 Devices on Shodan
46 OSINT Task Google Dorks for S7 Webservers
47 OSINT Solution Google Dorks for S7 Webservers
48 OSINT Task Default Credentials for Siemens Devices
49 OSINT Solution Default Credentials for Siemens Devices
50 Pentesting a Real Siemens Simatic S7-1200 PLC
51 Pentesting a Real Siemens Simatic S7-1500 PLC
52 S7-1500 Penetration Testing Assignment
Section 5: Mid-Section Quiz
53 Hint Video Methodology and Steps for S7-1500 Penetration Testing
54 Step 1 Host Discovery
55 Step 2 Scanning for Open Ports
56 Step 3.1 + 3.2 Visiting the Webserver and NSE Script Scan
57 Step 4 ExploitDB CPU Command Module in Metasploit
58 Findings and Mitigation Strategies
59 Penetration Testing Report with ChatGPT
60 Section 5 Summary and Community Q&A
61 Welcome to MQTT Penetration Testing
62 Smart Factories
63 IIoT Communication with MQTT
64 Industrial Edge Devices Simatic IOT20xx and RevPi
65 Moxie
66 Mosquitto Client
67 NSE Script mqtt-subscribe
68 Dissecting MQTT with Wireshark
69 OSINT Task Exposed MQTT Brokers on Shodan
70 OSINT Solution Finding Exposed MQTT Brokers on Shodan
71 Pentesting a Real Siemens Simatic IOT2000 Industrial MQTT Broker
72 Smart Factory IIoT Penetration Testing Assignment
Section 6: Mid-Section Quiz
73 Hint Video Methodology and Steps for IIoT Penetration Testing (No Spoilers)
74 Step 1 Host Discovery
75 Step 2 Scanning for Open Ports
76 Step 3 Service Detection and NSE Script Scan
77 Step 4.1 MQTT Detection and Listening with Moxie
78 Step 4.2 MQTT Listening with mosquitto_sub
79 Step 5 FloodingDoS-ing the MQTT Broker
80 Findings and Mitigation Strategies
81 Penetration Testing Report with ChatGPT
82 Section 6 Summary and Community Q&A
83 Welcome to Rockwell Allen Bradley Controller Penetration Testing
84 Introduction to Rockwell Allen Bradley 1756-L61B LOGIX5561 Controller
85 EnIP & CIP Protocol Stack
86 EnIP & CIP Exploit Modules in Metasploit
87 NSE Script enip-info
88 Dissecting EnIP & CIP with Wireshark
89 OSINT Rockwell Allen Bradley Default Credentials
90 OSINT Task Exposed Rockwell Allen Bradley Controllers on Shodan
91 OSINT Solution Finding Exposed Rockwell Allen Bradley Controllers on Shodan
92 Penetration Testing Assignment
Section 7: Mid-Section Quiz
93 Hint Video Methodology and Steps for EnIPCIP Penetration Testing (No Spoilers)
94 Step 1 Host Discovery
95 Step 2 Scanning for Open Ports
96 Step 3.1 Directory Traversal of the PLC Webserver
97 Step 3.2 Service Detection and NSE Script Scan
98 Step 4.1 Metasploit Module 1
99 Step 4.2 Metasploit Module 2
100 Findings and Mitigation Strategies
101 Penetration Testing Report with ChatGPT
102 Section 7 Summary and Community Q&A
103 Welcome to Fuel Station Controller Penetration Testing
104 Introduction to Veeder Root TLS-350 Automated Tank Gauge (ATG) Controller
105 Configuration of the ATG with Function Codes using the Telnet Console
106 NSE Script atg-info
107 Metasploit Module atg_client
108 Dissecting ATG Communication with Wireshark
109 OSINT Task Exposed ATG Controllers on Shodan
110 OSINT Solution Exposed ATG Controllers on Shodan
111 Penetration Testing Assignment
Section 8: Mid-Section Quiz
112 Hint Video Methodology and Steps for ATG Penetration Testing (No Spoilers)
113 Step 1 Host Discovery
114 Step 2 Scanning for Open Ports
115 Step 3 NSE Script Scan
116 Step 4 Information Disclosure
117 Step 5 Setting Tampering
118 Findings and Mitigation Strategies
119 Penetration Testing Report with ChatGPT
120 Section 8 Summary and Community Q&A
121 Welcome to Human Machine Interface Penetration Testing
122 Introduction to Human Machine Interfaces
123 HMI Panel Devices , Remote Access and HMI Screen Design
124 NSE Scripts vnc-brute, vnc-info, vnc-title
125 Introduction to Metasploit Modules vnc_none_auth and vnc_login
126 Hydra
127 Vncviewer
128 Exposed HMI on Shodan
129 Pentesting a Real Siemens Simatic HMI KTP 400 Panel
130 Penetration Testing Assignment 1
Section 9: Mid-Section Quiz
131 Hint Video 1 Methodology and Steps for HMI Penetration Testing (No Spoilers)
132 Step 1.1 Combined Discovery
133 Step 1.2 NSE Script Scan
134 Step 1.3 Accessing the HMI
135 Penetration Testing Assignment 2
136 Hint Video 2 Methodology and Steps for HMI Penetration Testing (No Spoilers)
137 Step 2.1 NSE Script Scan
138 Step 2.2 Brute-Force Attack with Hydra and Access to the HMI
139 Findings and Mitigation Strategies
140 Penetration Testing Report with ChatGPT
141 Section 9 Summary and Community Q&A
142 Welcome to Modbus Controller Penetration Testing
143 Introduction to Modicon Industrial Controllers and Modbus
144 Modbus TCP Protocol Stack
145 NSE Scripts modicon-info, modbus-discover
146 Metasploit Modbus Modules detect, banner_grabbing, findunitid, modicon_command
147 Memory of an Industrial Controller
148 Modbus Commandline Interface
149 Dissecting Modbus Communication with Wireshark
150 OSINT Task Exposed Modbus Controllers on Shodan
151 OSINT Solution Exposed Modbus Controllers on Shodan
152 OSINT Task Google Dorks for Exposed Schneider Electric Webservers
153 OSINT Solution Google Dorks for Exposed Schneider Electric Webservers
154 OSINT Task Default Credentials for Schneider Electric Devices
155 OSINT Solution Default Credentials for Schneider Electric Devices
156 Pentesting a Real Schneider Electric Modicon M221 PLC
157 Penetration Testing Assignment
Section 10: Mid-Section Quiz
158 Hint Video Methodology and Steps for Modbus Penetration Testing (No Spoilers)
159 Step 1 Combined Discovery
160 Step 2 Enumeration with Metasploit
161 Step 3 Memory Access
162 Step 4 Memory Manipulation
163 Findings and Mitigation Strategies
164 Penetration Testing Report with ChatGPT
165 Section 10 Summary and Community Q&A
166 Welcome to IEC-104 Substation Penetration Testing
167 Introduction to IEC-104
168 IEC-104 Protocol Stack Frames, ASDU-s and Commands
169 NSE Script iec-identify
170 Metasploit Module iec104
171 Dissecting IEC-104 Communication with Wireshark
172 Penetration Testing Assignment
Section 11: Mid-Section Quiz
173 Hint Video Methodology and Steps for IEC-104 Penetration Testing (No Spoilers)
174 Step 1 Combined Discovery
175 Step 2 Exposed Webservices and NSE Script Scan
176 Step 3 Dumping the ASDU
177 Step 4 Manipulating Information Objects
178 Findings and Mitigation Strategies
179 Penetration Testing Report with ChatGPT
180 Section 11 Summary and Community Q&A
181 Welcome to OT Network Security Assessment
182 Introduction to Historically Evolved Shop Floors, OT Networks, and VPN Access
183 Asset Inventory
184 Security Assessment Assignment
Section 12: Mid-Section Quiz
185 Hint Video
186 OT Network Assessment Host Discovery, Asset Inventory Matching
187 Findings and Mitigation Strategies
188 Section 12 Summary and Community Q&A
189 Welcome to Understanding Security Challenges
190 Common Security Challenges
191 Flat OT Network Architecture
192 Internet Access Gateways
193 Adversary Maturity Levels in IEC/ISA 62443
194 Understanding Attacks with the Mitre ICS ATT&CK Framework
195 Section 13 Summary and Community Q&A
196 Welcome to Mitigation and Protection
197 Defense in Depth
198 System Hardening of a Siemens Simatic PLC
199 System Hardening of a Siemens Simatic HMI
200 Secure OT Network Design with Segmentation and DMZ
201 Securing Remote Access Services
202 Section 14 Summary and Community Q&A
203 Summary and Goodbye
Section 1: Introduction
1 Welcome to the Training
2 Contrasting IT and OT
3 Attack Surface and Common Security Challenges
4 Evolution of Industrial Devices
5 Evolution of Industrial Communication
6 Default Credentials and Exposed Controllers
7 Framework for OT Resilience Testing and Risk Evaluation in Security Scenarios
8 Classification of Penetration Testing in this Training
9 Recap of IPv4 Addresses and Subnetting
10 Section 1 Summary and Community Q&A
Section 2: Offensive OSINT
11 Welcome to Offensive OSINT
12 Default Credentials in Industrial Devices
13 Google Dorking for Finding Industrial Controllers and Human Machine Interfaces
14 Using Shodan, ICSRank and Ipinfo.io
15 Finding Vulnerabilities with CISA-s ICS Advisories
16 Section 2 Summary and Community Q&A
Section 3: Setting Up Your Virtual Lab
17 Welcome to Setting Up Your Virtual Lab
18 Understanding Virtualization and Virtual Machines
19 Installation of Oracle VirtualBox
20 Installation the Kali Linux VM and Running the Installation Script
21 Installing the Ubuntu Desktop VM
22 Running the Installation Script
23 Setting Up the Virtual HostOnly Network
24 Section 3 Summary and Community Q&A
Section 4: Introduction to Kali Linux and Penetration Testing Tools
25 Welcome to Kali Linux Penetration Testing Tools
26 Netdiscover
27 Nmap Essentials
28 Snmp-Check for Device Enumeration
29 Dirb for Industrial Webserver Directory Traversal
30 Nmap Scripting Engine
31 Metasploit Framework
32 Exploit Database (Exploit-DB)
33 Wireshark
34 Other Tools for Industrial Penetration Testing
Section 4 Quiz
35 Section 4 Summary and Community Q&A
Section 5: Siemens Simatic S7 Controller Penetration Testing
36 Welcome to Siemens Simatic S7 Controller Penetration Testing
37 Introduction to Programmable Logic Controllers
38 Introduction to Simatic S7 Controllers
39 S7Comm Protocol Stack
40 NSE Script s7-info
41 Siemens_scanner and CPU Command (ExploitDB) in Metasploit
42 SiemensScan Python Script
43 Dissecting S7Comm with Wireshark
44 OSINT Task Exposed S7 Devices on Shodan
45 OSINT Solution Exposed S7 Devices on Shodan
46 OSINT Task Google Dorks for S7 Webservers
47 OSINT Solution Google Dorks for S7 Webservers
48 OSINT Task Default Credentials for Siemens Devices
49 OSINT Solution Default Credentials for Siemens Devices
50 Pentesting a Real Siemens Simatic S7-1200 PLC
51 Pentesting a Real Siemens Simatic S7-1500 PLC
52 S7-1500 Penetration Testing Assignment
Preview
Section 5: Mid-Section Quiz
53 Hint Video Methodology and Steps for S7-1500 Penetration Testing
Preview
54 Step 1 Host Discovery
Preview
55 Step 2 Scanning for Open Ports
Preview
56 Step 3.1 + 3.2 Visiting the Webserver and NSE Script Scan
Preview
57 Step 4 ExploitDB CPU Command Module in Metasploit
Preview
58 Findings and Mitigation Strategies
59 Penetration Testing Report with ChatGPT
60 Section 5 Summary and Community Q&A
Section 6: MQTT Penetration Testing
61 Welcome to MQTT Penetration Testing
62 Smart Factories
63 IIoT Communication with MQTT
64 Industrial Edge Devices Simatic IOT20xx and RevPi
65 Moxie
66 Mosquitto Client
67 NSE Script mqtt-subscribe
68 Dissecting MQTT with Wireshark
69 OSINT Task Exposed MQTT Brokers on Shodan
70 OSINT Solution Finding Exposed MQTT Brokers on Shodan
71 Pentesting a Real Siemens Simatic IOT2000 Industrial MQTT Broker
72 Smart Factory IIoT Penetration Testing Assignment
Section 6: Mid-Section Quiz
73 Hint Video Methodology and Steps for IIoT Penetration Testing (No Spoilers)
74 Step 1 Host Discovery
75 Step 2 Scanning for Open Ports
76 Step 3 Service Detection and NSE Script Scan
77 Step 4.1 MQTT Detection and Listening with Moxie
78 Step 4.2 MQTT Listening with mosquitto_sub
79 Step 5 FloodingDoS-ing the MQTT Broker
80 Findings and Mitigation Strategies
81 Penetration Testing Report with ChatGPT
82 Section 6 Summary and Community Q&A
Section 7: Rockwell Allen Bradley Controller Penetration Testing
83 Welcome to Rockwell Allen Bradley Controller Penetration Testing
84 Introduction to Rockwell Allen Bradley 1756-L61B LOGIX5561 Controller
85 EnIP & CIP Protocol Stack
86 EnIP & CIP Exploit Modules in Metasploit
87 NSE Script enip-info
88 Dissecting EnIP & CIP with Wireshark
89 OSINT Rockwell Allen Bradley Default Credentials
90 OSINT Task Exposed Rockwell Allen Bradley Controllers on Shodan
91 OSINT Solution Finding Exposed Rockwell Allen Bradley Controllers on Shodan
92 Penetration Testing Assignment
Section 7: Mid-Section Quiz
93 Hint Video Methodology and Steps for EnIPCIP Penetration Testing (No Spoilers)
94 Step 1 Host Discovery
95 Step 2 Scanning for Open Ports
96 Step 3.1 Directory Traversal of the PLC Webserver
97 Step 3.2 Service Detection and NSE Script Scan
98 Step 4.1 Metasploit Module 1
99 Step 4.2 Metasploit Module 2
100 Findings and Mitigation Strategies
101 Penetration Testing Report with ChatGPT
102 Section 7 Summary and Community Q&A
Section 8: Fuel Station Controller Penetration Testing
103 Welcome to Fuel Station Controller Penetration Testing
104 Introduction to Veeder Root TLS-350 Automated Tank Gauge (ATG) Controller
105 Configuration of the ATG with Function Codes using the Telnet Console
106 NSE Script atg-info
107 Metasploit Module atg_client
108 Dissecting ATG Communication with Wireshark
109 OSINT Task Exposed ATG Controllers on Shodan
110 OSINT Solution Exposed ATG Controllers on Shodan
111 Penetration Testing Assignment
Section 8: Mid-Section Quiz
112 Hint Video Methodology and Steps for ATG Penetration Testing (No Spoilers)
113 Step 1 Host Discovery
114 Step 2 Scanning for Open Ports
115 Step 3 NSE Script Scan
116 Step 4 Information Disclosure
117 Step 5 Setting Tampering
118 Findings and Mitigation Strategies
119 Penetration Testing Report with ChatGPT
120 Section 8 Summary and Community Q&A
Section 9: Human Machine Interface Penetration Testing
121 Welcome to Human Machine Interface Penetration Testing
122 Introduction to Human Machine Interfaces
123 HMI Panel Devices , Remote Access and HMI Screen Design
124 NSE Scripts vnc-brute, vnc-info, vnc-title
125 Introduction to Metasploit Modules vnc_none_auth and vnc_login
126 Hydra
127 Vncviewer
128 Exposed HMI on Shodan
129 Pentesting a Real Siemens Simatic HMI KTP 400 Panel
130 Penetration Testing Assignment 1
Section 9: Mid-Section Quiz
131 Hint Video 1 Methodology and Steps for HMI Penetration Testing (No Spoilers)
132 Step 1.1 Combined Discovery
133 Step 1.2 NSE Script Scan
134 Step 1.3 Accessing the HMI
135 Penetration Testing Assignment 2
136 Hint Video 2 Methodology and Steps for HMI Penetration Testing (No Spoilers)
137 Step 2.1 NSE Script Scan
138 Step 2.2 Brute-Force Attack with Hydra and Access to the HMI
139 Findings and Mitigation Strategies
140 Penetration Testing Report with ChatGPT
141 Section 9 Summary and Community Q&A
Section 10: Modbus Controller Penetration Testing
142 Welcome to Modbus Controller Penetration Testing
143 Introduction to Modicon Industrial Controllers and Modbus
144 Modbus TCP Protocol Stack
145 NSE Scripts modicon-info, modbus-discover
146 Metasploit Modbus Modules detect, banner_grabbing, findunitid, modicon_command
147 Memory of an Industrial Controller
148 Modbus Commandline Interface
149 Dissecting Modbus Communication with Wireshark
150 OSINT Task Exposed Modbus Controllers on Shodan
151 OSINT Solution Exposed Modbus Controllers on Shodan
152 OSINT Task Google Dorks for Exposed Schneider Electric Webservers
153 OSINT Solution Google Dorks for Exposed Schneider Electric Webservers
154 OSINT Task Default Credentials for Schneider Electric Devices
155 OSINT Solution Default Credentials for Schneider Electric Devices
156 Pentesting a Real Schneider Electric Modicon M221 PLC
157 Penetration Testing Assignment
Section 10: Mid-Section Quiz
158 Hint Video Methodology and Steps for Modbus Penetration Testing (No Spoilers)
159 Step 1 Combined Discovery
160 Step 2 Enumeration with Metasploit
161 Step 3 Memory Access
162 Step 4 Memory Manipulation
163 Findings and Mitigation Strategies
164 Penetration Testing Report with ChatGPT
165 Section 10 Summary and Community Q&A
Section 11: IEC-104 Substation Penetration Testing
166 Welcome to IEC-104 Substation Penetration Testing
167 Introduction to IEC-104
168 IEC-104 Protocol Stack Frames, ASDU-s and Commands
169 NSE Script iec-identify
170 Metasploit Module iec104
171 Dissecting IEC-104 Communication with Wireshark
172 Penetration Testing Assignment
Section 11: Mid-Section Quiz
173 Hint Video Methodology and Steps for IEC-104 Penetration Testing (No Spoilers)
174 Step 1 Combined Discovery
175 Step 2 Exposed Webservices and NSE Script Scan
176 Step 3 Dumping the ASDU
177 Step 4 Manipulating Information Objects
178 Findings and Mitigation Strategies
179 Penetration Testing Report with ChatGPT
180 Section 11 Summary and Community Q&A
Section 12: OT Network Security Assessment
181 Welcome to OT Network Security Assessment
182 Introduction to Historically Evolved Shop Floors, OT Networks, and VPN Access
183 Asset Inventory
184 Security Assessment Assignment
Section 12: Mid-Section Quiz
185 Hint Video
186 OT Network Assessment Host Discovery, Asset Inventory Matching
187 Findings and Mitigation Strategies
188 Section 12 Summary and Community Q&A
Section 13: Understanding Security Challenges
189 Welcome to Understanding Security Challenges
190 Common Security Challenges
191 Flat OT Network Architecture
192 Internet Access Gateways
193 Adversary Maturity Levels in IEC/ISA 62443
194 Understanding Attacks with the Mitre ICS ATT&CK Framework
195 Section 13 Summary and Community Q&A
Section 14: Mitigation and Protection
196 Welcome to Mitigation and Protection
197 Defense in Depth
198 System Hardening of a Siemens Simatic PLC
199 System Hardening of a Siemens Simatic HMI
200 Secure OT Network Design with Segmentation and DMZ
201 Securing Remote Access Services
202 Section 14 Summary and Community Q&A
Section 15: Closing
203 Summary and Goodbye
×
This is an unpublished lesson. This lesson will not be shown for students unless you set it as Public.
Back to Dashboard
No contents are available in this lesson!
No lessons available !
Back to Dashboard
Lesson contents locked
Enroll to unlock this lesson.
Enroll to unlock
Next Lesson