Sign up to save your podcasts
Or
Share Pentesting Industrial Control Systems
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Pentesting Industrial Control Systems
This summary is talking about the Book "Pentesting Industrial Control Systems".
This document provides an ethical hacker's guide to analyzing, compromising, mitigating, and securing industrial control systems (ICS). The book begins with a section on virtualization, guiding the reader through setting up a virtual lab with VMware to mimic an ICS environment. It then progresses to hardware, including setting up and configuring a programmable logic controller (PLC) and connecting it to the virtual lab. The next section focuses on open source intelligence gathering, teaching readers how to use Google, LinkedIn, Shodan, ExploitDB, and the NVD to research a company, facility, process, control, contract, or other form of publicly shared information to build a profile of the target. Following this, the document discusses SPAN/mirroring and TAPs, explaining how they are used for out-of-band network monitoring and analyzing network traffic. The book then explores Modbus and Ethernet/IP protocols, explaining how these protocols are used in ICS environments, and demonstrating how to leverage them for pentesting purposes. It also provides a comprehensive guide to using various security tools like NMAP, RustScan, Gobuster, and feroxbuster for scanning and enumerating networks and web applications. The document further covers the use of Burp Suite, FoxyProxy, and other web pentesting tools for intercepting, analyzing, and manipulating web traffic, and also includes a section on configuring a corporate environment with AD, DNS, and DHCP. Finally, it explores various techniques for launching attacks on a corporate network, including privilege escalation and pivoting, as well as how to use Empire and mimikatz for post-exploitation activities. The document concludes with a detailed guide on creating a pentesting report, including sections on documenting attack vectors, privilege escalation, lateral movement, and mitigation strategies.
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cyber_security_summary
Get the Book now from Amazon:
https://www.amazon.com/Pentesting-Industrial-Control-Systems-compromising/dp/1800202385?&linkCode=ll1&tag=cvthunderx-20&linkId=d99e7084a66ab3d655a1ce67cf1fb5d4&language=en_US&ref_=as_li_ss_tl
This document provides an ethical hacker's guide to analyzing, compromising, mitigating, and securing industrial control systems (ICS). The book begins with a section on virtualization, guiding the reader through setting up a virtual lab with VMware to mimic an ICS environment. It then progresses to hardware, including setting up and configuring a programmable logic controller (PLC) and connecting it to the virtual lab. The next section focuses on open source intelligence gathering, teaching readers how to use Google, LinkedIn, Shodan, ExploitDB, and the NVD to research a company, facility, process, control, contract, or other form of publicly shared information to build a profile of the target. Following this, the document discusses SPAN/mirroring and TAPs, explaining how they are used for out-of-band network monitoring and analyzing network traffic. The book then explores Modbus and Ethernet/IP protocols, explaining how these protocols are used in ICS environments, and demonstrating how to leverage them for pentesting purposes. It also provides a comprehensive guide to using various security tools like NMAP, RustScan, Gobuster, and feroxbuster for scanning and enumerating networks and web applications. The document further covers the use of Burp Suite, FoxyProxy, and other web pentesting tools for intercepting, analyzing, and manipulating web traffic, and also includes a section on configuring a corporate environment with AD, DNS, and DHCP. Finally, it explores various techniques for launching attacks on a corporate network, including privilege escalation and pivoting, as well as how to use Empire and mimikatz for post-exploitation activities. The document concludes with a detailed guide on creating a pentesting report, including sections on documenting attack vectors, privilege escalation, lateral movement, and mitigation strategies.
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cyber_security_summary
Get the Book now from Amazon:
https://www.amazon.com/Pentesting-Industrial-Control-Systems-compromising/dp/1800202385?&linkCode=ll1&tag=cvthunderx-20&linkId=d99e7084a66ab3d655a1ce67cf1fb5d4&language=en_US&ref_=as_li_ss_tl
View all episodes
By CyberSecurity SummaryThis summary is talking about the Book "Pentesting Industrial Control Systems".
This document provides an ethical hacker's guide to analyzing, compromising, mitigating, and securing industrial control systems (ICS). The book begins with a section on virtualization, guiding the reader through setting up a virtual lab with VMware to mimic an ICS environment. It then progresses to hardware, including setting up and configuring a programmable logic controller (PLC) and connecting it to the virtual lab. The next section focuses on open source intelligence gathering, teaching readers how to use Google, LinkedIn, Shodan, ExploitDB, and the NVD to research a company, facility, process, control, contract, or other form of publicly shared information to build a profile of the target. Following this, the document discusses SPAN/mirroring and TAPs, explaining how they are used for out-of-band network monitoring and analyzing network traffic. The book then explores Modbus and Ethernet/IP protocols, explaining how these protocols are used in ICS environments, and demonstrating how to leverage them for pentesting purposes. It also provides a comprehensive guide to using various security tools like NMAP, RustScan, Gobuster, and feroxbuster for scanning and enumerating networks and web applications. The document further covers the use of Burp Suite, FoxyProxy, and other web pentesting tools for intercepting, analyzing, and manipulating web traffic, and also includes a section on configuring a corporate environment with AD, DNS, and DHCP. Finally, it explores various techniques for launching attacks on a corporate network, including privilege escalation and pivoting, as well as how to use Empire and mimikatz for post-exploitation activities. The document concludes with a detailed guide on creating a pentesting report, including sections on documenting attack vectors, privilege escalation, lateral movement, and mitigation strategies.
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cyber_security_summary
Get the Book now from Amazon:
https://www.amazon.com/Pentesting-Industrial-Control-Systems-compromising/dp/1800202385?&linkCode=ll1&tag=cvthunderx-20&linkId=d99e7084a66ab3d655a1ce67cf1fb5d4&language=en_US&ref_=as_li_ss_tl
This document provides an ethical hacker's guide to analyzing, compromising, mitigating, and securing industrial control systems (ICS). The book begins with a section on virtualization, guiding the reader through setting up a virtual lab with VMware to mimic an ICS environment. It then progresses to hardware, including setting up and configuring a programmable logic controller (PLC) and connecting it to the virtual lab. The next section focuses on open source intelligence gathering, teaching readers how to use Google, LinkedIn, Shodan, ExploitDB, and the NVD to research a company, facility, process, control, contract, or other form of publicly shared information to build a profile of the target. Following this, the document discusses SPAN/mirroring and TAPs, explaining how they are used for out-of-band network monitoring and analyzing network traffic. The book then explores Modbus and Ethernet/IP protocols, explaining how these protocols are used in ICS environments, and demonstrating how to leverage them for pentesting purposes. It also provides a comprehensive guide to using various security tools like NMAP, RustScan, Gobuster, and feroxbuster for scanning and enumerating networks and web applications. The document further covers the use of Burp Suite, FoxyProxy, and other web pentesting tools for intercepting, analyzing, and manipulating web traffic, and also includes a section on configuring a corporate environment with AD, DNS, and DHCP. Finally, it explores various techniques for launching attacks on a corporate network, including privilege escalation and pivoting, as well as how to use Empire and mimikatz for post-exploitation activities. The document concludes with a detailed guide on creating a pentesting report, including sections on documenting attack vectors, privilege escalation, lateral movement, and mitigation strategies.
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cyber_security_summary
Get the Book now from Amazon:
https://www.amazon.com/Pentesting-Industrial-Control-Systems-compromising/dp/1800202385?&linkCode=ll1&tag=cvthunderx-20&linkId=d99e7084a66ab3d655a1ce67cf1fb5d4&language=en_US&ref_=as_li_ss_tl