top of page

SCADA/ICS Hacking and Security

Live online Training with Master OTW.
Become a
Subscriber and Attend!

SCADA/ICS systems are among the greatest concerns for cyber warfare/cyber defense organizations. These systems are particularly vulnerable for a number of reasons, including-- but not limited to--the fact that so many SCADA/ICS organizations have relied upon security through obscurity for so many years. These industrial control systems are critical to any nation's infrastructure and, thereby, their economy. In this section, we will be showing how these systems can be found, hacked and controlled.

Like any type of hacking, we need to do reconnaissance first. Obviously, you can't hack what you don't see. We'll start with a few tutorials on how to find SCADA/ICS systems with Shodan, Google hacking and nmap. Then, we will progress to;


(1) the basics of how these systems work including their primary protocols (Modbus, DNP3, ProfiBus, OPC, etc).


(2) a few case studies of major SCADA/ICS hacks.


(3) and finally, how to hack and exploit them.

The Key differences between traditional IT Security and SCADA/ICS Security.

Next, let's try some Google Hacking and dorks to find specific SCADA systems.

One of the big challenges for SCADA/ICS security engineers is monitoring for security events. This tutorial demonstrates how to use Splunk to monitor security in SCADA/ICS with the Kempware server plugin.

First, let's see wheteher we can use Shodan to find vulnerable SCADA/ICS sites.

You can use nmap to identify and enumerate SCADA/ICS systems.

SACADA/ICS systems are particulary sesceptible to a Denial of Service Attack and such attacks can be devastating. This tutorial demonstrates how to DoS a Modbus based facility.

Schneider Electric makes building automation systems among other SCADA/ICS systems. In this tutorial, we demonstrate how easily these systems can be hacked and controlled.

Hacking a modbus based system with Metasploit.

Risk Assessment with CSET.

Hacking the Schneider Electric TM221 with modbus-cli. These PLC's control everything from petroleum refineries, to manufacturing facilities, to waste and sewage plants.

Risk Assesment Methodology in a SCADA/ICS Environment.

SCADA Default Passwords

Building a SCADA Honeypot.

PLC/Ladder Logic Simulation.

SCADA/ICS Communication Protocol (Modbus).

Testing and Monitoring the SCADA Honeypot.

Modbus Master/Slave Simulation.

SCADA/ICS Communication Protocol (DNP3).

SCADA/ICS Communication Protocol (Profinet/Profibus).

Developing SCADA Exploits

Developing SCADA/ICS Zero-Day Exploits Simulation.

The Most Important SCADA/ICS Hacks in History.

SCADA/ICS Hacking Case Study #2: Stuxnet.

SCADA/ICS Metasploit Modules.

New Variant of Ransomware Targets SCADA/ICS.

SCADA/ICS Hacking Case Study #1: BlackEnergy3.

SCADA/ICS Hacking Case Study #3: Triton/Triconex.

bottom of page