SCADA/ICS Hacking

SCADA/ICS systems are among the greatest concerns for cyber warfare/cyber defense organizations. These systems are particularly vulnerable for a number of reasons including but not limited to the fact that so many SCADA/ICS organizations have relied upon security through obscurity for so many years.

 

These industrial control systems are critical to any nation's infrastructure and thereby,  their economy. In this section, we will be showing how these systems can be found, hacked and controlled.

Like any type of hacking, we need to do reconnaissance first. Obviously, you can't hack what you don't see. We'll start with a few tutorials on how to find SCADA/ICS systems with Shodan, Google hacking and nmap.Then, we will progress to;

 

(1) the basics of how these systems work including their primary protocols (Modbus, DNP3, ProfiBus, OPC, etc)

 

(2) a few case studies of major SCADA/ICS hacks

 

(3) and finally, how to hack and exploit them.

 

 

 

 First, let's see whether we can use Shodan to find vulnerable SCADA/ICS sites

 Next, let's try some Google Hacking and dorks to find specific SCADA systems

You can use nmap to identify and enumerate SCADA/ICS systems

One of the big challenges for SCADA/ICS security engineers is monitoring for security events. This tutorial demonstrates how to use Splunk to monitor security in SCADA/ICS with the Kepware server plugin.

SCADA/ICS systems are particularly susceptible to a Denial of Service attack and such attacks can be devastating. This tutorial demonstrates how to DoS a Modbus based facility.

Schneider Electric makes building automation systems among other SCADA/ICS systems. In this tutorial, we demonstrate how easily these systems can be hacked and controlled

 Hacking the Schneider Electric TM221 with modbus-cli

Hacking a modbus based system with Metasploit

Risk assesment Methodology in a SCADA/ICS Environment

SCADA/ICS Risk Assessment with CSET

SCADA Default Passwords

Buidling a SCADA Honeypot

Testing and Monitoring a SCADA Honeypot

PLC/Ladder Logic Simulation

Modbus Master/Slave Simulation

SCADA/ICS Communication Protocol (Modbus)

SCADA/ICS Communication Protocol (DNP3)

Profinet/Profibus

SCADA/ICS Metasploit Module

​​

Developing SCADA/ICS Zero-Day Exploits

SCADA/ICS Hacking Case Study #1: BlackEnergy3

SCADA/ICS  Hacking Case Study #2: Stuxnet

The Key Differences Between Traditional IT Security and SCADA/ICS Security