Regarding SCADA/IOT/ICS Penetration Testing on Devices

[Rakesh Tiwari]

Hi ,

I am working for Emerson on a new assignment to perform security testing on their SCADA systems. They have Delta V as ( DCS) and Micro motion (Sensor and Transmitters, Valve, Motors etc.. as devices connected to plant and controlled by DCS & PLCs) 

These devices communicate with each other over Ethernet IP, HART, Foundation Filed Bus, Mod Bus Protocols. They support UI application developed in windows, however there is no browser support to access these applications, some devices have servers already installed. 

I have experience to test web applications/ web services, Source Code Review in .Net, PHP, Java platform. Don't have any back ground/experience on SCADA/IOT security testing, Can any one help me with few tutorials/links/videos readily available over internet with practicals to manage this assignment. 

If you know any institute in Pune (India) please let me know for training/educational purposes. Online free/paid tutorial support if any please share.

A quick help would be highly appreciated.

 

Thanks

Regards,

Rakesh

[adithya naresh]

Hi Rakesh,

When i was in scada world knowing nothing about PLC's and protocols..I came across this beautiful google community which can teach you and help you with anything you need to get started in SCADA/ICS world.

There is also a VM for you to understand how things work and practice at your freetime.

Good luck 

Link for the community : https://plus.google.com/communities/113446369070944767186

Thanks and regards,

Adithya

--
______________________________________________________________________________
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
---
You received this message because you are subscribed to the Google Groups "null" group.
To unsubscribe from this group and stop receiving emails from it, send an email to null-co-in+unsubscribe@googlegroups.com.
Visit this group at https://groups.google.com/group/null-co-in.
For more options, visit https://groups.google.com/d/optout.

[Sandeep]

Hi Rakesh,

If you are not going deep into controls systems at OT level here are few things I can suggest in regards to ICS/SCADA pen tests:

- Read up a lot on the ICS protocols involved (Mod Bus, HART, etc.) in your pen test and understand their protocol structure thoroughly. It will help you a lot in finding some interesting issues when you capture some network traffic and analyze it also can help in fuzzing (if at all required)

- Lot of times you may end up finding basic configuration issues on devices (such as hard-coded credentials)

- Review network diagram properly and check all connectivity from the corporate network to control network and review all links carrying the control system traffic.

- Review remote access connectivity into the control network properly (people report lot of issues here)

- Generally all PLCs, etc have web applications running on top of them which you can obviously test. Also, they have other standard services running such as FTP on them which can serve as an attack surface.

Some of the tools that can help:

- PLC Scan: https://code.google.com/archive/p/plcscan/

- Metasploit auxiliaries (some SCADA auxiliary modules exist)

- https://github.com/ITI/ICS-Security-Tools

- Nessus (professional) has SCADA plugins

- Standard Nmap scans will help as well (just be cautious some of the physical devices have weakly implemented TCP/IP stack which may not handle Nmap scans well)

For Learning:

- You can look for some local vendors on India mart or eBay for refurbished PLCs, etc. (Siemens S7-1200 could be a starting point)

- One other small PLC for practice could be Allen-Bradley Micro820 (CCW is the programming s/w which is free)

- IGSS: http://igss.schneider-electric.com/products/igss/download/free-scada.aspx (This is a supervision software from Schneider and comes as a free demo for small setups)

- PyModbus: Python library to emulate a Modbus or Modbus/TCP client or server (https://github.com/riptideio/pymodbus)

- Snap7: open source library to emulate S7 (Siemens) clients or servers. Also, has Python wrappers (Python snap7)
- ModbusPal: easy to use Modbus Server simulator in Java;
- OpenDNP3 : open source dnp3 implementation;

Disclaimer: I do not work in ICS/SCADA but have a bit of interest to follow this space.

Hope this helps.

Cheers!

Sandeep

[Gouri Pawar]

Hi Rakesh ,

 

Refer below links for online free training

1.  Helpful course on a link ICS-CERT 100W and multiple trainings on ICS-CERT 210W series-https://ics-cert.us-cert.gov/Training-   Available-Through-ICS-CERT

2. ICS + Embedded Systems + Communication Protocols     http://www.electricenergyonline.com/show_article.php?mag=&article=321

3. Fundamentals of Embedded Systems Security EE Times - http://m.eet.com/Content/Courses/course2096/player.html

4. Metaspoint Unleashed - online free course

https://smartenergyacademy.psu.edu/gridstar/managing-smart-grid-ami-and-cyber-security -

 

Attached is the list of test case you can test against the devices .  Let me know if you need any help . J