Notes to accompany ICS talk at Hackfest
Reading
Background information
- SANS ICS Kill Chain
- Dragos Blog
- DTSR Podcast Dragos - Sergio
- DTSR Podcast Dragos - Robert M Lee
- The Air Gap: SCADA's Enduring Security Myth paywalled
- SANS Reading Room ISC/SCADA
- Trend Micro - Who's Really Attacking Your ICS Equipment
Books
- Industrial Network Security
- Hacking Exposted - Industrial Control Systems
- Cybersecurity for Industrial Control Systems
- Countdown to Zero Day
- Normal Accidents: Living with High Risk Technologies
Journals/Papers
Education
YouTube
Training
SANS
- ICS410: ICS/SCADA Security Essentials
- ICS456: Essentials for NERC Critical Infrastructure Protection
- ICS515: ICS Active Defense and Incident Response
SCADA HACKER
ICS-CERT
ISA - International Society of Automation
NSHC
Azeria Labs
Fox0x01's Azeria Labs for RE and ARM development
Tools and guides
OSINT
- SHODAN ICS
- World of VNC CAUTION: this once had a cryptominer on it
- LinkedIn job title/keyword searches including EC&I, Process engineer, technology names - S7 dnp3,bacnet, OPC, Modbus, WinCC, manufacturer names - ABB, Siemens, Matrikon, Schneider, Moxa, etc.
Discovery/Enumeration
Exploitation
- Exploiting Siemens Simatic S7 PLCs (Black Hat USA 2011)
- Dillon Beresford's accompanying paper
- SCADA - Gateway to (s)hell
- Internet-facing PLCs - A New Back Orifice
PCAPS
- automayt's list of ICS pcaps start here, there are loads.
Lab tools
- Awesome IOT start here
- OpenSCADA
- OPendnp3
- Bus Pirate
- Con Pot - ICS honeypot
- SamuraiSTFU ICS pentesting linux distro
- SCADA Shutdown Tool
Lab Hardware
- Scope, probes, PSU, breadboard
- RaspberryPi, Arduino,
- Ebay - buy some PLCs
- Siemens S7-1200 Starter Kit
Misc
- ITI list of ICS honeypots
- Aegis ICS Fuzzing framwork
- Synopsis ICS Tools
- MWR ICS CTF Write-up
- Domaintools DefCon 2018 ICS CTF Write-up
- Siemens S7 1200 manual - direct link