easylearn.ing
Easy Learning with Pentesting Industrial Control Systems Workshop
IT & Software > Network & Security
2 h
£34.99 £12.99
4.5
865 students

Enroll Now

Language: German

Industrial Control Systems (ICS) Penetration Testing Workshop for Beginners

What you will learn:

  • Test your penetration testing skills on 5 interactive controller simulations.
  • Focus on Industrial Control Systems (ICS); no infrastructure hacking.
  • Learn typical attack surfaces of an ICS.
  • Build your own ICS penetration testing platform with open-source tools.
  • Hands-on workshop with over 25 practical exercises.
  • Learn advanced OSINT techniques for ICS security.
  • Gain experience with real Siemens and Schneider PLCs.
  • Learn to identify and assess ICS vulnerabilities without causing operational disruptions.
  • Understand the differences between IT and OT security.
  • Prepare for industry certifications, such as the CEH (v12 and later).

Description

Tired of theoretical cybersecurity courses?

Dive into the practical world of Industrial Control Systems (ICS) security with this hands-on workshop. Designed for beginners, this course provides a comprehensive introduction to ICS/OT penetration testing using open-source tools and interactive simulations. Unlike expensive seminars, you'll learn by doing, tackling over 25 engaging challenges that will solidify your understanding.

Unlike traditional IT penetration testing, ICS security demands a different approach. This workshop emphasizes the specific vulnerabilities and methodologies of ICS environments, focusing on techniques employed in real-world assessments. You will learn how to identify and assess weaknesses without causing disruptions to operational systems.

We'll guide you through setting up your own ICS pentesting platform, using Kali Linux and other free tools. Through five interactive simulations, you'll get experience identifying vulnerabilities in ICS systems. We’ll then delve into the analysis of real Siemens and Schneider PLCs, bridging the gap between theory and practice.

This course is ideal if you're looking to enhance your ICS cybersecurity skills, prepare for certifications like the CEH (which now includes OT security in v12), or simply expand your knowledge in a rapidly growing field. This course is ideal whether you are a technician, engineer or cybersecurity professional looking to expand their skills.

Note: The software used is not developed by the instructor. Support for the software is limited. Installations are the responsibility of the learner. This is an advanced German-language course.

Ready to become an ICS security expert? Enroll now!

Curriculum

Introduction to ICS/OT Security

This introductory section lays the groundwork for understanding ICS/OT security. Lectures cover welcoming remarks, the distinctions between IT and OT, security objectives for each, typical penetration testing scenarios, the vulnerabilities of ICS, common attack surfaces, finding passwords and PLC web servers using Google, the BSI penetration testing classification, and an overview of IPv4 addresses and subnetting. Expect approximately 18 minutes of valuable insight per lecture.

Offensive Open-Source Intelligence (OSINT) Techniques

Learn the power of OSINT in ICS security. This section teaches you about default credentials, using Google Dorks for information gathering, leveraging Shodan for identifying exposed ICS devices, scanning company networks from the outside with Shodan, and finding vulnerabilities using the CISA database. Each lecture is designed to give you practical knowledge and techniques for effective OSINT gathering.

Setting Up Your ICS Pentesting Platform

This crucial section guides you through setting up your own virtual laboratory for ethical hacking. You'll learn about virtual machines, setting up VirtualBox, downloading and configuring Kali Linux, downloading and setting up Ubuntu Server PLC, installing the PLC simulation on your Ubuntu Server PLC and installing open-source penetration testing tools in Kali. This hands-on section provides the foundation for all the practical exercises that follow.

Introduction to the Pentesting Platform

Familiarize yourself with the pentesting platform and essential tools. Lectures cover starting the simulation and Kali, using tools like netdiscover, nmap, snmp-check and the Metasploit Framework, alongside an introduction to other open-source tools relevant to ICS penetration testing. Learn to use these tools for network discovery and preliminary vulnerability assessment.

Simatic S7 and ATG Controller Simulations

Engage in hands-on exercises using Simatic S7 and ATG Tankstellen Controller simulations. You'll work through practical challenges involving Shodan, Google Dorks, default credentials, host discovery, nmap scans (including NSE scripts), plcscan, Metasploit, and OSINT techniques. Each simulation presents a unique set of challenges designed to build your practical skills.

Real-World Analysis: Siemens Simatic S7-1200 PLC

Bridge the gap between simulation and reality with an analysis of a real Siemens Simatic S7-1200 PLC. Use previously learned techniques (netdiscover, nmap, snmp-check) to perform reconnaissance. You'll also utilize Metasploit and open-source tools for deeper analysis, offering invaluable real-world experience.

Modbus PLC Simulations

This section focuses on Modbus PLC simulations, where you'll apply similar techniques to the Simatic S7 simulations. You'll tackle exercises using Shodan, Google Dorks, default credentials, host discovery, nmap, Metasploit (including identifying suitable modules) and manipulate PLC memory. This provides a comprehensive understanding of Modbus-based ICS security.

Real-World Analysis: Schneider Modicon M221 PLC

Conclude with the analysis of a real Schneider Modicon M221 PLC. This final section builds on the simulation exercises by applying your newly learned skills to a real-world scenario using netdiscover, nmap, and Metasploit, further solidifying your practical expertise.