====== Assessing and Exploiting Production Control Networks ======


Examples when to use

Overview of methodology

DNS interrogation

  * When DNS is and when it is not available
  * Using but not abusing DNS

Port Scanning

  * How and why control systems break on port scans
  * Nmap options to avoid
  * General Nmap recommendations
  * Recommended Nmap scans from low to high risk

Technology Fingerprinting

  * Safe and unsafe fingerprinting technologies
  * Alternatives to traditional fingerprinting

Protocol Enumeration

  * Common IT protocols that are generally safe to enumerate on control systems
  * Avoiding automatic enumerating of web interfaces on control systems
  * Dangers of enumeration control protocols in production

Vulnerability Scanning

  * Plugins and configuration that break control systems
  * Recommended settings for Nessus
  * Using audits
  * Again, the dangers of automated tools on web apps and services

Vulnerability validation

  * Exploitation
  * Post Exploitation / Cleanup

Software

    ControlThings Platform Virtual Machine