Assessing and Exploiting Production Control Networks

Examples when to use

Overview of methodology

DNS interrogation

• When DNS is and when it is not available
• Using but not abusing DNS

Port Scanning

• How and why control systems break on port scans
• Nmap options to avoid
• General Nmap recommendations
• Recommended Nmap scans from low to high risk

Technology Fingerprinting

• Safe and unsafe fingerprinting technologies
• Alternatives to traditional fingerprinting

Protocol Enumeration

• Common IT protocols that are generally safe to enumerate on control systems
• Avoiding automatic enumerating of web interfaces on control systems
• Dangers of enumeration control protocols in production

Vulnerability Scanning

• Plugins and configuration that break control systems
• Recommended settings for Nessus
• Using audits
• Again, the dangers of automated tools on web apps and services

Vulnerability validation

• Exploitation
• Post Exploitation / Cleanup

Software

  ControlThings Platform Virtual Machine