Assessing and Exploiting
Control Network Captures
Module Outline:
Examples when to use
Overview of methodology
Traffic Capture
Hardware and software to use
Suggested configurations
Endpoint and Flow Analysis
Common TCP/IP based ICS protocols
Exercise: Using Wireshark for endpoint and flow analysis
Exercise: Using GrassMarlin
Known Protocol Analysis
Deepdive into Modbus TCP
Exercise: Analysing Modbus TCP captures
Exercise: Using zeek with Modbus TCP
Exercise: Using strings on control protocols
Overview of ProfiNet, EnternetIP/CIP, OPC, DNP3, IEC 104, IEC 61850, ICCP
Unknown Protocol Analysis
Exercise: Finding unknown protocols with Wireshark
Exercise: Entropy analysis of network payloads
Exercise: Using GrassMarlin on unknown protocols
Gap Analysis with Security Architecture Review
Software
ControlThings Platform Virtual Machine
Hardware
None