Assessing and Exploiting
Control Protocols

Module Outline:

  • Examples when to use

  • Overview of methodology

  • Traffic Capture

    • Communication mediums vs communication protocols

    • Serial communications like RS-232, TIA-422, and TIA-485

    • Fieldbus Protocols and Protocol Families

    • Understanding USB and serial interfaces on Windows

    • Methods to capture serial traffic in Windows and Linux

    • Exercise: Capturing serial traffic

    • Exercise: Manual decode of Modbus RTU

    • Understanding the common 1-off address issue of ICS protocols

    • Exercise: Using Wireshark to decode Modbus RTU

  • Protocol Enumeration

    • The severe lack of availability of ICS protocol tools

    • Repurposing an engineer's troubleshooting tools

    • Exercise: Using Python to interact with Modbus RTU on our PLC

    • Exercise: Enumeration with ctmodbus on our PLC

    • Understanding data types and 2's complement

  • Protocol Fuzzing

    • Reasons to avoid fuzzing protocols on embedded devices

    • Exercise: Writing protocol fuzzers with boofuzz

    • Exercise: Fuzzing Modbus TCP on our PLC

    • Exercise: Manual fuzzing with ctmodbus

  • Protocol Exploitation

Software

  • ControlThings Platform Virtual Machine

Hardware

  • Velocio ACE 1600 PLC
    (We'll be communicating with it using Modbus RTU and capturing that communications on the serial-over-USB bus)