Assessing and Exploiting
Control Protocols
Module Outline:
Examples when to use
Overview of methodology
Traffic Capture
Communication mediums vs communication protocols
Serial communications like RS-232, TIA-422, and TIA-485
Fieldbus Protocols and Protocol Families
Understanding USB and serial interfaces on Windows
Methods to capture serial traffic in Windows and Linux
Exercise: Capturing serial traffic
Exercise: Manual decode of Modbus RTU
Understanding the common 1-off address issue of ICS protocols
Exercise: Using Wireshark to decode Modbus RTU
Protocol Enumeration
The severe lack of availability of ICS protocol tools
Repurposing an engineer's troubleshooting tools
Exercise: Using Python to interact with Modbus RTU on our PLC
Exercise: Enumeration with ctmodbus on our PLC
Understanding data types and 2's complement
Protocol Fuzzing
Reasons to avoid fuzzing protocols on embedded devices
Exercise: Writing protocol fuzzers with boofuzz
Exercise: Fuzzing Modbus TCP on our PLC
Exercise: Manual fuzzing with ctmodbus
Protocol Exploitation
Software
ControlThings Platform Virtual Machine
Hardware
Velocio ACE 1600 PLC
(We'll be communicating with it using Modbus RTU and capturing that communications on the serial-over-USB bus)