Assessing and Exploiting
Production Control Networks

Module Outline:

• Examples when to use

• Overview of methodology

• DNS interrogation

  • When DNS is and when it is not available

  • Using but not abusing DNS

• Port Scanning

  • How and why control systems break on port scans

  • Nmap options to avoid

  • General Nmap recommendations

  • Recommended Nmap scans from low to high risk

• Technology Fingerprinting

  • Safe and unsafe fingerprinting technologies

  • Alternatives to traditional fingerprinting

• Protocol Enumeration

  • Common IT protocols that are generally safe to enumerate on control systems

  • Avoiding automatic enumerating of web interfaces on control systems

  • Dangers of enumeration control protocols in production

• Vulnerability Scanning

  • Plugins and configuration that break control systems

  • Recommended settings for Nessus

  • Using audits

  • Again, the dangers of automated tools on web apps and services

• Vulnerability validation

• Exploitation

• Post Exploitation / Cleanup

Software

• ControlThings Platform Virtual Machine

Hardware

• None