Assessing and Exploiting
Production Control Networks

Module Outline:

  • Examples when to use

  • Overview of methodology

  • DNS interrogation

    • When DNS is and when it is not available

    • Using but not abusing DNS

  • Port Scanning

    • How and why control systems break on port scans

    • Nmap options to avoid

    • General Nmap recommendations

    • Recommended Nmap scans from low to high risk

  • Technology Fingerprinting

    • Safe and unsafe fingerprinting technologies

    • Alternatives to traditional fingerprinting

  • Protocol Enumeration

    • Common IT protocols that are generally safe to enumerate on control systems

    • Avoiding automatic enumerating of web interfaces on control systems

    • Dangers of enumeration control protocols in production

  • Vulnerability Scanning

    • Plugins and configuration that break control systems

    • Recommended settings for Nessus

    • Using audits

    • Again, the dangers of automated tools on web apps and services

  • Vulnerability validation

  • Exploitation

  • Post Exploitation / Cleanup


  • ControlThings Platform Virtual Machine


  • None