Assessing and Exploiting
Proprietary Serial Protocols

Module Outline

  • Examples when to use

  • Overview of methodology

  • Functional analysis

    • Using ICS vendor maintenance software and hardware

    • Exercise: Functional analysis of PLC's vendor tools

  • Communication capture

    • Capturing USB with hardware, software, and virtualization layers

    • Understanding USB and serial interfaces on Windows

    • Exercise: Capture of our vendor tool interactions with our PLC

  • Capture analysis

    • Exercise: Analysis of our vendor's proprietary protocol

    • Exercise: Reverse engineering our vendor's proprietary protocol

    • Exercise: Using Wireshark's column, comment, and coloring rules for RE

  • Testing harness creation

    • Exercise: Creating serial connections with Python

    • Exercise: Using ctserial to impersonate our vendor tools

  • Endpoint fuzzing

    • Exercise: Using ctserial for manual fuzzing on our PLC

  • Exploitation


  • Velocio vBuilder (installed on Windows 10)

  • Velocio vFactory (installed on Windows 10)

  • ControlThings Platform Virtual Machine


  • Velocio ACE 1600 PLC
    (We'll be reverse engineering its proprietary programming and HMI protocol)