Assessing and Exploiting
Proprietary Serial Protocols
Module Outline
Examples when to use
Overview of methodology
Functional analysis
Using ICS vendor maintenance software and hardware
Exercise: Functional analysis of PLC's vendor tools
Communication capture
Capturing USB with hardware, software, and virtualization layers
Understanding USB and serial interfaces on Windows
Exercise: Capture of our vendor tool interactions with our PLC
Capture analysis
Exercise: Analysis of our vendor's proprietary protocol
Exercise: Reverse engineering our vendor's proprietary protocol
Exercise: Using Wireshark's column, comment, and coloring rules for RE
Testing harness creation
Exercise: Creating serial connections with Python
Exercise: Using ctserial to impersonate our vendor tools
Endpoint fuzzing
Exercise: Using ctserial for manual fuzzing on our PLC
Exploitation
Software
Velocio vBuilder (installed on Windows 10)
Velocio vFactory (installed on Windows 10)
ControlThings Platform Virtual Machine
Hardware
Velocio ACE 1600 PLC
(We'll be reverse engineering its proprietary programming and HMI protocol)