SCADA/ICS systems are among the greatest concerns for cyber warfare/cyber defense organizations. These systems are particularly vulnerable for several reasons, including– but not limited to–the fact that so many SCADA/ICS organizations have relied upon security through obscurity for so many years. These industrial control systems are critical to any nation’s infrastructure and, thereby, their economy. In this section, we will be showing how these systems can be found, hacked, and controlled.
Like any type of hacking, we need to do reconnaissance first. You can’t hack what you don’t see. We’ll start with a few tutorials on how to find SCADA/ICS systems with Shodan, Google hacking, and Nmap. Then, we will progress to;
(1) the basics of how these systems work including their primary protocols (Modbus, DNP3, ProfiBus, OPC, etc).
(2) a few case studies of major SCADA/ICS hacks.
(3) and finally, how to hack and exploit them.
SCADA Hacking: The Key Differences between Security of SCADA and Traditional IT systems
SCADA Hacking: Finding SCADA Systems using Shodan
SCADA Hacking: Finding Vulnerable SCADA Systems using Google Hacking
SCADA Hacking: Finding and Enumerating SCADA sites with nmap and nmap scripts
SCADA Hacking: Monitoring SCADA Sites with Splunk
SCADA Hacking: DoSing a SCADA site
SCADA Hacking: Hacking the Schneider Automated Building System
SCADA Hacking: Hacking the Schneider Electric TM221 Modicon PLC using modbus-cli
SCADA Hacking: Metasploit SCADA Modules
SCADA Hacking: SCADA/ICS Risk Assessment and Management, Part 1
SCADA Hacking: SCADA Risk Assessment with CSET
SCADA Hacking: Default Passwords for Nearly Every SCADA System
SCADA Hacking: Building a SCADA Honeypot
SCADA Hacking: Ladder Logic Programming Simulation of a PLC
SCADA Hacking: Modbus Master/Slave Simulation
SCADA Hacking: SCADA/ICS Communication Protocols (Modbus)
SCADA Hacking: SCADA Protocols (DNP3)
SCADA Hacking: SCADA/ICS Protocols (Profinet/Profibus)
SCADA Hacking: Metasploit SCADA Modules
SCADA Hacking: Developing Zero-Day SCADA Exploits
SCADA Hacking: Snake, a New Variant of Ransomware Targets SCADA/ICS
SCADA Hacking: The Most Important SCADA/ICS Attacks in History
SCADA Hacking: Anatomy of a SCADA Malware, BlackEnergy 3 Attack on the Ukraine Grid
SCADA Hacking: Anatomy of Cyber War, the Stuxnet Attack
SCADA Hacking: The Triton Malware Threat to SCADA/ICS Infrastructure