This topic contains 1 reply, has 2 voices, and was last updated by px403 1 month ago.
- June 3, 2020 at 12:27 am #259062
As I’m learning about the different niche areas in cybersec, I’ve stumbled onto embedded systems like industrial controls, SCADA, and RTOS.
I realize this begins to get into electrical engineering. I’ve had some extremely basic experience with learning about embedded systems programming with C, but we worked strictly on a TI microcontroller. We never went past that.
So how do pentesters learn/gain experience with this field? Since each embedded system varies vastly, I feel like it would take A LOT of understanding for one system alone, let alone for this to be a specialization.
Can anyone shed light on how exactly this specific field works?
- June 3, 2020 at 12:30 am #259066
Read the manuals. Lots of stuff has default passwords or easily accessible debug modes. You can also buy a lot of ICS stuff on ebay, take it apart, play with it, etc.
- June 3, 2020 at 12:30 am #259068
buy some crap off of ebay 🙂
- June 3, 2020 at 12:30 am #259070
Here a quick place to start:
- June 3, 2020 at 12:30 am #259073
Buy old used junk. Read read read. Look at service manuals.
- June 3, 2020 at 12:30 am #259075
PDFs my son
- June 3, 2020 at 12:30 am #259076
Through my time in the service I realized that most control systems are controlled by PLCs. Not sure if that’s what you are thinking of… most of the time they are easily swapped in/out once you’re inside the panel. Another thing to research is **PLC ladder logic**… this is just my opinion though 🙂 There are actual high paying jobs out there for PLC programmers. I’d be willing to bet they are all Industrial-type companies and gov. NAVSEA/Philadelphia etc…
EDIT: As a side note… a lot of industrial systems are still controlled by old school, analog motor controllers (that is what I mostly worked on). These are as old as WW2 sometimes and have contactors/magnets, large capacitors, fuses etc etc. They physically start and stop typically large, high-amperage electric motors. You cannot hack these unless you pull the fuses or breaker and want to go inside of the box.
However any new control system for modern equipment will use PLCs.
- June 3, 2020 at 12:30 am #259079
I don’t claim to be an experienced pentester but I have a bit of experience with industrial control system security ( private sector ). As Solstice-net mentioned below take a look at PLC’s (allen bradley is a big one, DIN-rail mountable PLC ladder logic and other types in general, not dumb PID’s). If you have a look through their historical product catalog and take note of which products have network connectivity and then of those network connected SKU’s what security protocols do they support (probably not oauth2 lol) you will have researched enough to understand an in depth answer from someone way more experienced then myself.
- June 3, 2020 at 12:30 am #259080
Read read and read. Virtualization and buying old devices off eBay to experiment with.
- June 3, 2020 at 12:30 am #259081
[Great starter playlist on YouTube](https://www.youtube.com/playlist?list=PLhBYpAcOIPrxJPVN_AcYS-nx13Zk6g8mN)
You must be logged in to reply to this topic.