How do pentesters even begin to learn about industrial control systems? – Digitalmunition

Home Forums How do pentesters even begin to learn about industrial control systems?

This topic contains 1 reply, has 2 voices, and was last updated by  px403 1 month ago.

  • Author
  • #259062


    As I’m learning about the different niche areas in cybersec, I’ve stumbled onto embedded systems like industrial controls, SCADA, and RTOS.

    I realize this begins to get into electrical engineering. I’ve had some extremely basic experience with learning about embedded systems programming with C, but we worked strictly on a TI microcontroller. We never went past that.

    So how do pentesters learn/gain experience with this field? Since each embedded system varies vastly, I feel like it would take A LOT of understanding for one system alone, let alone for this to be a specialization.

    Can anyone shed light on how exactly this specific field works?

  • #259066


    Read the manuals. Lots of stuff has default passwords or easily accessible debug modes. You can also buy a lot of ICS stuff on ebay, take it apart, play with it, etc.

  • #259068


    buy some crap off of ebay 🙂

  • #259070


    Here a quick place to start:





  • #259073


    Buy old used junk. Read read read. Look at service manuals.

  • #259075


    PDFs my son

  • #259076


    Through my time in the service I realized that most control systems are controlled by PLCs. Not sure if that’s what you are thinking of… most of the time they are easily swapped in/out once you’re inside the panel. Another thing to research is **PLC ladder logic**… this is just my opinion though 🙂 There are actual high paying jobs out there for PLC programmers. I’d be willing to bet they are all Industrial-type companies and gov. NAVSEA/Philadelphia etc…

    EDIT: As a side note… a lot of industrial systems are still controlled by old school, analog motor controllers (that is what I mostly worked on). These are as old as WW2 sometimes and have contactors/magnets, large capacitors, fuses etc etc. They physically start and stop typically large, high-amperage electric motors. You cannot hack these unless you pull the fuses or breaker and want to go inside of the box.

    However any new control system for modern equipment will use PLCs.

  • #259079


    I don’t claim to be an experienced pentester but I have a bit of experience with industrial control system security ( private sector ). As Solstice-net mentioned below take a look at PLC’s (allen bradley is a big one, DIN-rail mountable PLC ladder logic and other types in general, not dumb PID’s). If you have a look through their historical product catalog and take note of which products have network connectivity and then of those network connected SKU’s what security protocols do they support (probably not oauth2 lol) you will have researched enough to understand an in depth answer from someone way more experienced then myself.

  • #259080


    Read read and read. Virtualization and buying old devices off eBay to experiment with.

  • #259081


You must be logged in to reply to this topic.