Tuesday September, 19 : 0900 – 1200
Summary
In this lab course, take a deep dive into the Modbus traffic of a simulated chemical plant to understand how to attack and harden one of the most common protocols in all of ICS. After completing this course you will be able to:
· Run advanced nmap scripts to enumerate Modbus devices
· Use Python Scapy scripts to perform detailed Modbus device enumeration
· Scan and scrape data from a Modbus server
· Send Modbus commands to control a process
· Fuzz Modbus servers to check for vulnerabilities
· Write IDS rules to detect suspicious Modbus activity
· Set up a basic Modbus honeypot to study attacker behavior
Duration: ~3 hours
Requirements: Attendees must have a laptop with either Chrome or Firefox installed. Some Linux knowledge is helpful but not required.
Your Trainer
