Cybersecurity Testing for Industrial Control Systems (W42) - Pentestmag

Cybersecurity Testing for Industrial Control Systems (W42)


Out of stock


Product Description

Protecting the Industrial Control System (ICS) environment is more important than ever. Due to the fragile nature of ICS, pentesting must be performed in a manner that is not detrimental to the operation of an ICS environment while still determining where vulnerabilities can impact ICS. The techniques and tools to perform this kind of pentesting are similar to those used in a regular information technology environment but the techniques and tools need to be applied in a different manner. Pentesting techniques taught in this course will apply to all forms of ICS; e.g. SCADA, DCS, PLC.

  • Videos will be provided in some lessons to demonstrate key ICS knowledge or ICS pentesting techniques.
  • The primary focus of this course is not teaching student scripting. However, some fundamentals of scripting will be covered in conjunction with teaching about pentesting tools.
  • All labs will be structured with a road map for the student to follow and questions to answer.
  • There are review questions at the end of each module.
  • The Final Exam for this course consists of 50 multiple choice questions. Some questions will be based on scenarios from topics learned during the course.


Due to the sensitive nature of the topics presented in this course each purchase and student application will be verified via email before access is granted. 

Why take it NOW? 

The threats against ICS environments are ever increasing so there is no time like the present to learn skills to help protect these environments.

Why THIS course?

If you are looking for a different direction in your information security career, this course will introduce you to skills to advance your career into the exciting field of ICS cybersecurity.

Who is this course for? 

  • PenTesters of Information Technology
  • Cybersecurity degree college students that want to learn more practical skills to supplement their college education
  • Industrial Control System (ICS) operation personnel that want to better understand information security
  • System and network architects

Course benefits:

What skills will you gain? 

  • Be able to explain the similarities and differences between information systems and industrial control systems.
  • General knowledge about the operation of industrial control systems to better understand what you will be testing.
  • Monitor/Test ICS TCP/IP protocols and be able to detect vulnerabilities.
  • Passively and actively perform cyber security testing of industrial control systems.
  • Understand how to apply countermeasures to ICS threats and vulnerabilities.

What will you learn? 

  • Understand the similarities and differences between information technologies and industrial control systems/operational technology
  • Definition of industrial control systems and fundamental operation
  • ICS network architecture
  • Open source ICS Cybersecurity Intelligence
  • ICS vulnerabilities and their effects on an ICS environment
  • The distinct differences between ICS TCP/IP protocols and information technology TCP/IP protocols
  • How to apply the pentesting stages to ICS pentesting
  • How to use the results of ICS pentesting to improve ICS network architecture

What tools will you use? 

From the virtual host computer or non-virtual computer with web browser:

  • Open source intelligence (OSINT) from Shodan useful for ICS footprinting.

Included in the virtual labs:

  • ICS device simulators
  • Kali Linux distro
  • Wireshark
  • Grassmarlin
  • PLC Scanning Tools
  • Modbus Tools
  • Nmap
  • OpenVAS
  • Metasploit Framework with Meterpreter and Armitage
  • Industrial Exploitation Framework
  • Industrial Security Exploitation Framework
  • Control Things Modbus
  • ICS fuzzers
  • Scripting tools

Course general information: 

DURATION: 18 hours

CPE POINTS: On completion you get a certificate granting you 18 CPE points. 

Course launch date: August 18th 2020

Course format: 

  • Self-paced
  • Pre-recorded
  • Accessible even after you finish the course
  • No preset deadlines
  • Materials are video, labs, and text
  • All videos captioned

What will you need? 

One or more desktop PCs or laptops that are capable of running VMware Workstation, VMware Player, or Oracle VirtualBox with

  • Processor that is capable of virtualization
  • at least 16 GB of RAM
  • at least 1 TB of disk space

Make sure hardware/operating system specifications meet the hypervisor requirements.

What should you know before you join? 

  • Solid understanding of essential networking concepts (OSI model, TCP/IP, networking devices, and transmission media)
  • Understanding of pentest tools and techniques
  • Linux operating system fundamentals, including command line usage
  • Python scripting and scapy
  • Windows command line operations including Powershell scripting
  • Microsoft WMI
  • Conceptual knowledge of programming/scripting
  • Some familiarity with network traffic inspection tools (Wireshark, TShark, or tcpdump) is highly recommended


Leonard Jacobs is Founder and CEO of Netsecuris LLC., a leading Managed Cyber Defense and Incident Response Provider to businesses. Netsecuris specializing in providing cyber security protections to the utilities, financial services, manufacturing, and government sectors. Leonard has 38 years of hands-on technology management experience including over 20 years in cybersecurity. Previous to founding Netsecuris, Leonard was employed by several ICS-related industries. Leonard is considered an expert in Industrial Control System cyber security. He has spoken on many cyber security topics at conferences around the world and has written many cyber security whitepapers.  He holds a MS degree in Cybersecurity Technology from University of Maryland, a MBA degree from University of Phoenix, and a BA degree from University of Florida. Leonard holds a CISSP certification from ISC2 and Certified SCADA Security Architect certification from IACRB.  He has taught cybersecurity analysis bootcamps, cyber range activities at a major university, and cybersecurity certification exam preparation courses.


Module 0

Learn about Industrial Control Systems with example resources

Students should review the history of ICS, in particular, the transition from field buses to TCP/IP networking. Resources to browse will be provided. 

Module 1

Module 1: Industrial Control Systems Cybersecurity Overview

Module 1 teaches a fundamental understanding of ICS technology so students can effectively understand and perform cybersecurity testing of ICS.

Module 1 covered topics:

  • Learn why ICS should be security tested
  • Discuss the similarities and differences between ICS and IT
  • ICS Network Architecture
  • Overview of ICS Components
    • SCADA
    • DCS
    • PLC
      • Review Ladder Logic
    • RTUs
  • Strengths and Weaknesses of ICS Components and Architecture
  • Review of MITRE ATT&CK Framework for ICS

Module 1 assignments:

  • PLC Operations Lab
    • Understand how this widely used ICS component operates
    • Ladder Logic Exercises
  • SCADA Operations Lab
    • Understand how this widely used ICS component operates

Module 2

ICS TCP/IP Protocol and Services

This module provides a review of ICS protocols and services so students have a good understanding of what they will be testing in an ICS environment.  This review is important because many ICS protocols and services are unique compared to an IT environment.

Module 2 covered topics:

  • Overview of ICS TCP/IP and Networking Concepts
  • Survey of some ICS Protocols and Services:
    • Overview of Fieldbus Technology
    • Modbus TCP
    • Distributed Network Protocol 3 (DNP3)/Secure DNP3
    • ICCP/Secure ICCP
    • OPC Unified Architecture
    • Industrial Ethernet
    • Industrial IP
    • EtherNet/IP
    • BACnet
    • HART
    • Controller Area Network (CAN)
    • ZigBee 

Module 2 assignments:

  • Wireshark Pcap Lab
    • Important to understand how to use Wireshark for other labs in this module.
    • Important for understanding Wireshark because it is built into Grassmarlin that will be learned in Module 3.
  • Modbus Lab
    • Important to understand the most widely used PLC protocol.
  • DNP3 Lab
    • Important to understand the most widely used protocol in electric and water industries.

Module 3

ICS Cybersecurity Testing

This module covers the techniques that are used during testing of ICS networks and components. Overview of open source and commercial tools is covered in this module.

Module 3 covered topics:

  • Open Source and Commercial Testing Tools Applied to ICS PenTesting with Instructions and Demonstrations
    • Shodan
    • Grassmarlin
    • Nmap
    • OpenVAS
    • Tenable Nessus
    • Metasploit Framework
    • Industrial Exploitation Framework
    • Industrial Security Exploitation Framework
    • Control Things Modbus: the security professional's Swiss army knife for Modbus
    • ICS Fuzzers
      • Finding vulnerabilities in ICS protocols
    • Scripting
  • Passive Testing Techniques
    • Passive Monitoring
    • Selective Probing
  • Active Testing Techniques
    • Active Monitoring/Scanning

Module 3 assignments:

  • Shodan Lab (ICS Footprinting)
  • Grassmarlin Lab
    • Hands-on ICS Asset Inventory
  • Nmap
    • Hands-on ICS port scanning
  • OpenVAS Lab
    • Hands-on ICS Vulnerability Assessment
  • Metasploit Framework Lab
    • Hands-on ICS Exploitation
  • Control Things Modbus
    • Hands-on interacting with Modbus devices
  • ICS Fuzzers Lab
    • Hands-on discovering vulnerabilities in ICS protocols

Module 4

Applying Cybersecurity Testing Results

Students should not only understand how to perform ICS cybersecurity testing but also be able to explain how to apply the results to improve the cybersecurity of ICS networks and components. This module will give the student the understanding to perform these important post testing tasks or to provide effective direction to others. 

Module 4 covered topics:

  • Interpreting and analyzing testing results
  • Writing non-technical executive summary reports for management
  • Writing technical reports for the technical staff
  • Developing remediation plans for the technical staff to follow

Module 4 assignments:

  • Test Results Analysis Lab
  • Writing Reports Lab
  • Remediation Plans Lab

Final exam

Questions on all topics covered in course. Questions will cover definitions, techniques, and application of ICS PenTesting Tools.  Some questions are based on scenarios.

Questions? Reach out to us at [email protected]


There are no reviews yet.

Only logged in customers who have purchased this product may leave a review.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023