Chapter 9: Ninja 308
In the previous chapter, we discussed the fundamentals of industrial protocols and specifically the nuances of two in particular: Modbus and Ethernet/IP. We discussed and used tools that allowed us to enumerate ports and discover services running on those devices. We also used tools to traverse directories and vhosts in Chapter 7, Scanning 101, which means that we have a great foundational knowledge of both ends of the attack chain.
Now, we need to spend time looking at attacks and, most importantly, brute forcing. As exciting as it is to find a legacy service that we then spend time reverse engineering and building an exploit for, time is typically not on our side. If you discover a system such as Ignition SCADA, which ...
Get Pentesting Industrial Control Systems now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.