Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Title Page Copyright Page Dedication Contents Acknowledgments Introduction Part I Setting the Stage: Putting ICS Penetration Testing in Context
CASE STUDY, PART 1: Recipe for Disaster 1 Introduction to Industrial Control Systems [In]Security
Cyberphysical Systems: The Rise of the Machines
New Vectors to Old Threats The Consequences: What Could Happen? Understanding Realistic Threats and Risks to ICS
Overview of Industrial Control Systems
View Monitor Control Purdue Reference Model for ICS Types of Common Control Systems, Devices, and Components
Summary References for Further Reading
2 ICS Risk Assessment
ICS Risk Assessment Primer
The Elusive ICS “Risk Metric” Risk Assessment Standards What Should an ICS Risk Assessment Evaluate and Measure? ICS Risk Assessment Process Overview
ICS Risk Assessment Process Steps
Stage 1: System Identification & Characterization Stage 2: Vulnerability Identification & Threat Modeling Next Steps
Summary References for Further Reading
3 Actionable ICS Threat Intelligence through Threat Modeling
Threat Information vs. Threat Intelligence Threat Modeling: Turning ICS Threat Information into “Actionable” Threat Intelligence
The ICS Kill Chain The ICS Threat Modeling Process Information Collection
Summary References for Further Reading CASE STUDY, PART 2: The Emergence of a Threat
Part II Hacking Industrial Control Systems
CASE STUDY, PART 3: A Way In 4 ICS Hacking (Penetration Testing) Strategies
The Purpose of a Penetration Test Black Box, White Box, Gray Box Special Considerations: ICS Penetration Testing Is Not IT Penetration Testing Setting Up a Lab
Sampling “Like” Configured Systems Virtualization Equipment
Rules of Engagement Using Risk Scenarios ICS Penetration-Testing Strategies
Reconnaissance (“Footprinting”) External Testing Pivoting Thinking Outside of the Network: Asymmetric and Alternative Attack Vectors Internal Testing: On the ICS Network
Summary Resources for Further Reading
5 Hacking ICS Protocols
Modbus EtherNet/IP DNP3 Siemens S7comms BACnet Other Protocols Protocol Hacking Countermeasures Summary References for Further Reading
6 Hacking ICS Devices and Applications
Exploiting Vulnerabilities in Software
Some Basic Principles Buffer Overflows Integer Bugs: Overflows, Underflows, Trunction, and Sign Mismatches Pointer Manipulation Exploiting Format Strings Directory Traversal DLL Hijacking Cross-Site Scripting Cross-Site Request Forgery (CSRF) Exploiting Hard-Coded Values Brute-Force
All Software Has Bugs Summary References for Further Reading
7 ICS “Zero-Day” Vulnerability Research
Thinking Like a Hacker Step 1: Select Target Step 2: Study the Documentation Step 3: List and Prioritize Accessible Interfaces Step 4: Analyze/Test Each Interface
Fuzzing Static Binary Analysis Dynamic Binary Analysis
Step 5: Exploit Vulnerabilities Putting It All Together: MicroLogix Case Study
Research Preparation Before Diving In Creating a Custom Firmware
Summary References for Further Reading
Tools General References
8 ICS Malware
ICS Malware Primer
Dropper Rootkits Viruses Adware and Spyware Worms Trojan Horses Ransomware Infection Vectors
Analyzing ICS Malware
Lab Environment
Summary References for Further Reading CASE STUDY, PART 4: Foothold
Part III Putting It All Together: Risk Mitigation
CASE STUDY, PART 5: How Will It End? 9 ICS Security Standards Primer
Compliance vs. Security Common ICS Cybersecurity Standards
NIST SP 800-82 ISA/IEC 62443 (formerly ISA-99) NERC CIP API 1164 CFATS NRC Regulations 5.71
General Cybersecurity Standards
NIST Cybersecurity Framework ISO/IEC 27002:2013
Summary References for Further Reading
10 ICS Risk Mitigation Strategies
Addressing Risk Special ICS Risk Factors
Confidentiality, Integrity, and Availability (CIA) Defense-in-Depth Safety
General ICS Risk Mitigation Considerations
ICS Network Considerations ICS Host-Based Considerations ICS Physical Access Considerations
Exploits, Threats, and Vulnerabilities
Eliminating Exploits Eliminating Threats Eliminating Vulnerabilities
Additional ICS Risk Mitigation Considerations
System Integration Issues Compliance vs. Security Insurance Honeypots
The Risk Mitigation Process
Integrating the Risk Assessment Steps Integrating the Risk Scenarios Performing a Cost-Benefit Analysis Establishing the Risk Mitigation Strategy
Summary References for Further Reading
Part IV Appendixes
A Glossary of Acronyms and Abbreviations B Glossary of Terminology C ICS Risk Assessment and Penetration Testing Methodology Flowcharts
Index
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion