Pentesting Industrial Control Systems: An ethical hacker's guide to analyzing, compromising, mitigating, and securing industrial processes
暫譯: 工業控制系統滲透測試:道德駭客分析、攻擊、緩解及保護工業流程的指南

Paul Smith

Pentesting Industrial Control Systems: An ethical hacker's guide to analyzing, compromising, mitigating, and securing industrial processes
  • 出版商: Packt Publishing
  • 出版日期: 2021-12-09
  • 售價: $2,000
  • 貴賓價: 9.5$1,900
  • 語言: 英文
  • 頁數: 450
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1800202385
  • ISBN-13: 9781800202382
  • 相關分類: 控制系統 Control-systems駭客 Hack

    • 海外代購書籍(需單獨結帳)

相關主題

商品描述

Key Features

  • Become well-versed with offensive ways of defending your industrial control systems
  • Learn about industrial network protocols, threat hunting, Active Directory compromises, SQL injection, and much more
  • Build offensive and defensive skills to combat industrial cyber threats

Book Description

The industrial cybersecurity domain has grown significantly in recent years. To completely secure critical infrastructure, red teams must be employed to continuously test and exploit the security integrity of a company's people, processes, and products. This pentesting book takes a slightly different approach than most by helping you to gain hands-on experience with equipment that you'll come across in the field. This will enable you to understand how industrial equipment interacts and operates within an operational environment.

You'll start by getting to grips with the basics of industrial processes, and then see how to create and break the process, along with gathering open source intel to create a threat landscape for your potential customer. As you advance, you'll find out how to install and utilize offensive techniques used by professional hackers. Throughout the book, you'll explore industrial equipment, port and service discovery, pivoting, and much more, before finally launching attacks against systems in an industrial network.

By the end of this penetration testing book, you'll not only understand how to analyze and navigate the intricacies of an industrial control system (ICS), but you'll also have developed essential offensive and defensive skills to proactively protect industrial networks from modern cyberattacks.

What you will learn

  • Set up a starter-kit ICS lab with both physical and virtual equipment
  • Perform open source intel-gathering pre-engagement to help map your attack landscape
  • Get to grips with the Standard Operating Procedures (SOPs) for penetration testing on industrial equipment
  • Understand the principles of traffic spanning and the importance of listening to customer networks
  • Gain fundamental knowledge of ICS communication
  • Connect physical operational technology to engineering workstations and supervisory control and data acquisition (SCADA) software
  • Get hands-on with directory scanning tools to map web-based SCADA solutions

Who this book is for

If you are an ethical hacker, penetration tester, automation engineer, or IT security professional looking to maintain and secure industrial networks from adversaries, this book is for you. A basic understanding of cybersecurity and recent cyber events will help you get the most out of this book.

商品描述(中文翻譯)

**主要特點**

- 熟悉攻擊性防禦工業控制系統的方法
- 了解工業網路協議、威脅獵捕、Active Directory 破壞、SQL 注入等更多內容
- 建立攻擊和防禦技能以對抗工業網路威脅

**書籍描述**

工業網路安全領域在近年來顯著增長。為了完全保護關鍵基礎設施,必須使用紅隊持續測試和利用公司人員、流程和產品的安全完整性。本書的滲透測試方法與大多數書籍略有不同,幫助您獲得在現場會遇到的設備的實作經驗。這將使您了解工業設備如何在操作環境中互動和運作。

您將從掌握工業流程的基本知識開始,然後學習如何創建和破壞這一過程,並收集開源情報以為潛在客戶創建威脅環境。隨著進展,您將了解如何安裝和利用專業駭客使用的攻擊技術。在整本書中,您將探索工業設備、端口和服務發現、樞紐轉移等內容,最後對工業網路中的系統發起攻擊。

在這本滲透測試書的結尾,您不僅會理解如何分析和導航工業控制系統(ICS)的複雜性,還將發展出主動保護工業網路免受現代網路攻擊的基本攻擊和防禦技能。

**您將學到的內容**

- 設置一個包含實體和虛擬設備的入門級 ICS 實驗室
- 執行開源情報收集的前期準備,以幫助繪製攻擊環境
- 熟悉工業設備滲透測試的標準作業程序(SOPs)
- 理解流量跨越的原則及傾聽客戶網路的重要性
- 獲得 ICS 通信的基本知識
- 將實體操作技術連接到工程工作站和監控控制與數據採集(SCADA)軟體
- 使用目錄掃描工具實作網路基礎的 SCADA 解決方案

**本書適合誰**

如果您是道德駭客、滲透測試員、自動化工程師或 IT 安全專業人士,並希望維護和保護工業網路免受對手攻擊,本書適合您。對網路安全和近期網路事件的基本理解將幫助您充分利用本書。

作者簡介

Paul Smith has spent close to 20 years in the automation control space, tackling the "red herring" problems that are thrown his way. He has handled unique issues such as measurement imbalances resulting from flare sensor saturation, database migration mishaps, and many more. This ultimately led to the later part of his career, where he has been spending most of his time in the industrial cybersecurity space pioneering the use of new security technology in the energy, utility, and critical infrastructure sectors, and helping develop cybersecurity strategies through the use of red team/pentest engagements, cybersecurity risk assessments, and tabletop exercises for some of the world's largest government contractors, industrial organizations, and municipalities.

作者簡介(中文翻譯)

保羅·史密斯(Paul Smith)在自動化控制領域工作了近20年,解決了許多被稱為「紅鯡魚」的問題。他處理過獨特的問題,例如由於火焰傳感器飽和而導致的測量不平衡、數據庫遷移失誤等。這最終引導他職業生涯的後期,他大部分時間都在工業網絡安全領域,開創了在能源、公用事業和關鍵基礎設施部門使用新安全技術的先河,並通過紅隊/滲透測試(pentest)參與、網絡安全風險評估和桌面演練,幫助一些全球最大的政府承包商、工業組織和市政機構制定網絡安全策略。

目錄大綱

  1. Using Virtualization
  2. Route the Hardware
  3. I Love My Bits – Lab Setup
  4. Open Source Ninja
  5. Span Me If You Can
  6. Packet Deep Dive
  7. Scanning 101
  8. Protocols 202
  9. Ninja 308
  10. I Can Do It 420
  11. Whoot... I Have To Go Deep
  12. I See the Future
  13. Pwnd but with Remorse

目錄大綱(中文翻譯)


  1. Using Virtualization

  2. Route the Hardware

  3. I Love My Bits – Lab Setup

  4. Open Source Ninja

  5. Span Me If You Can

  6. Packet Deep Dive

  7. Scanning 101

  8. Protocols 202

  9. Ninja 308

  10. I Can Do It 420

  11. Whoot... I Have To Go Deep

  12. I See the Future

  13. Pwnd but with Remorse

類似商品