Hands on Demonstration of Kali Linux, Metasploit Targeting and Attacking Building Control Systems November 18, 2015 Federal Facilities Council Workshop: Cyber Resilience of Building Control Systems Bob Talbot ICS/SCADA Security Solutions Manager [email protected]540 270-6088
13
Embed
Hands on Demonstration of Kali Linux, Metasploit Targeting ...
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Hands on Demonstration of Kali
Linux, Metasploit
Targeting and Attacking Building Control
Systems
November 18, 2015
Federal Facilities Council Workshop: Cyber Resilience of Building Control Systems
Bob Talbot ICS/SCADA Security Solutions Manager [email protected] 540 270-6088
AGENDA
Control System Exploitation Vectors
Finding & Exploiting Vulnerabilities
Attack Methodology
Tools
Demo
Wrap-up
Control System Exploitation Vectors
Finding Vulnerabilities
Exploiting Vulnerabilities
Attack Methodology
Kali Linux
• Kali Linux is a free tool designed for forensics and penetration testing • Can be downloaded at: www.kali.org • Kali is a Debian-based linux distribution • -Can be run on a hard drive, live CD, or live USB • The distribution includes over 600 pen testing programs • Some of the most commonly used are: • -nmap—a port scanner (passive and active scanning) • -Wireshark—packet analyzer • -John the Ripper—password cracker • -Aircrack-ng—wireless LAN penetration testing suite • -Burp Suite—web application scanner • Also contains the Metasploit Framework—developing and executing
exploits
Tools
Network Mapper (nmap)
Packet Analyzer (Wireshark/tcpdump)
Demo
• BMS Attack
Questions?
Commercial Cybersecurity Division 5885 Trinity Way
Centreville, VA 20120 www.parsons.com
Thank You Please visit www.parsons.com/cyber for more information or to request a demonstration.