Post on 03-Feb-2022
Hands on Demonstration of Kali
Linux, Metasploit
Targeting and Attacking Building Control
Systems
November 18, 2015
Federal Facilities Council Workshop: Cyber Resilience of Building Control Systems
Bob Talbot ICS/SCADA Security Solutions Manager Robert.Talbot@parsons.com 540 270-6088
AGENDA
Control System Exploitation Vectors
Finding & Exploiting Vulnerabilities
Attack Methodology
Tools
Demo
Wrap-up
Control System Exploitation Vectors
Finding Vulnerabilities
Exploiting Vulnerabilities
Attack Methodology
Kali Linux
• Kali Linux is a free tool designed for forensics and penetration testing • Can be downloaded at: www.kali.org • Kali is a Debian-based linux distribution • -Can be run on a hard drive, live CD, or live USB • The distribution includes over 600 pen testing programs • Some of the most commonly used are: • -nmap—a port scanner (passive and active scanning) • -Wireshark—packet analyzer • -John the Ripper—password cracker • -Aircrack-ng—wireless LAN penetration testing suite • -Burp Suite—web application scanner • Also contains the Metasploit Framework—developing and executing
exploits
Tools
Network Mapper (nmap)
Packet Analyzer (Wireshark/tcpdump)
Demo
• BMS Attack
Questions?
Commercial Cybersecurity Division 5885 Trinity Way
Centreville, VA 20120 www.parsons.com
Thank You Please visit www.parsons.com/cyber for more information or to request a demonstration.