Pentesting ICS (Profinet)
What is Profinet?
Testing Profinet
Use profinet_scanner.py to detect devices on a network!
SCADA-safe scanner: https://www.rapid7.com/db/modules/auxiliary/scanner/scada/profinet_siemens
Once the devices are identiied, MiTM, packet record/replay attacks can be used as there is no security on the protocol!
To scan from outside, the default ports used are: port 34962-64
Conclusions
Resources and bibliography:
- Industrial Cybersecurity – Efficiently secure critical infrastructure systems by Pascal Ackerman
- Cybersecurity for Industrial Control Systems: SCADA, DCS, PLC, HMI, and SIS by T. Macaulay, B. L. Singer
- Tools source: https://github.com/Boxbop/scada-tools