Hands on Demonstration of Kali Linux, Metasploit Targeting and ...
Transcript of Hands on Demonstration of Kali Linux, Metasploit Targeting and ...
Hands on Demonstration of Kali
Linux, Metasploit
Targeting and Attacking Building Control
Systems
November 18, 2015
Federal Facilities Council Workshop: Cyber Resilience of Building Control Systems
Bob Talbot ICS/SCADA Security Solutions Manager [email protected] 540 270-6088
AGENDA
Control System Exploitation Vectors
Finding & Exploiting Vulnerabilities
Attack Methodology
Tools
Demo
Wrap-up
Control System Exploitation Vectors
Finding Vulnerabilities
Exploiting Vulnerabilities
Attack Methodology
Kali Linux
• Kali Linux is a free tool designed for forensics and penetration testing • Can be downloaded at: www.kali.org • Kali is a Debian-based linux distribution • -Can be run on a hard drive, live CD, or live USB • The distribution includes over 600 pen testing programs • Some of the most commonly used are: • -nmap—a port scanner (passive and active scanning) • -Wireshark—packet analyzer • -John the Ripper—password cracker • -Aircrack-ng—wireless LAN penetration testing suite • -Burp Suite—web application scanner • Also contains the Metasploit Framework—developing and executing
exploits
Tools
Network Mapper (nmap)
Packet Analyzer (Wireshark/tcpdump)
Demo
• BMS Attack
Questions?
Commercial Cybersecurity Division 5885 Trinity Way
Centreville, VA 20120 www.parsons.com
Thank You Please visit www.parsons.com/cyber for more information or to request a demonstration.