Overview of Penetration Testing for Industrial Control Systems (IC38C)

Length: 1 day
CEUs: .7
Course Hours: 8:00 a.m. - 4:00 p.m.
Certification of Completion: A Certificate of Completion indicating the total number of CEUs earned will be provided upon successful completion of the course.


In this one day overview, an instructor will walk students through the process of penetration testing industrial automation and control systems. Penetration testing provides facilities and companies with valuable feedback as to how their system might be compromised, and the impact that might result. Attendees will gain familiarity with the overall tools and techniques that attackers may use to compromise their systems, and witness the instructor demonstrating practical applications of such tools.

Who should attend?

  • IT professionals and penetration testers interested in pen testing for ICS
  • Operations and IT managers interested in understanding the real threats to ICS and how attackers might compromise their systems
  • ICS Consultants looking to gain insight in how to develop ICS Penetration Testing capabilities
  • ISA/IEC 62443 Security Experts looking to take their training from IC32, 33, 34, and 37 to the next level

You will be able to

  • Understand the differences between vulnerability assessments and penetration tests
  • Understand the purpose of penetration testing
  • Implement IACS backup and restoration procedures
  • Gain an overview of the major tasks during a penetration test
  • Become familiar with some of the tools and techniques used by penetration testers
  • Demonstrate practical knowledge and be a first-hand witness as to how ICS and supporting systems can be compromised

You will cover

The course consists of the following main topics and subtopics:

  • What is Penetration Testing?
  • What is involved in penetration testing IACS?
  • How to conduct external passive and active reconnaissance
  • How to find targets on the network from the Internet to the control layer
  • Passive and Active Vulnerability Discovery
  • Finding and using exploits
  • Wireless exploitation techniques
  • Social engineering technique
  • Client side attack techniques
  • Useful tools to enable ICS penetration testing 

Lab and Classroom Exercises

  • Overview of Kali Linux for Pen testers
  • Using tools such as Shodan, Spiderfoot, DNS, and others to conduct external reconnaissance
  • Using Wireshark and nmap to discover possible targets on ICS networks
  • Using Nessus and vulnerability discovery for ICS
  • Man-in-the-Middle Attack against EthernetIP communications
  • Wireless Attack Vectors
  • Using Metasploit and client side attacks against an HMI
  • Post exploitation using Metasploit 

Course Prerequisites

None, but students should be familiar with basic networking concepts and how to use tools like nmap and Wireshark.