Module 1 :
Briefing of ICS

Industrial Control Systems (ICS) are used in various industries to monitor and control physical processes such as manufacturing, energy production, and transportation. They integrate hardware, software, and networked communication to automate industrial operations efficiently.

Module 2:
Difference between ICS and DCS (Distributed Control Systems)

• ICS (Industrial Control Systems): Encompasses a broader range of control systems used in industrial environments, including Distributed Control Systems (DCS), SCADA systems, and PLC-based systems. ICS manages processes across multiple industries.
• DCS (Distributed Control Systems): Specifically refers to control systems used in large-scale industrial processes where multiple autonomous controllers are distributed throughout the system. DCS often includes centralized supervisory control for process monitoring and management.

Module 3 :
Briefing of ISA99/IEC62443 and NIST 800-82

• ISA99/IEC62443: Standards that provide guidelines and best practices for securing Industrial Automation and Control Systems (IACS). They outline security requirements, control objectives, and implementation guidance tailored for ICS environments.
• NIST 800-82: NIST Special Publication that provides guidance on securing Industrial Control Systems (ICS), including recommendations for cybersecurity controls, risk management, and incident response.

Module 4 :
ICS Protocols Overview

Modbus

• Introduction and Protocol Overview: Modbus is a communication protocol widely used in industrial automation for connecting electronic devices. It is simple and widely adopted for its ease of implementation.
• Reconnaissance (Active and Passive): Techniques to gather information about Modbus devices and networks, including scanning for active Modbus hosts and analyzing network traffic passively.
• Sniffing and Eavesdropping: Intercepting and analyzing Modbus communication to capture sensitive information such as register values and commands.
• Baseline Response Replay: Mimicking normal Modbus traffic to evade detection or conduct reconnaissance without triggering alarms.
• Modbus Flooding: Overloading Modbus devices or networks with excessive requests to disrupt operations or cause denial-of-service conditions.
• Modifying Coil and Register Values of PLC: Unauthorized manipulation of Modbus coil and register values to control PLC operations or cause process malfunctions.

Module 5 :
S7 Communication 

• Introduction and Protocol Overview: S7 Communication is used in Siemens PLCs for programming, data exchange, and control functions. It supports various communication protocols like MPI, PROFIBUS, and PROFINET.
• Reconnaissance (Active and Passive): Techniques to identify Siemens S7 devices on networks and gather information about their configurations and vulnerabilities.
• Sniffing and Eavesdropping: Intercepting S7 communication to capture PLC program logic, data exchange, or control commands.
• Uploading and Downloading PLC Programs: Unauthorized access to upload or download PLC programs to manipulate control logic or introduce malicious code.
• Start and Stop PLC CPU: Unauthorized control over the operational state of PLC CPUs, affecting the entire industrial process.

• Introduction and Protocol Overview: Zigbee is a wireless communication protocol used in IoT and industrial automation for low-power, short-range wireless networking.
• Reconnaissance: Identifying Zigbee devices, network topologies, and communication patterns to understand potential attack vectors.
• Sniffing and Eavesdropping: Capturing and analyzing Zigbee communication to intercept sensitive data or commands transmitted between devices.
• Replay Attacks: Resending captured Zigbee frames to execute unauthorized actions or manipulate device behavior.
• Packet Forging Attack: Crafting and injecting malicious Zigbee packets to exploit vulnerabilities or compromise devices.
• Jamming Attacks: Emitting interference signals to disrupt Zigbee communication and cause denial-of-service conditions.
• Dissociation Attacks: Forcing Zigbee devices to disconnect from their network, disrupting communication and potentially causing operational disruptions.

• Introduction: MQTT (Message Queuing Telemetry Transport) is a lightweight messaging protocol for IoT and industrial applications, facilitating efficient communication between devices and servers.
• Protocol Details: Overview of MQTT communication flows, message formats, and quality of service levels (QoS).
• Recon and Enumeration of Topics: Identifying MQTT topics used for data exchange between devices and servers to understand communication patterns.
• Reverse Engineering of Communication: Analyzing MQTT message payloads and protocols to extract meaningful data or manipulate communication flows.
• DOS Attacks: Conducting Denial-of-Service attacks against MQTT brokers or devices to disrupt communication and cause service unavailability.

• Identifying Compression and Types: Recognizing and decompressing firmware images to access and analyze embedded software and configurations.
• Firmware Analysis: Reverse engineering firmware to understand functionality, vulnerabilities, and communication protocols used by embedded devices.
• Simulating Firmware: Emulating firmware environments to replicate device behavior, test vulnerabilities, and validate security controls.