Scribd
Upload
168 views19 pages

ICSGoat

ICSGoat is a vulnerable ICS infrastructure designed to provide training in industrial control systems (ICS) security, focusing on exploiting network misconfigurations and popular protocols like MODBUS and MQTT. The project aims to fill the gap in realistic ICS pentesting environments and encourages contributions from the open-source community. Future plans include expanding protocol support and collaborating with industry professionals to enhance training scenarios.

Uploaded by

abhishekgpandey7
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
168 views19 pages

ICSGoat

ICSGoat is a vulnerable ICS infrastructure designed to provide training in industrial control systems (ICS) security, focusing on exploiting network misconfigurations and popular protocols like MODBUS and MQTT. The project aims to fill the gap in realistic ICS pentesting environments and encourages contributions from the open-source community. Future plans include expanding protocol support and collaborating with industry professionals to enhance training scenarios.

Uploaded by

abhishekgpandey7
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 19

#BHUSA @BlackHatEvents

ICSGoat
A Damn Vulnerable ICS Infrastructure

#BHUSA @BlackHatEvents
About Us
Shantanu Kale
● Infrastructure Lead @ INE
● Published Research at Black Hat US/Asia Arsenal and DEFCON 30
Demo Labs
● Co-trainer in training at Seasides Goa, Rootcon 16 & 17
● Core Contributor to AWSGoat
● Strong roots in cloud and network penetration testing, vulnerability
scanning, and Open Source Intelligence Techniques

# BHUSA @BlackHatEvents
About Us
Divya Nain
● Software Engineer @ INE
● Published Research at Black Hat Asia Arsenal
● Core contributor to AzureGoat and GCPGoat
● Co-trainer in training at Seasides Goa
● Strong roots in cloud and network security

# BHUSA @BlackHatEvents
# BHUSA @BlackHatEvents
# BHUSA @BlackHatEvents
Threatscape

Reference:
https://ics-cert.kaspersky.com/publications/reports/2017/03/28/threat-landscape-for-industrial-automation-systems-in-the-second-half-of-2016/ # BHUSA @BlackHatEvents
The Motivation
● Training Needs
○ Basics and Fundamentals
○ Understanding ICS Protocols
○ Exploiting network misconfigurations
○ Exploiting popular ICS protocols like modbus, dnp3, mqtt, etc
○ What Next?

● Lack of expansive and realistic ICS Pentesting Environment

● Contribution from the open source community and security professionals

# BHUSA @BlackHatEvents
Enter ICSGoat!

# BHUSA @BlackHatEvents
ICSGoat: A Damn Vulnerable ICS Infrastructure

● Mimics real-world ICS infrastructure but with added vulnerabilities

● Multiple popularly used protocols are simulated

● Focused on a black box approach

● Understand possible threats to critical ICS infrastructure

# BHUSA @BlackHatEvents
ICSGoat Protocols

● MODBUS

● DNP3

● OPCUA

● MQTT

# BHUSA @BlackHatEvents
ICSGoat Infra Diagram

# BHUSA @BlackHatEvents
Building Realistic ICS Scenario: Challenges
● Unavailability of publicly available resources

● Required modifications to protocol libraries

● Containerizing protocol simulations

● Incorporating multiple protocols in a single scenario

● Required custom made SCADA and HMI system

# BHUSA @BlackHatEvents
Goat Family

# BHUSA @BlackHatEvents
Installation
● Repository: https://github.com/ine-labs/ICSGoat

● Manual Installation (Linux/Windows Machine)


○ Requirements
■ Docker (Docker Compose)
■ Git
○ Commands:
■ git clone https://github.com/ine-labs/ICSGoat
■ cd ICSGoat
■ docker compose up

# BHUSA @BlackHatEvents
Initial Attack Vector

# BHUSA @BlackHatEvents
DEMO

# BHUSA @BlackHatEvents
Future Plans

● Work with the community to introduce more protocols to ICSGoat

● Utilize ICSGoat to create realistic scenarios with the help of industry


professionals

● Co-exist with other projects

# BHUSA @BlackHatEvents
Thanks
skale@ine.com

# BHUSA @BlackHatEvents

You might also like