{"id":15531,"date":"2018-12-06T08:07:25","date_gmt":"2018-12-06T07:07:25","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=15531"},"modified":"2021-04-26T08:15:00","modified_gmt":"2021-04-26T07:15:00","slug":"pentesting-ics-one-0-one","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/12\/pentesting-ics-one-0-one\/","title":{"rendered":"Pentesting ICS 101"},"content":{"rendered":"<h2><\/h2>\n<div class=\"separator\" style=\"clear: both; text-align: center;\">\n<figure id=\"post-15533 media-15533\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-15533 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/985A0069.jpg\" alt=\"\" width=\"640\" height=\"426\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/985A0069.jpg 640w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/985A0069-287x191.jpg 287w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/985A0069-59x39.jpg 59w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/figure>\n<\/div>\n<p>Wavestone poss\u00e8de depuis plusieurs ann\u00e9es des d\u00e9monstrateurs sur la s\u00e9curit\u00e9 des syst\u00e8mes industriels. En particulier, vous avez peut-\u00eatre d\u00e9j\u00e0 rencontr\u00e9 notre maquette de train et bras robotiques avec un <b>capture the Flag physique <\/b>!<\/p>\n<p>Cette maquette de train est principalement utilis\u00e9e pour des workshops dans des<b> conf\u00e9rences de s\u00e9curit\u00e9 <\/b>(Black Hat Europe 2014, BruCON 2015 &amp; 2017, DEF CON 2016 &amp; 2018, Bsides LV, etc.), ou des <b>cours en \u00e9cole d&#8217;ing\u00e9nieurs<\/b> (EPITA, Mines, ESIEA, T\u00e9l\u00e9com Sud Paris, etc.).<\/p>\n<p>En plus des conf\u00e9rences et des cours en \u00e9cole, nous avons tourn\u00e9 cet \u00e9t\u00e9 une <b>vid\u00e9o<\/b> de la maquette afin de pr\u00e9senter les principales attaques sur les syst\u00e8mes industriels, et en particulier <b>l\u2019ins\u00e9curit\u00e9 des protocoles industriels.<\/b><\/p>\n<p>La premi\u00e8re partie de la vid\u00e9o rappelle ce que sont les syst\u00e8mes industriels et pr\u00e9sente les <b>principales familles de risques et vuln\u00e9rabilit\u00e9s<\/b> sur ces syst\u00e8mes :<\/p>\n<ul>\n<li>Des d\u00e9fauts d\u2019organisation et de sensibilisation des acteurs<\/li>\n<li>L\u2019absence de supervision de s\u00e9curit\u00e9<\/li>\n<li>L\u2019absence de m\u00e9canismes de s\u00e9curit\u00e9 dans les \u00e9quipements et les protocoles<\/li>\n<li>La non-maitrise des sous-traitants et de la maintenance<\/li>\n<li>La s\u00e9gr\u00e9gation inexistante des r\u00e9seaux<\/li>\n<li>L\u2019absence de patch management<\/li>\n<\/ul>\n<p><iframe loading=\"lazy\" src=\"https:\/\/tinyurl.com\/y7527yhk\" width=\"560\" height=\"315\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<p>La seconde partie de la vid\u00e9o rentre plus dans la pratique, avec tout d\u2019abord la pr\u00e9sentation de la maquette : les automates, la supervision ainsi que le fonctionnement g\u00e9n\u00e9ral.<br \/>\nL\u2019objectif est d\u2019attaquer les automates : il faut arr\u00eater le train et attraper son drapeau \u00e0 l\u2019aide des bras robotiques.<br \/>\nDiff\u00e9rents outils de lecture et \u00e9criture de registres sont alors pr\u00e9sent\u00e9s :<\/p>\n<ul>\n<li>S7getDB pour les automates Siemens<\/li>\n<li>Mbtget pour les automates Schneider<\/li>\n<\/ul>\n<p>Enfin, nous concluons sur le fait qu\u2019il est relativement<br \/>\nfacile de piloter les automates de mani\u00e8re ill\u00e9gitime avec des outils<br \/>\nimpl\u00e9mentant les protocoles de communication industriel. Par ailleurs, bien que<br \/>\nde nouvelles gammes d\u2019automates, plus robustes, existent chez certains<br \/>\nconstructeurs, la premi\u00e8re \u00e9tape de s\u00e9curisation consiste \u00e0 <b>cloisonner et<br \/>\nfiltrer <\/b>ses r\u00e9seaux industriels<\/p>\n<p><iframe loading=\"lazy\" src=\"https:\/\/tinyurl.com\/yaxwx4ev\" width=\"560\" height=\"315\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<div class=\"MsoNormal\"><\/div>\n<div class=\"MsoNormal\">Vous pouvez trouver les diff\u00e9rents outils pr\u00e9sent\u00e9s dans la vid\u00e9o, ainsi que nos autres outils aux adresses ci-dessous :<\/div>\n<ul>\n<li>Outils pour la lecture et l\u2019\u00e9criture de registres (Modbus ou S7)\n<ul>\n<li>Mbtget \u2013 outil perl pour les requ\u00eates de lecture\/\u00e9criture Modbus <a href=\"https:\/\/github.com\/sourceperl\/mbtget\">https:\/\/github.com\/sourceperl\/mbtget<\/a><\/li>\n<li>S7get et S7getDB \u2013 outil python pour les requ\u00eates de lecture\/\u00e9criture sur les automates Siemens d\u00e9velopp\u00e9 par Wavestone : <a href=\"https:\/\/github.com\/wavestone-cdt\/s7-get\">https:\/\/github.com\/wavestone-cdt\/s7-get<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Modbusclient \u2013 module Metasploit pour les requ\u00eates de lecture\/\u00e9criture Modbus (contribution Wavestone) : <a href=\"https:\/\/github.com\/rapid7\/metasploit-framework\/blob\/master\/modules\/auxiliary\/scanner\/scada\/modbusclient.rb\">https:\/\/github.com\/rapid7\/metasploit-framework\/blob\/master\/modules\/auxiliary\/scanner\/scada\/modbusclient.rb <\/a><\/li>\n<li>Outils utilisant la fonction 90 de Modbus pour l\u2019administration (un article d\u00e9taill\u00e9 est par ailleurs disponible ici : <a href=\"https:\/\/www.securityinsider-wavestone.com\/2018\/02\/fun-with-modbus-0x5a.html\">https:\/\/www.securityinsider-wavestone.com\/2018\/02\/fun-with-modbus-0x5a.html<\/a><\/li>\n<li>Modicon_command_CTv2 \u2013 module Metasploit pour arr\u00eater\/d\u00e9marrer une CPU (contribution Wavestone) :<a href=\"https:\/\/github.com\/wavestone-cdt\/fun-with-modbus-0x5a\/blob\/master\/modicon_command_CTv2.rb\"> https:\/\/github.com\/wavestone-cdt\/fun-with-modbus-0x5a\/blob\/master\/modicon_command_CTv2.rb<\/a><\/li>\n<li>Modicon_stux_transfer_ASO \u2013 module Metasploit pour t\u00e9l\u00e9charger le programme d\u2019un automate (contribution Wavestone) : <a href=\"https:\/\/github.com\/wavestone-cdt\/fun-with-modbus-0x5a\/blob\/master\/modicon_stux_transfer_ASO.rb\">https:\/\/github.com\/wavestone-cdt\/fun-with-modbus-0x5a\/blob\/master\/modicon_stux_transfer_ASO.rb<\/a><\/li>\n<li>Schneider \u2013 module pour forcer les entr\u00e9es \/ sorties d\u2019un automate d\u00e9velopp\u00e9 par Wavestone : <a href=\"https:\/\/github.com\/wavestone-cdt\/fun-with-modbus-0x5a\/blob\/master\/schneider.rb\">https:\/\/github.com\/wavestone-cdt\/fun-with-modbus-0x5a\/blob\/master\/schneider.rb<\/a><\/li>\n<\/ul>\n<div class=\"MsoNormal\"><\/div>\n<div class=\"MsoNormal\"><\/div>\n<div class=\"MsoNormal\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Wavestone poss\u00e8de depuis plusieurs ann\u00e9es des d\u00e9monstrateurs sur la s\u00e9curit\u00e9 des syst\u00e8mes industriels. En particulier, vous avez peut-\u00eatre d\u00e9j\u00e0 rencontr\u00e9 notre maquette de train et bras robotiques avec un capture the Flag physique ! Cette maquette de train est principalement&#8230;<\/p>\n","protected":false},"author":1271,"featured_media":15535,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[36,3225],"tags":[474,3140,3814,3826,3867,3869,3868,3866],"coauthors":[2769],"class_list":["post-15531","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","category-ethical-hacking-indicent-response","tag-attaque","tag-ics-2","tag-industrie-4-0","tag-manufacturing","tag-maquette","tag-schneider","tag-siemens","tag-train"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Pentesting ICS 101 - RiskInsight<\/title>\n<meta name=\"description\" content=\"Wavestone poss\u00e8de depuis plusieurs ann\u00e9es des d\u00e9monstrateurs sur la s\u00e9curit\u00e9 des syst\u00e8mes industriels. En particulier, vous avez peut-\u00eatre d\u00e9j\u00e0 rencontr\u00e9 notre maquette de train et bras robotiques avec un capture the Flag physique !Cette maquette de train est principalement utilis\u00e9e pour des workshops dans des conf\u00e9rences de s\u00e9curit\u00e9 (Black Hat Europe 2014, BruCON 2015 &amp; 2017, DEF CON 2016 &amp; 2018, Bsides LV, etc.), ou des cours en \u00e9cole d&#039;ing\u00e9nieurs (EPITA, Mines, ESIEA, T\u00e9l\u00e9com Sud Paris, etc.).En plus des conf\u00e9rences et des cours en \u00e9cole, nous avons tourn\u00e9 cet \u00e9t\u00e9 une vid\u00e9o de la maquette afin de pr\u00e9senter les principales attaques sur les syst\u00e8mes industriels, et en particulier l\u2019ins\u00e9curit\u00e9 des protocoles industriels.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/pentesting-ics-one-0-one\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Pentesting ICS 101 - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"Wavestone poss\u00e8de depuis plusieurs ann\u00e9es des d\u00e9monstrateurs sur la s\u00e9curit\u00e9 des syst\u00e8mes industriels. En particulier, vous avez peut-\u00eatre d\u00e9j\u00e0 rencontr\u00e9 notre maquette de train et bras robotiques avec un capture the Flag physique !Cette maquette de train est principalement utilis\u00e9e pour des workshops dans des conf\u00e9rences de s\u00e9curit\u00e9 (Black Hat Europe 2014, BruCON 2015 &amp; 2017, DEF CON 2016 &amp; 2018, Bsides LV, etc.), ou des cours en \u00e9cole d&#039;ing\u00e9nieurs (EPITA, Mines, ESIEA, T\u00e9l\u00e9com Sud Paris, etc.).En plus des conf\u00e9rences et des cours en \u00e9cole, nous avons tourn\u00e9 cet \u00e9t\u00e9 une vid\u00e9o de la maquette afin de pr\u00e9senter les principales attaques sur les syst\u00e8mes industriels, et en particulier l\u2019ins\u00e9curit\u00e9 des protocoles industriels.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/pentesting-ics-one-0-one\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2018-12-06T07:07:25+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-04-26T07:15:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/Fotolia_87057196_Subscription_Monthly_M.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2035\" \/>\n\t<meta property=\"og:image:height\" content=\"934\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ris4InsigHt\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ris4InsigHt\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/pentesting-ics-one-0-one\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/pentesting-ics-one-0-one\/\"},\"author\":{\"name\":\"Ris4InsigHt\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/7d402de4c00acb1a73cc38330d1a3df2\"},\"headline\":\"Pentesting ICS 101\",\"datePublished\":\"2018-12-06T07:07:25+00:00\",\"dateModified\":\"2021-04-26T07:15:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/pentesting-ics-one-0-one\/\"},\"wordCount\":568,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/pentesting-ics-one-0-one\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/Fotolia_87057196_Subscription_Monthly_M.jpg\",\"keywords\":[\"attaque\",\"ICS\",\"Industrie 4.0\",\"Manufacturing\",\"maquette\",\"Schneider\",\"Siemens\",\"train\"],\"articleSection\":[\"Cybersecurity &amp; Digital Trust\",\"Ethical Hacking &amp; Incident Response\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/pentesting-ics-one-0-one\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/pentesting-ics-one-0-one\/\",\"name\":\"Pentesting ICS 101 - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/pentesting-ics-one-0-one\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/pentesting-ics-one-0-one\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/Fotolia_87057196_Subscription_Monthly_M.jpg\",\"datePublished\":\"2018-12-06T07:07:25+00:00\",\"dateModified\":\"2021-04-26T07:15:00+00:00\",\"description\":\"Wavestone poss\u00e8de depuis plusieurs ann\u00e9es des d\u00e9monstrateurs sur la s\u00e9curit\u00e9 des syst\u00e8mes industriels. En particulier, vous avez peut-\u00eatre d\u00e9j\u00e0 rencontr\u00e9 notre maquette de train et bras robotiques avec un capture the Flag physique !Cette maquette de train est principalement utilis\u00e9e pour des workshops dans des conf\u00e9rences de s\u00e9curit\u00e9 (Black Hat Europe 2014, BruCON 2015 & 2017, DEF CON 2016 & 2018, Bsides LV, etc.), ou des cours en \u00e9cole d'ing\u00e9nieurs (EPITA, Mines, ESIEA, T\u00e9l\u00e9com Sud Paris, etc.).En plus des conf\u00e9rences et des cours en \u00e9cole, nous avons tourn\u00e9 cet \u00e9t\u00e9 une vid\u00e9o de la maquette afin de pr\u00e9senter les principales attaques sur les syst\u00e8mes industriels, et en particulier l\u2019ins\u00e9curit\u00e9 des protocoles industriels.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/pentesting-ics-one-0-one\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/pentesting-ics-one-0-one\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/pentesting-ics-one-0-one\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/Fotolia_87057196_Subscription_Monthly_M.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/Fotolia_87057196_Subscription_Monthly_M.jpg\",\"width\":2035,\"height\":934,\"caption\":\"Transportation Concept Set\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/pentesting-ics-one-0-one\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Pentesting ICS 101\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/7d402de4c00acb1a73cc38330d1a3df2\",\"name\":\"Ris4InsigHt\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/ris4insight\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Pentesting ICS 101 - RiskInsight","description":"Wavestone poss\u00e8de depuis plusieurs ann\u00e9es des d\u00e9monstrateurs sur la s\u00e9curit\u00e9 des syst\u00e8mes industriels. En particulier, vous avez peut-\u00eatre d\u00e9j\u00e0 rencontr\u00e9 notre maquette de train et bras robotiques avec un capture the Flag physique !Cette maquette de train est principalement utilis\u00e9e pour des workshops dans des conf\u00e9rences de s\u00e9curit\u00e9 (Black Hat Europe 2014, BruCON 2015 & 2017, DEF CON 2016 & 2018, Bsides LV, etc.), ou des cours en \u00e9cole d'ing\u00e9nieurs (EPITA, Mines, ESIEA, T\u00e9l\u00e9com Sud Paris, etc.).En plus des conf\u00e9rences et des cours en \u00e9cole, nous avons tourn\u00e9 cet \u00e9t\u00e9 une vid\u00e9o de la maquette afin de pr\u00e9senter les principales attaques sur les syst\u00e8mes industriels, et en particulier l\u2019ins\u00e9curit\u00e9 des protocoles industriels.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/pentesting-ics-one-0-one\/","og_locale":"en_US","og_type":"article","og_title":"Pentesting ICS 101 - RiskInsight","og_description":"Wavestone poss\u00e8de depuis plusieurs ann\u00e9es des d\u00e9monstrateurs sur la s\u00e9curit\u00e9 des syst\u00e8mes industriels. En particulier, vous avez peut-\u00eatre d\u00e9j\u00e0 rencontr\u00e9 notre maquette de train et bras robotiques avec un capture the Flag physique !Cette maquette de train est principalement utilis\u00e9e pour des workshops dans des conf\u00e9rences de s\u00e9curit\u00e9 (Black Hat Europe 2014, BruCON 2015 & 2017, DEF CON 2016 & 2018, Bsides LV, etc.), ou des cours en \u00e9cole d'ing\u00e9nieurs (EPITA, Mines, ESIEA, T\u00e9l\u00e9com Sud Paris, etc.).En plus des conf\u00e9rences et des cours en \u00e9cole, nous avons tourn\u00e9 cet \u00e9t\u00e9 une vid\u00e9o de la maquette afin de pr\u00e9senter les principales attaques sur les syst\u00e8mes industriels, et en particulier l\u2019ins\u00e9curit\u00e9 des protocoles industriels.","og_url":"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/pentesting-ics-one-0-one\/","og_site_name":"RiskInsight","article_published_time":"2018-12-06T07:07:25+00:00","article_modified_time":"2021-04-26T07:15:00+00:00","og_image":[{"width":2035,"height":934,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/Fotolia_87057196_Subscription_Monthly_M.jpg","type":"image\/jpeg"}],"author":"Ris4InsigHt","twitter_misc":{"Written by":"Ris4InsigHt","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/pentesting-ics-one-0-one\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/pentesting-ics-one-0-one\/"},"author":{"name":"Ris4InsigHt","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/7d402de4c00acb1a73cc38330d1a3df2"},"headline":"Pentesting ICS 101","datePublished":"2018-12-06T07:07:25+00:00","dateModified":"2021-04-26T07:15:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/pentesting-ics-one-0-one\/"},"wordCount":568,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/pentesting-ics-one-0-one\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/Fotolia_87057196_Subscription_Monthly_M.jpg","keywords":["attaque","ICS","Industrie 4.0","Manufacturing","maquette","Schneider","Siemens","train"],"articleSection":["Cybersecurity &amp; Digital Trust","Ethical Hacking &amp; Incident Response"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/pentesting-ics-one-0-one\/","url":"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/pentesting-ics-one-0-one\/","name":"Pentesting ICS 101 - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/pentesting-ics-one-0-one\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/pentesting-ics-one-0-one\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/Fotolia_87057196_Subscription_Monthly_M.jpg","datePublished":"2018-12-06T07:07:25+00:00","dateModified":"2021-04-26T07:15:00+00:00","description":"Wavestone poss\u00e8de depuis plusieurs ann\u00e9es des d\u00e9monstrateurs sur la s\u00e9curit\u00e9 des syst\u00e8mes industriels. En particulier, vous avez peut-\u00eatre d\u00e9j\u00e0 rencontr\u00e9 notre maquette de train et bras robotiques avec un capture the Flag physique !Cette maquette de train est principalement utilis\u00e9e pour des workshops dans des conf\u00e9rences de s\u00e9curit\u00e9 (Black Hat Europe 2014, BruCON 2015 & 2017, DEF CON 2016 & 2018, Bsides LV, etc.), ou des cours en \u00e9cole d'ing\u00e9nieurs (EPITA, Mines, ESIEA, T\u00e9l\u00e9com Sud Paris, etc.).En plus des conf\u00e9rences et des cours en \u00e9cole, nous avons tourn\u00e9 cet \u00e9t\u00e9 une vid\u00e9o de la maquette afin de pr\u00e9senter les principales attaques sur les syst\u00e8mes industriels, et en particulier l\u2019ins\u00e9curit\u00e9 des protocoles industriels.","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/pentesting-ics-one-0-one\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2018\/12\/pentesting-ics-one-0-one\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/pentesting-ics-one-0-one\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/Fotolia_87057196_Subscription_Monthly_M.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/Fotolia_87057196_Subscription_Monthly_M.jpg","width":2035,"height":934,"caption":"Transportation Concept Set"},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/pentesting-ics-one-0-one\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Pentesting ICS 101"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/7d402de4c00acb1a73cc38330d1a3df2","name":"Ris4InsigHt","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/ris4insight\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/15531","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/1271"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=15531"}],"version-history":[{"count":2,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/15531\/revisions"}],"predecessor-version":[{"id":15537,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/15531\/revisions\/15537"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/15535"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=15531"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=15531"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=15531"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=15531"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}