- 35
- 103 999
Mike Holcomb
Приєднався 8 чер 2023
Helping YOU secure ICS/OT
Hacking ICS/OT (& IT) with ChatGPT
How can we use ChatGPT to hack ICS/OT/SCADA systems?
The attackers are already doing this! Why shouldn't we?
Most importantly, how can we use ChatGPT to DEFEND control systems, especially in critical infrastructure?
00:00 - Intro
01:20 - "It's a PLC. It's NOT Vulnerable."
11:00 - Monitoring PLC Operational Modes
13:55 - Getting Started with ChatGPT
15:25 - Writing Your First Python Script with ChatGPT
18:35 - Creating a Basic ICS/OT Port Scanner
23:30 - Living off the Land
25:53 - Troubleshooting Code with ChatGPT
31:17 - Building an Asset Register from PCAPs
35:54 - Finding PLCs on the Internet
44:52 - Thou Shalt Not Create Pew Pew Maps
47:00 - Help ChatGPT Understand Little by Little
48:42 - Creating a Modbus Honeypot
54:10 - Going on the Offensive
57:38 - CLICK PLC Discovery Process
1:02:34 - Blinky! Blinky!
1:04:40 - Read and Write Coils & Registers
1:10:44 - Pulling It All Together
1:12:12 - What Comes Next?
1:15:19 - GenAI Today Is the WORST It is Ever Going to Be
1:15:52 - Thank You! Resource Links
Thank you for watching!!!
=================
LINKS & RESOURCES
=================
Free eBooks on Getting Started in ICS/OT Cyber Security: github.com/utilsec/Getting_Started_with_ICS
Getting Started in ICS/OT Cyber Security Course (25+ Hours):
ua-cam.com/video/CCIrntyqe64/v-deo.html
Looking for more on ICS/OT cyber security?
Mike Holcomb
linkedin.com/in/mikeholcomb
mikeholcomb.com
mike@mikeholcomb.com
youtube.com/@utilsec
github.com/utilsec
The attackers are already doing this! Why shouldn't we?
Most importantly, how can we use ChatGPT to DEFEND control systems, especially in critical infrastructure?
00:00 - Intro
01:20 - "It's a PLC. It's NOT Vulnerable."
11:00 - Monitoring PLC Operational Modes
13:55 - Getting Started with ChatGPT
15:25 - Writing Your First Python Script with ChatGPT
18:35 - Creating a Basic ICS/OT Port Scanner
23:30 - Living off the Land
25:53 - Troubleshooting Code with ChatGPT
31:17 - Building an Asset Register from PCAPs
35:54 - Finding PLCs on the Internet
44:52 - Thou Shalt Not Create Pew Pew Maps
47:00 - Help ChatGPT Understand Little by Little
48:42 - Creating a Modbus Honeypot
54:10 - Going on the Offensive
57:38 - CLICK PLC Discovery Process
1:02:34 - Blinky! Blinky!
1:04:40 - Read and Write Coils & Registers
1:10:44 - Pulling It All Together
1:12:12 - What Comes Next?
1:15:19 - GenAI Today Is the WORST It is Ever Going to Be
1:15:52 - Thank You! Resource Links
Thank you for watching!!!
=================
LINKS & RESOURCES
=================
Free eBooks on Getting Started in ICS/OT Cyber Security: github.com/utilsec/Getting_Started_with_ICS
Getting Started in ICS/OT Cyber Security Course (25+ Hours):
ua-cam.com/video/CCIrntyqe64/v-deo.html
Looking for more on ICS/OT cyber security?
Mike Holcomb
linkedin.com/in/mikeholcomb
mikeholcomb.com
mike@mikeholcomb.com
youtube.com/@utilsec
github.com/utilsec
Переглядів: 1 035
Відео
OSINT for ICS/OT - Complete 10+ Hour Course - Part 3 (Social Media Intelligence)
Переглядів 32114 годин тому
How does OSINT work with social media platforms? How do we collect RELEVANT information from LinkedIn, UA-cam, Reddit, Facebook, Twitter/X, Instagram, TikTok and the others? From a cyber security perspective? This part of the course provides an overview of how we use social media to gain information about a specific environment, particularly the employees that work there and the different types...
OSINT for ICS/OT - Complete 10+ Hour Course - Part 2 (Getting Started with OSINT)
Переглядів 81819 годин тому
OSINT doesn't have to be a complicated process. But how do we collect lots of information and determine what is relevant to us in protecting our networks? This part of the course provides an overview of the OSINT process as well as how to create sock puppet accounts for OSINT anonymity. We also cover using ChatGPT to create an email scraper as an example of automating our OSINT processes to mak...
OSINT for ICS/OT - Complete 10+ Hour Course - Part 1 (Course Introduction)
Переглядів 2,2 тис.14 днів тому
How do we use OSINT (Open Source Intelligence) to protect our Industrial Control Systems (ICS)/Operational Technology (OT) environments such as power plants, petrochemical facilities, railways and manufacturing plants? This course helps you find your ICS/OT (& IT) vulnerabilities before an attacker does! 0:00 - Introduction 1:23 - About the Instructor 4:57 - Prerequisites 5:56 - Why We Are Here...
Learn ICS/OT Incident Response with Backdoors & Breaches
Переглядів 795Місяць тому
Incident Response in ICS/OT networks can seem mysterious to many. But it doesn't have to be! One great way to learn about how incident response, and cyber security in general, work in industrial ICS and other OT environments is through the Backdoors and Breaches card game from Black Hills Information Security and ICS/OT add-on made with Dragos. Check out my FREE 20 hour course on Getting Starte...
Creating Port Scanners with ChatGPT
Переглядів 842Місяць тому
ChatGPT and other GenAI platforms can be incredible platforms for helping us create security tools! Even if you are NOT a developer! I know I'm not! If attackers can use ChatGPT to create phishing platforms and other attack scripts, why can't we use it to create our own tools? I might not be a developer, but I do get ideas for different tools to make my security life easier and/or more interest...
Using Shodan to Find ICS/OT (& IT) Assets
Переглядів 9173 місяці тому
Shodan is an incredible tool for findings all of the "things" connected to the Internet, including industrial (ICS/OT) assets like Programmable Logic Controllers (PLCs) and Human Machine Interfaces (HMIs). In this video, we cover: - Free QuickStart guide for working with Shodan - Brief Introduction to Shodan - Exploring ICS/OT Assets and Protocols - Understanding How Shodan Tags Work - Search T...
Nmap Scanning for ICS/OT (& IT) Networks - Part 2
Переглядів 9724 місяці тому
Nmap scanning in industrial (ICS/OT) networks? Nmap is my favorite cyber security tool of all time! NOTE: Nmap should only be used to scan assets you have authorization to do so. It is up to your organization to determine what assets can be actively scanned. In Part 2, we will cover taking Nmap beyond basic port scanning with: - Nmap service scans - The Nmap Scripting Engine (NSE) - Nmap ICS/OT...
Nmap Scanning for ICS/OT (& IT) Networks - Part 1
Переглядів 1,6 тис.4 місяці тому
Nmap scanning in industrial (ICS/OT) networks? Nmap is my favorite cyber security tool of all time! NOTE: Nmap should only be used to scan assets you have authorization to do so. It is up to your organization to determine what assets can be actively scanned. In Part 1, we cover the fundamentals of scanning ICS/OT & IT networks with Nmap, including: - An Nmap Overview - Using Packet Sniffers Whi...
Getting Started in ICS/OT Cyber Security - 20+ Hours - Review Questions
Переглядів 2 тис.6 місяців тому
In this last part to the course, we walk through the review questions for each Unit. There are 10 questions for each of the 10 course Units. Unit 1: ICS/OT Cyber Security Overview Unit 2: Main Types of Control Systems & Protocols Unit 3: ICS/OT Cyber Attacks & Secure Architecture Unit 4: Asset Registers and Control Systems Inventory Unit 5: Threat & Vulnerability Management Unit 6: OSINT for In...
Getting Started in ICS/OT Cyber Security - 20+ Hours - Part 10
Переглядів 2,8 тис.6 місяців тому
In Part 10, we look at penetration testing in ICS/OT environments. In this section, we will cover main topics including, but not limited to: - Books to Read - Legal and Ethical Considerations - Understanding the Client’s Needs and Goals - ICS/OT Penetration Testing Methodology - Reconnaissance - Initial Access - Discovery - Collection - Execution - Lateral Movement - Persistence - Evasion - Inh...
Getting Started in ICS/OT Cyber Security - 20+ Hours - Part 9
Переглядів 2,3 тис.6 місяців тому
In Part 9, we cover the common ICS/OT standards and regulations encountered across the industry in North America and internationally. In this section, we will cover main topics including, but not limited to: - What are Industry Standards? - Following the Regulations - ISA/IEC 62443 - NIST 800-82 - ISO 27001/27002 (from IT) - NERC CIP - CFATS - TSA Security Directives If you like the content, pl...
Getting Started in ICS/OT Cyber Security - 20+ Hours - Part 8
Переглядів 2,8 тис.7 місяців тому
Getting Started in ICS/OT Cyber Security - 20 Hours - Part 8
Getting Started in ICS/OT Cyber Security - 20+ Hours - Part 7
Переглядів 3,2 тис.7 місяців тому
Getting Started in ICS/OT Cyber Security - 20 Hours - Part 7
Getting Started in ICS/OT Cyber Security - 20+ Hours - Part 6
Переглядів 3,4 тис.8 місяців тому
Getting Started in ICS/OT Cyber Security - 20 Hours - Part 6
Getting Started in ICS/OT Cyber Security - 20+ Hours - Part 5
Переглядів 5 тис.8 місяців тому
Getting Started in ICS/OT Cyber Security - 20 Hours - Part 5
Getting Started in ICS/OT Cyber Security - 20+ Hours - Part 4
Переглядів 6 тис.8 місяців тому
Getting Started in ICS/OT Cyber Security - 20 Hours - Part 4
Getting Started in ICS/OT Cyber Security - 20+ Hours - Part 3
Переглядів 9 тис.9 місяців тому
Getting Started in ICS/OT Cyber Security - 20 Hours - Part 3
Getting Started in ICS/OT Cyber Security - 20+ Hours - Part 2
Переглядів 14 тис.9 місяців тому
Getting Started in ICS/OT Cyber Security - 20 Hours - Part 2
Getting Started in ICS/OT Cyber Security - 20+ Hours - Part 1
Переглядів 31 тис.9 місяців тому
Getting Started in ICS/OT Cyber Security - 20 Hours - Part 1
Getting Started in Industrial (ICS/OT) Cyber Security - For IT Cybersecurity Professionals
Переглядів 94911 місяців тому
Getting Started in Industrial (ICS/OT) Cyber Security - For IT Cybersecurity Professionals
Industrial (ICS/OT) Cyber Security Certifications
Переглядів 2,8 тис.Рік тому
Industrial (ICS/OT) Cyber Security Certifications
Asset Registers in ICS/OT Cyber Security (Part 5 of 5)
Переглядів 254Рік тому
Asset Registers in ICS/OT Cyber Security (Part 5 of 5)
Asset Registers in ICS/OT Cyber Security (Part 4 of 5)
Переглядів 232Рік тому
Asset Registers in ICS/OT Cyber Security (Part 4 of 5)
Asset Registers in ICS/OT Cyber Security (Part 3 of 5)
Переглядів 465Рік тому
Asset Registers in ICS/OT Cyber Security (Part 3 of 5)
Asset Registers in ICS/OT Cyber Security (Part 2 of 5)
Переглядів 536Рік тому
Asset Registers in ICS/OT Cyber Security (Part 2 of 5)
Asset Registers in ICS/OT Cyber Security (Part 1 of 5)
Переглядів 1,2 тис.Рік тому
Asset Registers in ICS/OT Cyber Security (Part 1 of 5)
Cyber Security Differences in IT & ICS/OT
Переглядів 1,2 тис.Рік тому
Cyber Security Differences in IT & ICS/OT
Critical Infrastructure Sectors for ICS/OT Cyber Security
Переглядів 1 тис.Рік тому
Critical Infrastructure Sectors for ICS/OT Cyber Security
Keep up the great work Sir 👍🏼👍🏼👍🏼
Thanks for the encouragement, SalmanInsights! And thanks for watching the video!
Have you Internetforum to discuss about OSint?
Hi Victor - I don't have a forum specifically for OSINT in ICS/OT, but you can find my UtilSec Discord channel. Feel free to join us at discord.gg/yBhBjfzS. Thanks for watching the video!
Thank you for your knowledge and effort Mike. Much appreciated.
You're welcome, Garey! And thanks for checking out the video - I hope you've found the course helpful so far!
Can you put the videos of Course in a playlist ?
You can find the playlist for this course at ua-cam.com/video/e7GTwmCX_Ws/v-deo.html&pp=iAQB and can find them under the Playlists tab. Hope this helps, Encyclopedia!
your courses are really gold, thank you for the amazing content
That really means a lot to hear, Ayush, thanks for saying! It's really exciting to hear that you really like the content! Thanks for watching the videos!
I have never seen a better explanation than this. This is like a hidden gem on youtube. KEEP UP YOUR WORK BRO YOU ARE GREAT😇❤
Thanks for watching the video, Uchiha, and for the kind words! I'll definitely take "hidden gem" any day! THANK YOU AGAIN!
Hello Mike One more section completed. Excellent, Superb and WOWWW! I have some queries and would love to have your thoughts on it. WELL DONE regards Adeel
I'm really happy to hear you've been working your way through the different parts of the course, Adeel! Thanks for checking it out! Feel free to post your questions here or if you prefer you can ping me on LinkedIn (linkedin.com/in/mikeholcomb) or email me at mike@mikeholcomb.com. Thanks again!
@@utilsec No, I am extremely thankful to you for giving such a valuable knowledge. Surely I will. regards Adeel
Mr Mike you are number one in ICS/OT field in youtube , your channel will reach 1 milion subscribes soon 😍
I was just happy with 100 subscribers, Mahmoud! But thank you for saying - you are way too kind!
great session and great job mike. thank you
Thank you for checking it out, Babdejlil! And thanks for saying - I really appreciate it!
Sir I really need your advice for my project. With all respect sir, I'd be really grateful for your help. We are 1st year Computer Science students and: We need to develop a tool that automatically checks the websites of equipment manufacturers (OEMs) and other relevant platforms for critical and high-severity vulnerabilities in both IT and OT equipment. When the tool finds such vulnerabilities, it should gather details and send an alert via email to the relevant people in the organization. Please suggest roadmap Sir
Feel free to ping me on LinkedIn CuriosityCraze. It'd be great to learn more about where you're going to school and your research project. Thanks for checking out the video!
You could look at ICS Advisory Project, While it doesn't directly scan websites, it provides a comprehensive database of known vulnerabilities that can be used to correlate with information extracted from OEM websites. But Mike is the man!!
Hello Mike. I have just completed this part. Though I am familiar with OT technology but have still watched all three parts including previous twos because you have really explained it very well and with a proper sequence means you have had a really nice working experience. The journey is continuos till the end surely. I have some queries so would you please share your email address in case I need to contact you. Very well done and stay blessed regards
Thanks for watching the course, Adeel! I'm glad to hear it hits the target I aim for and keep everything simple and straightforward. Feel free to ping me on LinkedIn (linkedin.com/in/mikeholcomb) or at mike@mikeholcomb.com. Thanks again!
Hi Mike, what would you suggest for someone to start having a bit of knowledge in cyber security, system admin and networking, but having no certifications. Would this be good start to get into OT security or are there any pre-requisites to start before getting into OT security? Please advise.
Hi Mini - No prerequisites are required to start learning about ICS/OT cyber security! Would an additional backround in general cyber security and/or system administration, networking and others helps? Most definitely, but it isn't absolutely necessary, especially to get a introduction to ICS/OT cyber security, what it is, what it means and how to protect our critical infrastructure. I hope this helps!
@@utilsec Thanks a lot Mike.
Thank you for the information.
You're very welcome, Ayinde - I hope you found it super helpful!
@@utilsec yes it was, I am trying to focus on a specific area in Cybersecurity and I came across your channel a while now
Thoughts on ICS 612? Good to take after ICS 515 or overkill?
Great question, ASavageCommentary! I haven't taken ICS 612, but it is on my list for the SANS ICS Summit next year. From everyone that I've talked to that has taken the course, it is not overkill and everyone absolutely loves it! I can't wait!
Thank you
Thank you for coming, Garey!
thanks a lot Mr Mike .how to finish all course
I'll be uploading the additional parts starting next week, babdejil. I hope to have Parts 2 and 3 up next week. Stay tuned!
Dear Mike The best introduction you have presented in part 1 that covers everything and very very well organized. Its really admiring and it appealed me to go through your rest of the parts for sure. I am really curious about CS of OT and I hope you would have shared a real good knowledge. A very popular quote "First impression is the last impression". I hope and wish so. regards
Thank you for checking out the first part of the course, Adeel! I'm glad you liked the first part and hope you find the other sections worth your time and even more informative. Thanks again!
Love it, can't wait to finish the whole course!
Thanks for checking it out, HossamEldin! And I'm glad you loved it - Part 2 will be coming next Tuesday at 11AM EST!
Good stuff! I'm definitely a bit smarter on this topic now.
That makes me really happy to hear, LePoris! That's one of the main reasons I write the courses and share them here on UA-cam. As long as someone gets something out of the content, I consider it a win. Thanks for checking it out and letting me know!
Great Mr:Mike and alot thanks of Your effort in the fieldbut can we have slides of This course ?
Thanks for checking out the course, Encyclopedia! And yes, you can have a copy of the slides for notes. Please just ping me on LinkedIn (linkedin.com/in/mikeholcomb).
Oooh! I am so into this. Can't wait.
Awesome to hear, Garey - thank you for checking it out! I hope you find it helpful!
Really excited for this training! Having worked IT in the energy sector I know how many smaller coops have one or two IT guys so I can’t wait to see how we can improve our overall defense posture 😊
Thank you for checking out the video, Whenhen! I'm happy to hear you're excited for the course. And a big reason why I put the courses out on UA-cam is for the exact same reason you highlight - the majority of our ICS/OT environments out there simply don't have the resources they need to stay secure, but I hope this helps! Especially when ICS/OT systems get accidentally (or purposefully) connected to the Internet! Thanks again!
Good
I'm happy to hear you think so, Evans! Thank you for checking it out!
Thank you so much Mike 👍
You're very welcome, Sam - thank you for taking the time to watch!
Was looking for scada cybersecurity essentials and came across your course. Looking forward to good journey
I'm glad you found the course, Ashu - Thank you for checking it out! I hope you find it helpful!
Just started this but I can already say THANKS. I am focusing on OT/building automation for my problem in my MSCIA capstone.
You're welcome, Barry! I hope you find the course helpful for your MSCIA capstone and beyond! Thanks for watching!
I have my associates in Industrial Cyber Security from Idaho state University and I am going for my Bachelors Degree in Cyber Physical Systems Security. There is a chance you may even know my professor, Sean McBride. Anyway, I love your videos! You talk a lot about the same stuff I was taught in College, and they are a nice refresher.
Thanks for sharing, Steven, and congrats on your Associates! And good luck with your Bachelors! I don't know Sean personally, but recognize the name. And thanks for checking out the videos - I appreciate the support!
Thank you very much for your effort and the invaluable knowledge you share. Much much appreciated.
You're very welcome, Nur! Thank you for watching the course - I hope you've found it super helpful!
Thanks Mike!
You're very welcome, SP CFSI! Thanks for checking it out!
Hi Mike, thank you so much for your videos. They are really amazing and I like your way of explaining the course. I do have one questions please. When you mentioned having retainers with Dragos or other. Did you mean that to use the help of third party in case of any security incident or if our in house incident response team failed to identify or deal with the incident?
Hi Abo - Thanks for watching the videos and for the kind words! As far as a retainer with an outside firm, you'll always want one (even if it's a zero cost retainer) "just in case." Even if you have an incredible in-house response team, if an incident is significant enough you'll need the additional help and most often you'll need an outside party to attest to what occurred. Most people won't want to take your own word for what occurred which is in part why you'll need an outside party. I hope this helps answer your question!
Dear Mike, I didn't watch yet the whole course but I can say that you do a great job. You explain the very complex topic in a simple way which makes it easily understandable. Thank you
I really appreciate that, Tarik! That was my main goal in putting the course together was to keep it simple and practical. I'm happy to hear that came across! Thanks for checking it out! At least the parts you did! ;)
Dear Mike, I didn't watch yet the whole course but I can say that you do a great job. You explain the very complex topic in a simple way which makes it easily understandable. Thank you
I really appreciate that, Tarik! That was my main goal in putting the course together was to keep it simple and practical. I'm happy to hear that came across! Thanks for checking it out! At least the parts you did! ;)
Great one.. Your videos will help lot of OT enthusiasts to move into this field 😊
Thanks for saying, Om, and I hope so! That's exactly why I put the videos out there to help those wanting to learn more and move into ICS/OT cyber security. Thank you for watching the videos!
Hello Mike, Thank you for putting out valuable information for OT security enthusiasts, for someone coming from IT (networking) background with little knowledge in IT security, I intended following the network security route but I find myself in a power plant and my interest in OT security has been ignited by your videos. will the ISA/IEC 62443 Cybersecurity Certificate Program be sufficient to bring me to understanding or you'd recommend some other courses prior/post?
Thanks for checking out the course, Roy! Also, if you haven't seen my free eBook, this will probably give you some additional ideas you're looking for based on your background. github.com/utilsec/Getting_Started_with_ICS/blob/main/Getting%20Started%20with%20Industrial%20Cyber%20for%20IT%20Pros%202023.1.pdf The 62443 program, along with my course, can definitely give you a solid footing and one of the certifications that employers are looking for. You'll also want to check out the Recruiter Edition video I have under my Live video section where I discuss this very topic with Arely Loya, one of the best ICS/OT recruiters out there. I hope these help!
Dear Mike, Thank you for the excellent subject and easy presentation. liked and subscribed
You're welcome, Mujtaba! I'm glad it sounds like you found the course videos helpful which is what I was aiming for!
Siemens now starts the phase out of their comfort panels which run Windows CE for their unified comfort panel which run on Linux.
Interesting to start to see more Linux in ICS/OT. Most of what I see today is still primarily Windows-based. A little Linux here and there, but not that much. Thanks for sharing!
Dear Mike, Would you mind share the slides? Thanks!
If you ping me on LinkedIn, I can do that. Thanks!
I appreciate you for your massive effort
Thank you for saying, Abdellah! I really appreciate it! And thanks for checking out the videos!
Thank you very much for making this for free. I don't know if I could afford it if it was paid again thank you
It was my pleasure, Shivam! I hope it helps!
Great Session... Thanks for putting up your valuable knowledge 😊
I'm glad it hit the target for you, Om! Thank you for watching it and you're welcome!
Got an interview for an OT Security Consultant role soon. This was a great help for preparing!
I hope it helps in some way, A P! good luck with your interview!
Awesome! Are you starting out in cyber or crossing over?
Awesome ❤
I'll definitely take that, Shab! Thank you for checking out the session with Arely and I. I hope you found it helpful!
Would something like this could be used to scan for assets on a vessel?
It "could" be, InternetUser, but "should" you is another question. For the majority of time, in ICS/OT environments such as you would find on a vessel, you would not want to do active scanning to find assets. On your IT network yes, but not on your OT network which could introduce safety or operational issues. For more information on findings assets in OT environments, check out Part 5 from my "Getting Started in ICS/OT Cyber Security" course: ua-cam.com/video/madBOec2s74/v-deo.html. I hope this helps!
Amazing video ! Very informative :)
Thanks for checking it out, QQb0t! Keep an eye out for my full presentation I'll be posting in two weeks along with the DEFCON ICS Village talk - "Using ChatGPT to Create Defensive & Offensive ICS/OT Tools"!
Mr: Mike make subtitle available to The Video
A great suggestion, Encyclopedia - I'll see what I can do to make that happen!