2021 popular Hacking Exposed high quality Industrial Control Systems: ICS and SCADA Security Secrets & 2021 Solutions sale

2021 popular Hacking Exposed high quality Industrial Control Systems: ICS and SCADA Security Secrets & 2021 Solutions sale

2021 popular Hacking Exposed high quality Industrial Control Systems: ICS and SCADA Security Secrets & 2021 Solutions sale
2021 popular Hacking Exposed high quality Industrial Control Systems: ICS and SCADA Security Secrets & 2021 Solutions sale__left
2021 popular Hacking Exposed high quality Industrial Control Systems: ICS and SCADA Security Secrets & 2021 Solutions sale__after

Description

Product Description

Publisher''s Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.


Secure your ICS and SCADA systems the battle-tested Hacking Exposed™ way

This hands-on guide exposes the devious methods cyber threat actors use to compromise the hardware and software central to petroleum pipelines, electrical grids, and nuclear refineries. Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets and Solutions shows, step-by-step, how to implement and maintain an ICS-focused risk mitigation framework that is targeted, efficient, and cost-effective. The book arms you with the skills necessary to defend against attacks that are debilitating―and potentially deadly. See how to assess risk, perform ICS-specific threat modeling, carry out penetration tests using “ICS safe” methods, and block malware. Throughout, the authors use case studies of notorious attacks to illustrate vulnerabilities alongside actionable, ready-to-deploy countermeasures.

Learn how to:
• Assess your exposure and develop an effective risk management plan
• Adopt the latest ICS-focused threat intelligence techniques
• Use threat modeling to create realistic risk scenarios
• Implement a customized, low-impact ICS penetration-testing strategy
• See how attackers exploit industrial protocols
• Analyze and fortify ICS and SCADA devices and applications
• Discover and eliminate undisclosed “zero-day” vulnerabilities
• Detect, block, and analyze malware of all varieties

From the Publisher

Clint Bodungen is an industry-recognized ICS/SCADA security researcher and penetration testing expert with more than 20 years of experience.

Bryan L. Singer, CISSP, CAP is an industry-recognized industrial security expert and principal investigator with Kenexis Security Corporation.

Aaron Shbeeb  has worked for more than a decade in a variety of programming and security positions, including ICS/SCADA, and specializes in secure programming practices.

Kyle Wilhoit  is a senior threat researcher at Trend Micro. He focuses on original threat, malware, vulnerability discovery/analysis, and criminal activity on the Internet.

Stephen Hilt  is an Information Security and ICS Security expert and researcher who has published numerous ICS-Specific Nmap scripts that identify ICS protocols via native commands.

About the Author

Clint Bodungen is an industry-recognized ICS/SCADA security researcher and penetration testing expert with more than 20 years of experience.

Bryan L. Singer, CISSP, CAP is an industry-recognized industrial security expert and principal investigator with Kenexis Security Corporation.

Aaron Shbeeb  has worked for more than a decade in a variety of programming and security positions, including ICS/SCADA, and specializes in secure programming practices.

Kyle Wilhoit  is a senior threat researcher at Trend Micro. He focuses on original threat, malware, vulnerability discovery/analysis, and criminal activity on the Internet.

Stephen Hilt  is an Information Security and ICS Security expert and researcher who has published numerous ICS-Specific Nmap scripts that identify ICS protocols via native commands.



Bryan L. Singer, CISSP, CAP, (Montevallo, AL) is an industry-recognized industrial security expert currently in the position of Principal Investigator with Kenexis Security Corporation, specializing primarily in industrial control systems and SCADA security. Bryan began his professional career with the U.S. Army as a paratrooper and intelligence analyst. Since fulfillment of his military service, Bryan has designed, developed, and implemented large scale industrial networks, cybersecurity architectures, and conducted penetration tests and cybersecurity assessments worldwide across various critical infrastructure fields including power, oil and gas, food and beverage, nuclear, automotive, chemical, and pharmaceutical operations.  In 2002, Bryan became the founding chairman of the ISA-99/62443 standard, which he led up until 2012.  His areas of technical expertise are in software development, reverse engineering, forensics, network design, penetration testing, and cybersecurity vulnerability assessments.  He is a published author as well as frequent speaker and contributor to the ICS security field.

Aaron Shbeeb (Houston, TX) became interested in programming and computer security in his early teenage years.  He graduated from Ohio State University with a Bachelor''s of Science degree in computer science engineering.  He has worked for more than a decade in a variety of programming and security positions and has focused on secure programming practices.  Since 2008, he has worked as a penetration tester and security researcher focusing on ICS/SCADA systems, both professionally and personally.



Kyle Wilhoit (Festus, MO) "Kyle Wilhoit is a Sr. Threat Researcher at Trend Micro on the Future Threat Research Team. Kyle focuses on original threat, malware, vulnerability discovery/analysis and criminal activity on the Internet. He also hunts for new malware like a rabid dog. Prior to joining Trend Micro, he was at Fireeye hunting badness and puttin'' the bruising on cyber criminals and state sponsored entities as a Threat Intel guy. Prior to Fireeye, he was the lead incident handler and malware guy at a large energy company, focusing on ICS/SCADA security and targeted persistent threats. He has also worked at a Tier 1 ISP playing with malware. Kyle is also involved with several open source projects and actively enjoys reverse engineering things that shouldn''t be."

Stephen Hilt (Chattanooga, TN) Stephen Hilt has been in Information Security and Industrial Control Systems (ICS) Security for around 10 years. With a Bachelors Degree from Southern Illinois University, he started working for a large power utility in the South East of the United States. There Stephen gained an extensive background in Security Network Engineering, Incident Response, Forensics, Assessments and Penetration Testing. That is where Stephen started focusing on ICS Assessments, then moved to working as an ICS Security Consultant and Researcher for one of the most foremost ICS Security Consulting groups in the world. In 2014, Stephen was named as having one of the coolest hacks by dark reading for his PLCPwn, a weaponized PLC. As well, he has published numerous ICS Specific Nmap Scripts to Identify ICS protocols via native commands. Over the past 10 years, Stephen has learned how to build, defend and attack ICS networks.

Product information

Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.

Videos

Help others learn more about this product by uploading a video!
Upload video
Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.

Customers who bought this item also bought

Customer reviews

4.5 out of 54.5 out of 5
67 global ratings

Top reviews from the United States

Ryan
5.0 out of 5 starsVerified Purchase
This is an excellent introduction to ICS security that can benefit several audiences ...
Reviewed in the United States on July 30, 2017
This is an excellent introduction to ICS security that can benefit several audiences including infosec or software engineers looking to enter ICS security or controls engineers looking for a "red team" view of the systems they are building. It is precisely what I... See more
This is an excellent introduction to ICS security that can benefit several audiences including infosec or software engineers looking to enter ICS security or controls engineers looking for a "red team" view of the systems they are building. It is precisely what I expected based on the preview that is available without purchase. Chapter 5 and Chapter 6 stand out in particular; the former provides an excellent overview of several popular ICS protocol vulnerabilities and the latter provides several easy to understand examples of exploitation strategies.

That said, a few points worth noting:
- I''ve not read other "Hacking Exposed" books so I cannot speak to how it compares to other offerings. I will point out that it is highly unlikely any single volume can cover security topics in a way that adequately addresses the variation of ICS hardware, software, protocols, and deployment strategies.
- As with any introductory book, this one favors breadth over depth and is thus likely to disappoint all readers in some regard, e.g. those with a controls engineering background can likely skip Chapter 1.
- Chapters 2 and 3 are devoted to ICS Risk Assessment and Threat Modeling - excellent and useful material but further indication that this is not strictly a handbook for "hacking" ICS.
One person found this helpful
Helpful
Report
RosaBonita
4.0 out of 5 starsVerified Purchase
Good Information but Lacking in Completeness
Reviewed in the United States on May 18, 2017
I bought this book as supplemental material for my term paper. It was really helpful as a reference and I would definitely recommend it as such. That being said, it could have included more information on how to find out about new vulnerabilities and maybe a quick overview... See more
I bought this book as supplemental material for my term paper. It was really helpful as a reference and I would definitely recommend it as such. That being said, it could have included more information on how to find out about new vulnerabilities and maybe a quick overview of the general layout of ICS. Worth reading, but needs more to be complete.
Helpful
Report
A Security Professional
5.0 out of 5 starsVerified Purchase
An Informative, Balanced Read for Techies and Newbies New to ICS Security
Reviewed in the United States on July 15, 2017
I have the pleasure of knowing a few of the authors professionally, and have always had a deep respect for their knowledge in this space, so I was eagerly awaiting the release of the book. Having moved into the ICS security space from the IT security world was an eye-opener... See more
I have the pleasure of knowing a few of the authors professionally, and have always had a deep respect for their knowledge in this space, so I was eagerly awaiting the release of the book. Having moved into the ICS security space from the IT security world was an eye-opener for me, and mastering both worlds is a rare talent - and not one that I claim. These gentlemen can make that claim, and I feel that they have done a great job in communicating the nuances of ICS security and provided helpful insight in how to mitigate the security problems facing the ICS world. The book was very readable and balanced well introduction to concepts without being insulting and provided enough technical information for techies while being approachable for newbies.

I highly recommend reading this book.
One person found this helpful
Helpful
Report
Pascal Ackerman
5.0 out of 5 starsVerified Purchase
Learn to attack and defend your ICS systems
Reviewed in the United States on May 12, 2018
This book is truly a fantastic read. The mixture of real-life examples, technical details, applicable and relevant offensive and defensive industrial security information, delivered around a fictional story that relevates the material as you progress, makes this book a... See more
This book is truly a fantastic read. The mixture of real-life examples, technical details, applicable and relevant offensive and defensive industrial security information, delivered around a fictional story that relevates the material as you progress, makes this book a pleasure to read as well as a valuable resource for any type of reader. I have written my own book and will gladly admit that the content of it was influenced by Hacking Exposed - Industrial Control Systems.
One person found this helpful
Helpful
Report
John Andrews
5.0 out of 5 starsVerified Purchase
Truly understanding realistic threats and risks to ICS
Reviewed in the United States on January 22, 2019
Very informative book. This text is a must have for those who are learning about Industrial Control Systems. Hopefully, future PLC engineers will incorporate protections into their designs to help prevent situations described in the text.
2 people found this helpful
Helpful
Report
Sherrill G. Lenz
4.0 out of 5 starsVerified Purchase
book
Reviewed in the United States on December 31, 2018
helpful resource
Helpful
Report
SamVR
5.0 out of 5 starsVerified Purchase
GREAT book for getting to know ICS security as an OT engineer or getting to know ICS as a security professional
Reviewed in the United States on September 14, 2016
I was excited to see this arrive on my doorstep several days ago and wasted no time in bouncing around the book (I am not one for reading these types of books from front to back). Here’s my impression so far: I love how this book is structured and the writing style is very... See more
I was excited to see this arrive on my doorstep several days ago and wasted no time in bouncing around the book (I am not one for reading these types of books from front to back). Here’s my impression so far: I love how this book is structured and the writing style is very easy to digest for any technical/nontechnical level. Many foundational topics are addressed here, which is important for anyone who is new to ICS/OT environments or those in OT environments who are looking to understand how security can fit into their strategy. Frameworks, standards and reference models are explained in enough detail to give the reader a solid understanding of where they fit in. The book does go into more technical detail, being useful to those who are at a deeper technical level and can reference the code, packet captures, etc. that are shown in the later chapters. I almost feel like I am sitting in a discussion when I read the chapters, versus trying to digest a white paper. Overall, a great all-around book on ICS security for anyone who wants to know more about it!
3 people found this helpful
Helpful
Report
Matthew Anderson
5.0 out of 5 starsVerified Purchase
This book is a great resource for ICS Security professionals and Penetration Testers
Reviewed in the United States on September 25, 2016
I was very excited to see this book announced, although I wasn’t sure what to expect because for me personally, the “Hacking Exposed” book series has been hit or miss over the years. Some have been really good, while others weren’t really for me. I’ve finally finished... See more
I was very excited to see this book announced, although I wasn’t sure what to expect because for me personally, the “Hacking Exposed” book series has been hit or miss over the years. Some have been really good, while others weren’t really for me. I’ve finally finished reading this one and here are my thoughts:

First, and contrary to a negative review that I saw posted. This book successfully delivers what it claims. In the introduction, the authors state very clearly what the book is intended for and what it isn’t. They don’t claim to release “0days” or anything that isn’t already publically available. In fact, none of the "Hacking Exposed" books have ever really about that. They also don’t claim to be a complete step-by-step penetration testing guide. They do however provide excellent references and resources for everything that they do not cover in detail. For me, the success and usefulness of the book is the way that the authors have taken all of this ICS security relevant information that is scattered about all over the place, and put it together in one book, organized in a cohesive and strategic manner that is specifically applicable to ICS. The authors clearly understand asset owners and operators as well as their systems and operations.

If you are an experienced “hardware hacker” guru then no, this book probably isn’t going to dazzle you with new cutting edge techniques. But I don’t think that is the intended purpose of the book and the authors don’t claim as much. I think experienced penetration testers can probably benefit from the ICS specific strategies that the authors lay out, and maybe even some of the techniques in later chapters. I agree that there could be more hands on labs and step-by-step instruction on the examples provided, but I appreciate the fact that they are not exactly providing a step-by-step playbook for just any “script kiddie” that might want to attack a plant, refinery, substation, etc. I feel like this book adequately provides what you need, to those that need it, and references to further reading for those that want/need more.

I find that this book is a good “follow-on” companion to other ICS security books on my shelf such as “Industrial Network Security” by Joel Langill (SCADAHacker himself) and Eric Knapp and “Cyber Security for Industrial Control Systems” by Bryan Singer et all (who is also a co-author for this book). It completes the overall picture by providing some detail on the more offensive perspective. The case studies were very interesting and entertaining for me, and helped me get my head around the big picture. Chapter 1 did seem a little light if you are looking for more details about ICS/SCADA in general, but I think it was adequate enough to comprehend what is covered in this book. Chapters 2 and 3 were also very interesting to me because I’ve never seen anyone explain risk assessment and threat modeling from an ICS perspective like that before. Very well done and I think this is where asset owners and operators will get the most benefit. Chapters 4-8 are the more technical chapters with the classic “Hacking Exposed” feel to it. Yes there are some cross-referenced methods and tools but I certainly wasn’t aware of them.

In the end, is this book the end all be all? No. But it doesn’t claim to be. It is a much needed reference from a different perspective for the ICS security community.
One person found this helpful
Helpful
Report

Top reviews from other countries

T-Kay
5.0 out of 5 starsVerified Purchase
A must read book for the subject
Reviewed in the United Kingdom on November 6, 2017
Bought one in October 2017. I have been reading it and really enjoy reading it. Very good book for the subject area. Practical and Technical but for the knowledge of those who need it.
Bought one in October 2017. I have been reading it and really enjoy reading it. Very good book for the subject area. Practical and Technical but for the knowledge of those who need it.
Report
Amazon Customer
5.0 out of 5 starsVerified Purchase
Great ICS cybersecurity insides
Reviewed in the United Kingdom on April 11, 2017
Great ICS cybersecurity insides. Topics well organized.
Great ICS cybersecurity insides. Topics well organized.
Report
Translate all reviews to English
Hurdan0Games
4.0 out of 5 starsVerified Purchase
Recomendado
Reviewed in Spain on July 17, 2017
Sí estás buscando un libro sobre sistemas SCADA, este es tu libro desde luego. No es que sea muy práctico, se centra más en la teoría de dispositivos, etc pero es muy didáctico y desde luego te será de ayuda. Sí estás buscando algo para "hackear" sistemas SCADA,...See more
Sí estás buscando un libro sobre sistemas SCADA, este es tu libro desde luego. No es que sea muy práctico, se centra más en la teoría de dispositivos, etc pero es muy didáctico y desde luego te será de ayuda. Sí estás buscando algo para "hackear" sistemas SCADA, viendo vulnerabilidades y como explotarlas... No es para tí. Hay que diferenciar entre la gente que quiere ver como explotar cosas para hacerse el hacker, y la gente que quiere aprender como funciona todo, para luego poder aplicar ese conocimiento a realizar o ver las cosas de otro modo. Eso para mí sí es hacking, un defacement, un DdoS, etc... aunque requiera de conocimientos para realizarlos, hablando mal, yo lo considero una verdadera mierda. El objetivo es aplicar lo que sabes a otros campos, etc. Volviendo al tema del libro, que aún no lo he terminado, es muy didáctico. Recomiendo su compra, tanto para todo tipo de gente. Porque no sepas nada sobre ello no quiere decir que no sea para tí, lo que no sepas, investígalo, en eso consiste el hacking, en investigar y aprender!!
Sí estás buscando un libro sobre sistemas SCADA, este es tu libro desde luego. No es que sea muy práctico, se centra más en la teoría de dispositivos, etc pero es muy didáctico y desde luego te será de ayuda. Sí estás buscando algo para "hackear" sistemas SCADA, viendo vulnerabilidades y como explotarlas... No es para tí.

Hay que diferenciar entre la gente que quiere ver como explotar cosas para hacerse el hacker, y la gente que quiere aprender como funciona todo, para luego poder aplicar ese conocimiento a realizar o ver las cosas de otro modo. Eso para mí sí es hacking, un defacement, un DdoS, etc... aunque requiera de conocimientos para realizarlos, hablando mal, yo lo considero una verdadera mierda. El objetivo es aplicar lo que sabes a otros campos, etc.

Volviendo al tema del libro, que aún no lo he terminado, es muy didáctico. Recomiendo su compra, tanto para todo tipo de gente. Porque no sepas nada sobre ello no quiere decir que no sea para tí, lo que no sepas, investígalo, en eso consiste el hacking, en investigar y aprender!!
3 people found this helpful
Report
Translate review to English
Ken D.
5.0 out of 5 starsVerified Purchase
Great Primer for those interested in ICS Security!
Reviewed in Canada on January 11, 2018
I work for a CyberSecurity company, and didn''t have much of an exposure to CyberSecurity in the ICS space. This was a well laid-out, simplified read for me. Don''t get me wrong, they delve into specifics on the hows and whys SCADA systems get hacked, and I believe is a great...See more
I work for a CyberSecurity company, and didn''t have much of an exposure to CyberSecurity in the ICS space. This was a well laid-out, simplified read for me. Don''t get me wrong, they delve into specifics on the hows and whys SCADA systems get hacked, and I believe is a great starting point for anyone who was in my position! Well Done!!
I work for a CyberSecurity company, and didn''t have much of an exposure to CyberSecurity in the ICS space. This was a well laid-out, simplified read for me. Don''t get me wrong, they delve into specifics on the hows and whys SCADA systems get hacked, and I believe is a great starting point for anyone who was in my position! Well Done!!
Report
Amazon Customer
5.0 out of 5 starsVerified Purchase
Great quick reference
Reviewed in Canada on January 13, 2021
Great quick reference for key areas of concern and lists of resources.
Great quick reference for key areas of concern and lists of resources.
Report
See all reviews
Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.

Customers who viewed this item also viewed

Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.

What other items do customers buy after viewing this item?

Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.

Pages with related products.

  • human form
  • control solutions
  • web testing
  • application architecture
  • system architecture

2021 popular Hacking Exposed high quality Industrial Control Systems: ICS and SCADA Security Secrets & 2021 Solutions sale

2021 popular Hacking Exposed high quality Industrial Control Systems: ICS and SCADA Security Secrets & 2021 Solutions sale

2021 popular Hacking Exposed high quality Industrial Control Systems: ICS and SCADA Security Secrets & 2021 Solutions sale

2021 popular Hacking Exposed high quality Industrial Control Systems: ICS and SCADA Security Secrets & 2021 Solutions sale

2021 popular Hacking Exposed high quality Industrial Control Systems: ICS and SCADA Security Secrets & 2021 Solutions sale

2021 popular Hacking Exposed high quality Industrial Control Systems: ICS and SCADA Security Secrets & 2021 Solutions sale

2021 popular Hacking Exposed high quality Industrial Control Systems: ICS and SCADA Security Secrets & 2021 Solutions sale

2021 popular Hacking Exposed high quality Industrial Control Systems: ICS and SCADA Security Secrets & 2021 Solutions sale

2021 popular Hacking Exposed high quality Industrial Control Systems: ICS and SCADA Security Secrets & 2021 Solutions sale

2021 popular Hacking Exposed high quality Industrial Control Systems: ICS and SCADA Security Secrets & 2021 Solutions sale

2021 popular Hacking Exposed high quality Industrial Control Systems: ICS and SCADA Security Secrets & 2021 Solutions sale

2021 popular Hacking Exposed high quality Industrial Control Systems: ICS and SCADA Security Secrets & 2021 Solutions sale

2021 popular Hacking Exposed high quality Industrial Control Systems: ICS and SCADA Security Secrets & 2021 Solutions sale

2021 popular Hacking Exposed high quality Industrial Control Systems: ICS and SCADA Security Secrets & 2021 Solutions sale

2021 popular Hacking Exposed high quality Industrial Control Systems: ICS and SCADA Security Secrets & 2021 Solutions sale

2021 popular Hacking Exposed high quality Industrial Control Systems: ICS and SCADA Security Secrets & 2021 Solutions sale