Hacking SCADA/Industrial Control Systems: The Pentest Guide

Poor quality figures (unreadable) and content had me regret taking a chance with this author. I wasn't going to post a review until I got to Chapter 8 - basically a regurgitation from "Industrial Network Security" 2nd Edition by Eric Knapp and Joel Langill. I was mad at myself for getting fooled.

I was a little skeptical when I purchased the book as the author seem to be new and I had not heard much about him. But the money spent on the book is really worth it. It seems that the author has explained in great details the security assessment methodology needed to be used in the SCADA/ICS pentesting. There is also a chapter dedicated specifically on security threat modeling that explains in details how a threat model be constructed and applied against the ICS environment. I like the simple approach used by the author to explain some of the difficult concepts in the book. Overall I think the book teaches good fundamentals for someone who has IT pentesting knowledge to come across the SCADA/ICS industry.

This book provides a really good way for someone who has knowledge of IT security knowledge but has very little knowledge about SCADA/ICS domain to understand the important concepts related to performing security assessments in SCADA/ICS world. It is based on NIST guidelines and is perfect for one who is looking to get into SCADA/ICS pentesting. Especially, the chapter 9 on Field Devices explains in details how to dump the firmwares from these devices and gives directions on how to perform reverse engineering on obtained firmware using IDA pro and other open source tools. Overall, this is worth the money spent!!

good read