Ics/Ot Cyber Attack Tactics Techniques Mitre Framework

Simplified understanding of adversary tactics and techniques based MITRE Framework for ICS, all techniques explained.

What you'll learn
ICS Attack Tactics
ICS Attack Techniques
MITRE ATT&CK Framework
Mitigations for the techniques
Major cybersecurity attacks in ICS
Requirements
Basic Industrial Software Knowledge Like DCS/SCADA/PLC/RTU etc
No programming knowledge required
Architecture awareness of OT systems
Prior experience in ICS required
Description
MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.In this course, you will learn about all the tactics for ICS/OT as per the framework. Also, we will learn about all the techniques in detail for each tactic. And for mitigation, there could be the same mitigation to be applied for multiple techniques so we will cover mitigations as a whole. We will cover all the below-mentioned tactics:ICS Attack tactics:Initial AccessExecutionPersistencePrivilege EscalationEvasionDiscoveryLateral MovementCollectionCommand and ControlInhibit Response FunctionImpair Process ControlImpactAfter completing this course you will have a good understanding of the techniques to be implemented and executed by adversaries. That will help you to answer clients, customers, and in meetings and discussions. Also whenever you are designing some solution you will keep these in mind and set proper mitigation to make the environment more secure and comprehensive.For understanding this course you should have a basic understanding of the Industrial control system and technical terms which are commonly used in cybersecurity so that you can understand the concepts. This is a theoretical course but in the future, I will keep on adding practical examples as well.

Overview

Section 1: Introduction

Lecture 1 Introduction

Lecture 2 Tactics

Section 2: Initial Access

Lecture 3 Initial Access

Lecture 4 Drive-by Compromise

Lecture 5 Exploit Public-Facing Application

Lecture 6 Exploitation of Remote Services

Lecture 7 External Remote Services

Lecture 8 Internet Accessible Device

Lecture 9 Remote Services

Lecture 10 Replication Through Removable Media

Lecture 11 Rogue Master

Lecture 12 Spearphishing Attachment

Lecture 13 Supply Chain Compromise

Lecture 14 Transient Cyber Asset

Lecture 15 Wireless Compromise

Section 3: Execution

Lecture 16 Execution

Lecture 17 Change Operating Mode

Lecture 18 Command-Line Interface

Lecture 19 Execution through API

Lecture 20 Graphical User Interface

Lecture 21 Hooking

Lecture 22 Modify Controller Tasking

Lecture 23 Native API

Lecture 24 Scripting

Lecture 25 User Execution

Section 4: Persistence

Lecture 26 Persistence

Lecture 27 Modify Program

Lecture 28 Module Firmware

Lecture 29 Project File Infection

Lecture 30 System Firmware

Lecture 31 Valid Accounts

Section 5: Privilege Escalation

Lecture 32 Privilege Escalation

Lecture 33 Exploitation for Privilege Escalation

Lecture 34 Hooking

Section 6: Evasion

Lecture 35 Evasion

Lecture 36 Exploitation for Evasion

Lecture 37 Indicator Removal on Host

Lecture 38 Masquerading

Lecture 39 Rootkit

Lecture 40 Spoof Reporting Message

Section 7: Discovery

Lecture 41 Discovery

Lecture 42 Network Connection Enumeration

Lecture 43 Network Sniffing

Lecture 44 Remote System Discovery

Lecture 45 Remote System Information Discovery

Lecture 46 Wireless Sniffing

Section 8: Lateral Movement

Lecture 47 Lateral Movement

Lecture 48 Default Credentials

Lecture 49 Exploitation of Remote Services

Lecture 50 Lateral Tool Transfer

Lecture 51 Program Download

Lecture 52 Remote Services

Section 9: Collection

Lecture 53 Collection

Lecture 54 Automated Collection

Lecture 55 Data from Information Repositories

Lecture 56 Detect Operating Mode

Lecture 57 I/O Image

Lecture 58 Man in the Middle

Lecture 59 Monitor Process State

Lecture 60 Point & Tag Identification

Lecture 61 Program Upload

Lecture 62 Screen Capture

Lecture 63 Wireless Sniffing

Section 10: Command and Control

Lecture 64 Command & Control

Lecture 65 Commonly Used Port

Lecture 66 Connection Proxy

Lecture 67 Standard Application Layer Protocol

Section 11: Inhibit Response Function

Lecture 68 Inhibit Response Function

Lecture 69 Activate Firmware Update Mode

Lecture 70 Alarm Suppression

Lecture 71 Block Command Message

Lecture 72 Block Reporting Message

Lecture 73 Block Serial COM

Lecture 74 Data Destruction

Lecture 75 Denial of Service

Lecture 76 Device Restart/Shutdown

Lecture 77 Manipulate I/O Image

Lecture 78 Modify Alarm Settings

Lecture 79 Service Stop

Section 12: Impair Process Control

Lecture 80 Impair Process Control

Lecture 81 Brute Force I/O

Lecture 82 Modify Parameter

Lecture 83 Unauthorized Command Message

Section 13: Impact

Lecture 84 Impact

Lecture 85 Damage to Property

Lecture 86 Denial of Control

Lecture 87 Denial of View

Lecture 88 Loss of Availability

Lecture 89 Loss of Control

Lecture 90 Loss of Productivity and Revenue

Lecture 91 Loss of Protection

Lecture 92 Loss of Safety

Lecture 93 Loss of View

Lecture 94 Manipulation of Control

Lecture 95 Manipulation of View

Lecture 96 Theft of Operational Information

Section 14: Mitigation

Lecture 97 Mitigation and MITRE Navigation

Control engineers, integrators, and architects who design or implement OT systems,System administrators, engineers, and other information technology (IT) professionals who administer, patch, or secure OT systems,Managers who are responsible for OT systems,Security consultants who perform security assessments and penetration testing of OT systems,Senior management who need to better understand risk for OT systems as they justify and apply an OT cybersecurity program,Researchers and analysts who are trying to understand the unique security needs of OT systems,Vendors that are developing products that will be deployed as part of an OT system