Guidelines for Exploiting Specialized Systems

When exploiting specialized systems:

• Take inventory of all target assets that run specialized, non-traditional computing systems.
• Research the manufacturer and specific model of each targeted specialized system and device.
• Consider the inherent security differences in mobile OS platforms.
• Identify rooted and jailbroken devices as potentially easier targets for exploitation.
• Generate a malicious APK using msfvenom to compromise Android devices.
• Use social engineering tactics to entice Android users into installing a malicious APK.
• Use a tool like ICSSPLOIT to target specific ICS vulnerabilities.
• Search for and use Metasploit modules that target SCADA systems.
• Use standard reconnaissance tools against embedded operating systems to discover open ports and running services.
• Use web-based exploits against web interfaces commonly found on embedded OSs.
• Research vulnerabilities associated with specific real-time operating systems.
• Research default credentials for specific IoT devices like IP cameras.
• Compromise frontend point of sale devices to read or modify sensitive financial data before processing and storage.
• Research vulnerabilities in backend POS servers to compromise financial data.