6 posts · security research and write-ups
Breaking down what actually makes up an ICS from PLCs and HMIs to the networks beneath them and understanding how they differ from traditional IT environments you are used to.
Focusing on GoPhish customisation and OPSEC by removing default settings, changing identifiers, refining behaviour, and adjusting how campaigns operate so they blend in better and don't get burned.
Setting up a local on-prem phishing lab in VMware using GoPhish, configuring a simple mail setup, and testing how campaigns and templates work before moving into more advanced infrastructure.
Recon from unauthenticated and authenticated angles using techniques and tools such as Nmap, RPC/IIS fingerprinting, LDAP/WMI to locate MPs/DPs and exposed package artifacts.
Exploring SCCM’s collections, variables, task sequences, network access accounts, and PXE boot to understand the in-depth process behind deployment and operating system provisioning.
Breaking down and understanding Microsoft SCCM’s architecture, core components, different deployment models, and client installation methods before diving deeper into exploitation later.
