TASK 01 (SHODAN)
•For this assignment you will have to do some observation task on some vulnerabilities that can be exploited to attack ICS security.
•Remember: ONLY OBSERVE for study purpose. UNITEN will not be responsible for your experimentation beyond the required task.
Search for potential location of ICS devices
•Use Shodan website
•Search for location that is linked to port 102 in Malaysia
•Note how many are there in Malaysia
1.Find out what all those displayed information mean from the search. Explain it in your report. [5 marks]
2.Use the map in SHODAN to actually find out where these location actually is. [2 marks]
3.Cross check with google map if the location is actually real. List at least TWO detailed address and information found through SHODAN, [3 marks]
4.Extra bonus marks: Find out other port number that might be used by ICS device and perform a search. List them out and perform the same test. Write the same report of your findings.

TASK 02 (GOOGLE HACKING)
•For this assignment you will have to do some observation task on some vulnerabilities that can be exploited to attack ICS security.
•ONLY OBSERVE for study purpose. UNITEN will not be responsible for your experimentation beyond the required task.
Search for potential HMI remote terminal
•Use Google website. Type in “intitle:"MiniwebStart Page“” on the search box.
•Take note if you actually find an IP address linked to the HMI terminal
1.Click on each search result. Did you see an actual login interface? Screen shot as proof. Capture information of at least TWO results. [2 marks]
2.What product is actually using this type of interface? Explain. [2 marks]
3.Find out if there is any default password linked to the product that you can actually use for brute force attack. [2 marks]
4.If you managed to find an IP address from the search, Use SHODAN to find out more about the IP address. Cross check with google map if the location is actually real. Screen shot and write a simple summary of your findings. [4 marks]
5.Extra bonus marks: Find out google other search string that you can actually use to search for other HMI remote terminal.

TASK 03 (EXPOSED CAMERA)
•For this assignment you will have to do some observation task on some vulnerabilities that can be exploited to attack ICS security.
•ONLY OBSERVE for study purpose. UNITEN will not be responsible for your experimentation beyond the required task.
Search for potential location of HMI remote terminal
•Go to this url: https://www.insecam.org/en/bycountry/MY/?page=1
•Browse on the search result and view any web cams result that might interest you.
1.Click on the result. What information are actually shown tied to the location? Explain. [2 marks]
2.Find the map location of each of the camera. Can you pinpoint exactly where the location is? List at least TWO locations and its detailed information displayed from the website. Make a guess of what that location is (an office, house, warehouse etc). [4 marks]
3.What can you observe from the webcam displayed? Is it useful? Explain. [4 marls]
4.Extra bonus marks: Find out other sites or google search string that you can actually use to search for exposed webcams.

TASK 04 (RESOLUTION/CONCLUSION)
1.Explain what have you discovered through all those THREE (3) exercises in terms of vulnerabilities and threats related to the ICS and also to an organization in general. [10 marks]
2.What vulnerabilities have you discovered from the exercise. Explain. [10 marks]
3.What threats can actually exploit the vulnerabilities that you have listed in (2). Explain. [10 marks]
4.Could task 1, 2 and 3 be used to attack an ICS system? Explain you answer as clear and concise as possible. [10 marks]