Best GitHub Repos To Learn OT/ICS Cybersecurity For FREE!

Virtual Lab Environments

GRFICS (Graphical Realism Framework for Industrial Control Simulation) – Simulate an industrial plant while practicing cybersecurity.
Virtual OT/ICS Environment – Defensive and offensive cybersecurity learning platform.

Packet Captures

OT Protocol Packet Captures – Learn Modbus, Profinet, and other OT protocols.
More OT/ICS Packet Captures – Additional datasets for analysis.

Penetration Testing Tools

OT/ICS Pentesting Tools Collection – Extensive list of offensive security tools.
OT/ICS Security Tools & Resources – Another curated list for red/blue teams.

Honeypots

Conpot ICS Honeypot – Popular open-source honeypot for OT security.
T-Mobile’s OT Honeypot – Designed for ICS threat detection.

Additional Resources

UtilSec (Mike Holcomb’s Resources)

You Should Know:

Setting Up Conpot Honeypot (Linux)

 Install dependencies 
sudo apt update && sudo apt install -y python3 git python3-pip

Clone & install Conpot 
git clone https://github.com/mushorg/conpot.git 
cd conpot 
pip3 install -r requirements.txt

Run Conpot (default config) 
python3 conpot.py --template default

Analyzing Modbus Traffic with Wireshark

1. Capture Modbus Traffic:

sudo tcpdump -i eth0 -w modbus.pcap port 502

2. Filter Modbus in Wireshark:

modbus || tcp.port == 502

MITRE Caldera for OT

git clone https://github.com/mitre/caldera-ot.git 
cd caldera-ot 
docker-compose up

MiniCPS Virtual Lab

git clone https://github.com/scy-phy/minicps.git 
cd minicps 
pip3 install -e .

What Undercode Say:

OT/ICS security requires hands-on practice. Use these repos to:
– Simulate attacks with GRFICS.
– Analyze real Modbus/Profinet captures.
– Deploy honeypots (Conpot) to detect threats.
– Leverage Caldera-OT for automated adversary emulation.

Key Commands:

– `nmap -sV –script modbus-discover.nse ` – Scan for Modbus devices.
– `python3 plcsim.py` – Simulate PLC logic (DHALSIM).
– `zeek -r ics_traffic.pcap` – Parse OT traffic with CISA’s Zeek scripts.

Expected Output:

A structured lab report with:

1. Attack vectors tested.

2. Traffic analysis (Wireshark/Zeek).

3. Honeypot logs (Conpot/T-Mobile).

4. Mitigation steps (firewall rules, IDS alerts).

References:

Reported By: Mikeholcomb 8 – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Best GitHub Repos to Learn OT/ICS Cybersecurity for FREE!

Virtual Lab Environments

Packet Captures

Penetration Testing Tools

Honeypots

Additional Resources

You Should Know:

Setting Up Conpot Honeypot (Linux)

Analyzing Modbus Traffic with Wireshark

1. Capture Modbus Traffic:

2. Filter Modbus in Wireshark:

MITRE Caldera for OT

MiniCPS Virtual Lab

What Undercode Say:

Key Commands:

Expected Output:

A structured lab report with:

1. Attack vectors tested.

2. Traffic analysis (Wireshark/Zeek).

3. Honeypot logs (Conpot/T-Mobile).

4. Mitigation steps (firewall rules, IDS alerts).

Further Reading:

References:

Join Our Cyber World:

Listen to this Post

Virtual Lab Environments

Packet Captures

Penetration Testing Tools

Honeypots

Additional Resources

You Should Know:

Setting Up Conpot Honeypot (Linux)

Analyzing Modbus Traffic with Wireshark

1. Capture Modbus Traffic:

2. Filter Modbus in Wireshark:

MITRE Caldera for OT

MiniCPS Virtual Lab

What Undercode Say:

Key Commands:

Expected Output:

A structured lab report with:

1. Attack vectors tested.

2. Traffic analysis (Wireshark/Zeek).

3. Honeypot logs (Conpot/T-Mobile).

4. Mitigation steps (firewall rules, IDS alerts).

Further Reading:

References:

Join Our Cyber World:

Related Posts: