Build Your Own OT ICS Lab in Under Minutes with Labshock

Listen to this Post

🐢▶️ Listen🚀

Labshock is a powerful tool designed to help OT engineers, security professionals, and CISOs quickly set up a functional ICS/OT lab for hands-on pentesting and incident detection practice.

🔗 Key Resources:

• Website: https://lnkd.in/gUSs__Xv
• YouTube Demo: https://youtu.be/Q4HBjgnCOO0
• GitHub: https://lnkd.in/daX_Tepw
• Discord: https://lnkd.in/dwdMR9K6

You Should Know:

1. Setting Up Labshock

To get started, clone the Labshock repository and deploy the lab environment:

git clone https://github.com/labshock/ics-lab.git 
cd ics-lab 
docker-compose up -d 

2. Accessing the Engineering Station

Labshock includes a built-in IDE for PLC programming. Access it via:

ssh engineer@labshock-ip -p 2222 

3. Interacting with the PLC

Use OpenPLC to program the simulated PLC:

openplc --port=502 --ip=0.0.0.0 

Common PLC languages supported:

• Structured Text (ST)
• Function Block Diagram (FBD)

4. Pentesting with Kali Linux

Labshock includes a pre-configured Kali instance. Run common ICS attack tools:

msfconsole -q 
use auxiliary/scanner/scada/modbusdetect 
set RHOSTS plc-ip 
run 

5. Monitoring SCADA Traffic

Use Wireshark to analyze ICS protocols:

wireshark -k -i eth0 -Y "modbus || dnp3 || ethernet/ip" 

6. Log Collection with Tidal Collector

Aggregate logs for incident response:

sudo tidal-collector --start --config /etc/tidal/config.yml 

7. Simulating Network Attacks

Test IDS/IPS detection with Scapy:

from scapy.all import<br />
sendp(Ether(dst="PLC_MAC")/IP(dst="PLC_IP")/TCP(dport=502)/Raw(load="\x00\x01\x00\x00\x00\x06\x01\x03\x00\x00\x00\x01")) 

8. Upcoming Feature: IDS Traffic Mirroring

Soon, Labshock will support forwarding traffic to external IDS tools like Suricata:

suricata -c /etc/suricata/suricata.yaml -i labshock-mirror 

What Undercode Say

Labshock revolutionizes ICS/OT security training by providing a fast, realistic lab environment. Practicing with real-world tools like OpenPLC, Kali Linux, and SCADA systems ensures better incident response readiness.

Essential Linux & Windows Commands for ICS Security:

• Linux:

  nmap -sS -p 502,20000 --script modbus-discover.nse TARGET_IP 
  

• Windows (PowerShell):

  Test-NetConnection -ComputerName PLC_IP -Port 502 
  

• Log Analysis (Linux):

  journalctl -u tidal-collector --since "1 hour ago" | grep "modbus" 
  

• PLC Programming (ST Example):

  IF %IX0.0 THEN %QX0.0 := TRUE; 
  

Expected Output:

A fully functional ICS lab with real-time attack simulation, log monitoring, and hands-on security testing capabilities.

🔗 References:

• Labshock YouTube Demo
• OpenPLC Project
• Kali Linux Tools

References:

Reported By: Zakharb Otsiem – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram