Getting Started In ICS/OT Cyber Security And OSINT For ICS/OT: Key Skills And Tools

Abdullah Al Shahid Chowdhury recently completed two intensive courses: “Getting Started in ICS/OT Cyber Security” and “OSINT for ICS/OT.” These programs provided hands-on training in critical industrial control systems (ICS) and operational technology (OT) security skills, including:

🔹 Network traffic analysis with Wireshark

🔹 Secure architecture design using the Purdue Model

🔹 Asset register creation for ICS/OT environments

🔹 OSINT techniques with tools like Shodan, hunter.io, and DNSlytics

You Should Know: Practical ICS/OT Security Commands and Techniques

1. Wireshark for ICS/OT Traffic Analysis

Wireshark is essential for monitoring ICS/OT network traffic. Key commands:

wireshark -k -i eth0 -Y "modbus"  Capture Modbus traffic
tshark -r ot_capture.pcap -Y "dnp3" -w dnp3_traffic.pcap  Filter DNP3 traffic

Practice Tip: Use display filters like `modbus || dnp3 || opcua` to isolate industrial protocols.

2. Shodan for ICS/OT Device Discovery

Shodan helps identify exposed OT devices. Try these queries:

shodan search 'port:502 product:modbus'  Find Modbus devices
shodan search 'title:"Schneider Electric" port:102'  Siemens S7 devices

Pro Tip: Use API automation:

import shodan 
api = shodan.Shodan('API_KEY') 
results = api.search('port:161 SNMP')

3. DNSlytics for Threat Intelligence

Investigate domain reputations:

curl "https://dnslytics.com/api/v1/report/domain/example.com"

4. Purdue Model Segmentation

Enforce network segmentation using firewall rules (Linux example):

iptables -A FORWARD -p tcp --dport 502 -j DROP  Block external Modbus 
iptables -A FORWARD -s 192.168.1.0/24 -d 10.0.0.0/8 -j ACCEPT  Allow OT-to-IT

5. Asset Inventory with Nmap

Scan OT networks carefully:

nmap -sT -Pn -T4 -p 1-1024 --script modbus-discover 192.168.1.0/24

What Undercode Say

ICS/OT security demands protocol expertise (Modbus, DNP3), passive reconnaissance (Shodan), and strict segmentation. Mastery of Wireshark, Nmap, and firewall rules is non-negotiable. Always validate findings in a lab before live deployment.

Expected Output:

Filtered Modbus traffic in Wireshark (modbus.func_code == 3).
Shodan results exposing unsecured PLCs.
Firewall logs blocking unauthorized OT access.

References:

Reported By: Shahidaac Otsecurity – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Listen to this Post

🔹 Network traffic analysis with Wireshark

🔹 Secure architecture design using the Purdue Model

🔹 Asset register creation for ICS/OT environments

1. Wireshark for ICS/OT Traffic Analysis

2. Shodan for ICS/OT Device Discovery

Pro Tip: Use API automation:

3. DNSlytics for Threat Intelligence

Investigate domain reputations:

4. Purdue Model Segmentation

Enforce network segmentation using firewall rules (Linux example):

5. Asset Inventory with Nmap

Scan OT networks carefully:

What Undercode Say

Expected Output:

References:

References:

Join Our Cyber World:

Related Posts: