How to Run Labshock (ICS/OT Security Lab) on macOS Using Docker

By /

Listen to this Post

Featured Image
Labshock is a powerful tool for ICS/OT security testing, allowing users to simulate industrial control systems (ICS) and operational technology (OT) environments for penetration testing, network monitoring, and security research. The best part? You can now run it on macOS (including ARM-based M1/M2/M3 Macs) without needing a virtual machine.

Prerequisites:

  1. Docker Desktop (Download: https://www.docker.com/products/docker-desktop)

2. Git (Install via Homebrew: `brew install git`)

  1. Labshock GitHub Repository (https://github.com/zakharb/labshock)

Installation Steps:

1. Install Docker Desktop (~0.5GB) and start it.

2. Accept Docker’s license agreement during setup.

3. Install Git (if not already installed):

brew install git

4. Clone Labshock repository:

git clone https://github.com/zakharb/labshock.git

5. Navigate to the Labshock directory and build the Docker containers: 

cd labshock
docker-compose up -d

6. Access the Labshock environment once the containers are running.

What You Get:

  • PLC Simulator (Programmable Logic Controller)
  • EWS (Engineering Workstation)
  • SCADA System (Supervisory Control and Data Acquisition)
  • Pentesting Tools
  • Network IDS (Intrusion Detection System)
  • Data Collector

You Should Know:

Essential Docker Commands for Labshock Management

  • Check running containers: 
    docker ps
  • Stop all Labshock containers: 
    docker-compose down
  • Remove unused Docker volumes (cleanup): 
    docker system prune -a --volumes

Useful ICS/OT Security Testing Commands

  • Scan for open ports in the OT lab: 
    nmap -sV -p- <Labshock_IP>
  • Check network traffic between PLC and SCADA: 
    tcpdump -i docker0 -w ot_traffic.pcap
  • Test Modbus protocol vulnerabilities: 
    python3 modbus-attack.py --target <PLC_IP> --port 502

Troubleshooting Tips

  • If Docker fails to start on macOS, reset it: 
    killall Docker && open /Applications/Docker.app
  • If `docker-compose` is missing, install it via: 
    pip3 install docker-compose

What Undercode Say:

Labshock is a game-changer for ICS/OT security professionals, eliminating the need for cloud-based labs or heavy virtual machines. By leveraging Docker, users can quickly deploy a full-fledged industrial security lab on macOS, including ARM-based systems.

For cybersecurity researchers, mastering OT security is crucial as industrial systems become prime targets for ransomware and state-sponsored attacks. Labshock provides a safe, offline environment to practice exploits, test defenses, and understand ICS protocols like Modbus, DNP3, and Siemens S7.

Expected Output:

After running `docker-compose up -d`, you should see:

Creating labshock_plc_1 ... done 
Creating labshock_scada_1 ... done 
Creating labshock_ids_1 ... done

Access the SCADA interface via `http://localhost:8080` and start testing!

Prediction:

As ICS/OT security threats grow, tools like Labshock will become essential for red teams, blue teams, and industrial security engineers. Expect more Docker-based security labs to emerge, reducing dependency on expensive hardware setups.

Stay ahead—start hacking OT systems safely today! 🚀

References:

Reported By: Zakharb Labshock – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: