Labshock: A Tool for ICS/OT Security Simulations

Listen to this Post

Featured Image
Labshock was showcased at BSides São Paulo 2025, demonstrating its capabilities in Industrial Control Systems (ICS) and Operational Technology (OT) security. The platform was used in talks, hands-on tests, and real-world attack simulations, making OT security more accessible.

Key Highlights from BSides SP 2025

  • Wagner Rodrigues led a session, “Simulating Chaos in Industrial Environments,” where he used Labshock to model a full industrial plant and simulate cyberattacks.
  • Rafael de Oliveira F. utilized Labshock for OT security testing, exploring new attack vectors.
  • Attendees appreciated how Labshock simplified complex OT security scenarios.

You Should Know: Practical ICS/OT Security Testing

1. Setting Up an ICS/OT Lab

To simulate attacks like those demonstrated with Labshock, you can use open-source tools:

 Install Docker for lab environments 
sudo apt-get update && sudo apt-get install docker.io -y 
sudo systemctl start docker

Run an ICS simulation with Conpot (Honeypot) 
docker run -d -p 80:80 -p 102:102 -p 502:502 -p 161:161/udp honeynet/conpot 

2. Common OT Attack Vectors & Mitigations

  • Modbus TCP Exploitation (Port 502)
    Scan for Modbus devices 
    nmap -p 502 --script modbus-discover <target_IP> 
    
  • PLC Password Cracking
    Use PLCScan for reconnaissance 
    git clone https://github.com/meeas/plcscan 
    cd plcscan && python2 plcscan.py -i <target_IP> 
    

3. Defending ICS Networks

  • Network Segmentation
    Use iptables to restrict OT traffic 
    sudo iptables -A INPUT -p tcp --dport 502 -j DROP 
    sudo iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 102 -j ACCEPT 
    
  • Logging & Monitoring
    Monitor ICS traffic with tcpdump 
    sudo tcpdump -i eth0 'port 502 or port 102' -w ot_traffic.pcap 
    

What Undercode Say

Labshock bridges the gap between theoretical ICS security and hands-on practice. By simulating real-world industrial environments, security professionals can:
– Test attack methods safely.
– Develop defensive strategies.
– Train teams in OT security best practices.

For those without Labshock, open-source alternatives like Conpot, PLCScan, and GRFICS can be used to build similar test environments.

Prediction

As OT systems become more interconnected with IT networks, ICS-specific attack simulations will grow in demand. Tools like Labshock will play a crucial role in proactive defense strategies.

Expected Output:

  • A functional ICS lab environment.
  • Detection of exposed Modbus/PLC devices.
  • Improved defensive configurations for OT networks.

Relevant URLs:

References:

Reported By: Zakharb Bsides – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram