Listen to this Post
Introduction:
Operational Technology (OT) and Industrial Control Systems (ICS) are the backbone of critical infrastructure, yet they remain dangerously exposed to cyber threats. With live training sessions scheduled for May and June 2026—covering an accelerated bootcamp, OSINT for OT/ICS, and introductory penetration testing—security professionals have a rare opportunity to gain hands-on skills directly from industry expert Mike Holcomb. This article extracts technical resources, course URLs, and actionable command-line tutorials to help you prepare for and excel in these high-demand domains.
Learning Objectives:
- Execute OSINT gathering techniques specific to OT/ICS environments, including Shodan queries and asset enumeration.
- Perform introductory penetration testing against Modbus and DNP3 industrial protocols using Kali Linux tools.
- Implement security hardening measures on Windows-based HMIs and Linux-based PLC engineering workstations.
You Should Know:
- Accelerated OT/ICS Cybersecurity Bootcamp – Core Hardening Commands
The “Getting Started in OT/ICS Cybersecurity (Accelerated Bootcamp)” (May 14–15) focuses on foundational defense. Before attending, master these essential Linux and Windows commands to secure OT endpoints.
Step‑by‑step: Hardening a Windows-based HMI
- Disable unnecessary services: `sc config “WSearch” start= disabled` (stops Windows Search, a common attack vector in legacy OT).
- Restrict DCOM (often abused in lateral movement): Run `dcomcnfg` → Component Services → My Computer → Properties → Default Properties → set Default Authentication Level to “Packet Integrity”.
- Block SMB over unmanaged interfaces using PowerShell:
`Set-NetFirewallRule -DisplayGroup “File and Printer Sharing” -Enabled False`
Step‑by‑step: Securing a Linux engineering workstation (Debian/Ubuntu)
- Disable Modbus debugging interfaces: `sudo systemctl disable modbus-serial-test`
- Set strict iptables rules to allow only known PLC IPs:
sudo iptables -A INPUT -p tcp --dport 502 -s 192.168.1.100 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 502 -j DROP
- Save rules: `sudo apt install iptables-persistent && sudo netfilter-persistent save`
- OSINT for OT/ICS – Harvesting Critical Infrastructure Data
The May 23 OSINT course teaches attackers’ reconnaissance methods. Learn to enumerate exposed industrial assets using open sources.
Step‑by‑step: Shodan OSINT queries for OT/ICS
- Install Shodan CLI: `pip install shodan` then `shodan init YOUR_API_KEY`
– Search for Modbus devices: `shodan search “port:502 modbus” –fields ip_str,port,org –limit 10`
– Filter by country (e.g., US power grids): `shodan search “port:502 country:US product:Modbus”` - Use Shodan’s `–download` flag to export lists for threat modeling.
Step‑by‑step: Google dorks for ICS manuals & topology
- Find PLC programming guides: `intitle:”PLC manual” filetype:pdf “Siemens S7″`
- Locate network diagrams: `intitle:”network topology” “SCADA” “DNP3″`
- Extract exposed HMI login panels: `inurl:/hmi/ intitle:”Web Access”`
- Intro to OT/ICS Penetration Testing – Exploiting Modbus & DNP3
The June 4–5 pen testing course covers protocol fuzzing and privilege escalation. Practice these safe, lab‑only techniques.
Step‑by‑step: Modbus enumeration with Nmap
- Scan for Modbus/TCP on port 502: `nmap -p 502 –script modbus-discover
`
– Read coil status using `modbus-cli` (install viapip install modbus-cli):
`modbus read-coils 0 10 –unit-id 1`
- Write to a single coil (simulate attacker control):
`modbus write-coil0 1 –unit-id 1` use only in isolated lab
Step‑by‑step: Fuzzing DNP3 with Metasploit
- Launch Metasploit: `msfconsole`
- Use DNP3 fuzzer: `use auxiliary/fuzzers/dnp3/dnp3_fuzzer`
- Set target: `set RHOSTS 192.168.1.200` and `set RPORT 20000`
- Run fuzzer and monitor for crashes: `run` then `analyze crash_dumps`
- Cloud Hardening for OT Remote Access – Azure & AWS Commands
Many OT networks now use cloud jump boxes. Apply these configuration snippets to prevent unauthorized pivots.
Step‑by‑step: Restrict Azure IoT Hub access for ICS telemetry
– Create a deny‑all policy except known IP:
“`az iot hub policy create –hub-name MyOTHub –name DenyAll –permissions none
az iot hub policy update –hub-name MyOTHub –name AllowGateway –ip-filter-rule "Allow,10.0.0.0/24"“`
– Enable diagnostic logs: `az monitor diagnostic-settings create –resource
Step‑by‑step: AWS Security Group hardening for ICS historian
aws ec2 authorize-security-group-ingress --group-id sg-0t123 --protocol tcp --port 1433 --source 10.0.1.0/24 SQL Server historian aws ec2 revoke-security-group-ingress --group-id sg-0t123 --protocol tcp --port 1433 --source 0.0.0.0/0 Remove public access aws ec2 describe-security-group-rules --group-id sg-0t123 --filter "Name=ip-permission.cidr,Values=0.0.0.0/0"
5. Vulnerability Mitigation – Patching Common ICS Weaknesses
Based on real OT/ICS incident responses, apply these mitigations before the bootcamp’s hands‑on lab.
Step‑by‑step: Disable insecure protocols on legacy PLCs
- On Rockwell Automation ControlLogix (via CLI over SSH):
`cipcip disable cip-class 0x67` (disables unauthenticated CIP routing)
- On Siemens S7‑1200 using TIA Portal command line:
`s7tool –block-protect –routing-disable –ip `
Step‑by‑step: Implement network segmentation with Linux eBPF
- Install `cilium` and load an OT‑specific filter:
sudo bpftool prog load ot_filter.o /sys/fs/bpf/ot_filter sudo tc filter add dev eth0 ingress bpf da obj ot_filter.o sec tc
- Example eBPF C snippet to drop non‑Modbus traffic on port 502:
if (ntohs(eth->h_proto) == ETH_P_IP && ip->protocol == IPPROTO_TCP && tcp->dest == 502 && payload[bash] != 0x00) return TC_ACT_SHOT;
6. Free Resources & Newsletter from Mike Holcomb
The post includes free learning materials. Access them:
- Free OT/ICS cyber videos: https://lnkd.in/eif9fkVg
- Newsletter (7,700+ subscribers): https://lnkd.in/ePTx-Rfw
- Course registration (free attendance available by emailing [email protected]):
- Bootcamp: https://lnkd.in/egjs3g5d
- OSINT: https://lnkd.in/ePGsU5em
- Pen Testing: https://lnkd.in/er6jbUxj
Use these URLs to build a self‑study roadmap. For example, combine free video lessons (`https://lnkd.in/eif9fkVg`) with the Shodan commands above to practice OSINT before the live session.
What Undercode Say:
- Key Takeaway 1: OT/ICS security training is scarce; live bootcamps with free access options democratize critical skills for defenders.
- Key Takeaway 2: OSINT and penetration testing are inseparable – attackers use Shodan and Google dorks daily; defenders must master the same tools to pre‑emptively harden assets.
- Analysis: The convergence of IT and OT has created a skills gap that traditional cybersecurity courses fail to address. Command‑line fluency (iptables, Nmap, Metasploit) is no longer optional – it is required for real‑time threat hunting in air‑gapped or semi‑connected industrial environments. Moreover, the availability of free attendance for those unable to pay highlights a growing ethical movement in the ICS community, reducing barriers to entry. However, hands‑on labs without proper sandboxing (e.g., fuzzing live Modbus) can cause physical disruption. Always use isolated virtual PLCs (like OpenPLC or GRFICS) before testing on production. Finally, the newsletter and free video library serve as an evergreen resource, enabling continuous learning beyond the May‑June timeline.
Prediction:
By 2027, AI‑driven OT threat intelligence will automate 60% of routine Modbus/DNP3 anomaly detection, reducing the need for manual protocol analysis. However, live OSINT and penetration testing skills will become even more valuable as adversarial AI tools generate realistic industrial lures. Courses like Mike Holcomb’s will pivot to include “red‑team AI prompt injection for HMI interfaces,” and free attendance models will expand, forcing commercial training providers to offer lifetime lab access as a differentiator. The rise of collaborative, open‑source OT security communities (mirroring the Linux model) will challenge traditional vendor‑locked certifications.
▶️ Related Video (78% Match):
🎯Let’s Practice For Free:
IT/Security Reporter URL:
Reported By: Mikeholcomb New – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
