Scaling Labshock to 100 Virtual PLCs for ICS/OT Security Testing

By /

Featured Image
Source: GitHub – Labshock | Demo Video

Labshock is an ICS/OT security lab that allows users to simulate large-scale industrial control systems without physical hardware. In a recent demonstration, Zakhar Bernhardt showcased how to scale Labshock to 100 virtual PLCs (Programmable Logic Controllers) for security testing, performance benchmarking, and SCADA simulations.

Why Run 100 Virtual PLCs?

  • ✅ Test IDS/IPS Performance – Can your intrusion detection system handle massive OT traffic without crashing?
  • ✅ Simulate Attack Spreads – Test how your OT SIEM reacts to mass scans (e.g., `nmap` against 100 targets).
  • ✅ Build Complex SCADA Setups – Run different PLC models/versions in a single lab.
  • ✅ Measure Resource Usage – Conduct performance and stability tests under heavy loads.

Key Stats from the Demo

  • 30MB RAM per PLC
  • 4GB total RAM for 100 PLCs
  • 0.3% CPU usage per PLC

You Should Know: How to Deploy & Test Labshock

1. Install Labshock (10-Minute Setup)

git clone https://github.com/zakharb/labshock.git 
cd labshock 
docker-compose up -d

2. Connect OpenPLCs & Configure SCADA

  • Assign unique IPs to each PLC.
  • Use FUXA SCADA for visualization.
  • Deploy Modbus/TCP tags for realistic traffic.

3. Simulate Attacks & Test Detection

Run an Nmap scan against all PLCs:

nmap -Pn -p 502 --script modbus-discover 192.168.1.0/24

Check if your OT SIEM:

  • Raises 1 incident (aggregated alerts).
  • Raises 100 incidents (per device).
  • Crashes due to DDoS-like traffic.

4. Performance Benchmarking

Monitor system resources:

htop  Check CPU/RAM per PLC 
iftop  Analyze network traffic

What Undercode Say

Labshock is a game-changer for ICS/OT security, enabling large-scale simulations without costly hardware. Key takeaways:
– Use Docker & lightweight VMs for efficient PLC deployment.
– Test SIEM resilience against mass scans and brute-force attacks.
– Leverage FUXA SCADA for realistic HMI interactions.

Expected Commands for Further Testing

 Simulate Modbus brute-forcing 
python3 plcsploit.py --target 192.168.1.1-100 --port 502

Check for default credentials 
hydra -L users.txt -P passwords.txt modbus://192.168.1.1

Capture OT traffic for analysis 
tcpdump -i eth0 'port 502' -w modbus_traffic.pcap

Prediction

As OT/ICS attacks rise, tools like Labshock will become essential for red teams, defenders, and researchers. Expect more AI-driven anomaly detection integrations in future releases.

Expected Output:

✅ Labshock running 100 PLCs 
✅ Nmap scans detected by SIEM 
✅ FUXA SCADA dashboard operational

For more details, visit:

Labshock GitHub | Demo Video

References:

Reported By: Zakharb Plc – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: