Unlocking OT Security: How Labshock is Revolutionizing Industrial Cybersecurity Training with Virtualized Physical Labs + Video

Listen to this Post

🐢▶️ Listen🚀

Introduction:

Operational Technology (OT) security remains one of the most challenging domains in cybersecurity due to the convergence of legacy physical systems with modern IT networks. Unlike traditional IT environments, OT requires a hands-on approach where engineers and security teams must understand how physical processes—like water flow, oil pressure, or railway signaling—interact with digital controls and threat vectors. The upcoming demonstration at OT.SEC.CON 2026, led by Labshock, showcases a fully integrated environment that bridges this gap by combining physical sensors, virtualized cutting-edge technology, and real-time detection tools into a portable mini PC.

Learning Objectives:

• Understand how to build and manage a hybrid OT lab environment that integrates physical sensors with virtualized infrastructure.
• Implement secure remote access solutions for OT/IoT operations using platforms like Kasm Technologies.
• Deploy lightweight edge threat detection tools alongside SIEM solutions for live threat response in industrial control systems (ICS).

You Should Know:

1. Building a Portable OT Lab Environment: The Convergence of Physical and Virtual

The core of the Labshock demonstration is a fully loaded environment running on a mini PC, simulating three distinct industries: Water, Oil, and Railway. This setup is connected to physical sensors, buttons, and lights, creating a realistic training ground. The virtualization leverages new cutting-edge technology, likely utilizing containerization or lightweight hypervisors to run multiple operating systems and network stacks simultaneously.

Step‑by‑step guide to replicate a similar mini-lab setup:

1. Hardware Selection: Choose a high-performance mini PC (e.g., Intel NUC or similar) with at least 32GB RAM and 1TB NVMe storage to support multiple VMs.
2. Hypervisor Installation: Install a Type-1 hypervisor like Proxmox VE or VMware ESXi to manage virtual machines efficiently.
3. Network Isolation: Create virtual networks (VLANs) within the hypervisor to segment OT traffic (e.g., `vlan10` for field devices, `vlan20` for control systems, `vlan30` for IT monitoring).
4. Containerization with Docker: For lightweight services like Kasm or SIEM tools, use Docker Compose to deploy services quickly.

   Example: Deploying a basic ELK stack for log aggregation
   docker run -d --name elasticsearch -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" docker.elastic.co/elasticsearch/elasticsearch:8.10.0
   docker run -d --name kibana --link elasticsearch -p 5601:5601 docker.elastic.co/kibana/kibana:8.10.0
   

5. Connecting Physical Sensors: Use an Arduino or Raspberry Pi connected via USB to the mini PC, mapping its GPIO pins to virtual serial ports within the hypervisor. This allows the physical buttons and lights to trigger events inside the simulated OT network.

2. Secure Remote Access with Kasm Technologies

One of the highlighted technologies is Kasm Technologies, which provides a secure access platform for OT/IoT operations. Kasm works by delivering containerized web applications and desktops directly to a browser, ensuring that no sensitive data resides on the endpoint. This is critical for OT environments where remote access must be tightly controlled to prevent unauthorized entry.

Step‑by‑step guide to deploy Kasm for OT lab remote access:
1. Installation: Deploy Kasm on a Linux server (Ubuntu 20.04/22.04) within the lab environment.

wget https://kasm-static-content.s3.amazonaws.com/kasm_release_1.14.0.3a7a6a.tar.gz
tar -xf kasm_release_.tar.gz
sudo bash kasm_release/install.sh

2. Configuration: During setup, specify the admin password and network interfaces. Kasm uses Docker under the hood to spin up isolated sessions.
3. Access Control: Integrate with an existing Identity Provider (IdP) or use Kasm’s built-in multi-factor authentication (MFA) to ensure only authorized trainers can access the OT network.
4. Workspace Creation: Create custom workspaces for students that include pre-installed tools like Wireshark for traffic analysis, Modbus clients for protocol testing, and terminal access to PLC simulators.
5. Session Recording: Enable session recording to audit all actions performed by remote users, a critical requirement for compliance in regulated industries.

3. Lightweight OT Threat Detection with iolite secure

Iolite secure offers a lightweight edge OT/IoT threat detection solution. In the Labshock environment, this tool runs directly on the mini PC, monitoring traffic between the physical sensors and virtualized industrial systems. Its lightweight nature is essential for edge deployments where computational resources are limited.

Step‑by‑step guide to configure lightweight threat detection:

1. Deployment: Install the iolite secure agent on the host machine or within a dedicated VM.

   Assuming a debian-based installation
   wget https://iolite-secure.com/downloads/iolite-agent.deb
   sudo dpkg -i iolite-agent.deb
   sudo systemctl start iolite-agent
   

2. Network Monitoring: Configure the agent to listen on the virtual network interfaces that carry OT protocols (e.g., Modbus TCP port 502, DNP3 port 20000). Use `tcpdump` to verify traffic capture.

   Verify Modbus traffic on the OT network
   sudo tcpdump -i eth0 -nn 'tcp port 502'
   

3. Baseline Establishment: Allow the tool to run in learning mode for 24-48 hours to establish baseline behavior for the water, oil, and railway simulations.
4. Alert Configuration: Set up alerting rules for anomalies such as unexpected writes to PLC registers, irregular polling intervals, or unauthorized access attempts to industrial controllers.
5. Integration with SIEM: Forward alerts to the SIEM tool (like ELK stack) for centralized logging and correlation with other security events.

6. Virtualization with SteelDome: Running Any Workload on Any Hardware

SteelDome provides a new way to run any workload on any hardware at any scale. In this context, it likely abstracts the underlying hardware complexity, allowing the Labshock environment to be portable and scalable. This means the same OT lab configuration can run on a mini PC at a conference or be scaled to a cloud environment for larger training sessions.

Step‑by‑step guide to utilize SteelDome-like abstraction:

1. Image Creation: Package the entire OT environment (VMs, containers, configurations) into a single immutable image using tools like Packer or Docker.
2. Hardware Abstraction: Use a container orchestration platform (e.g., Kubernetes) that can run on both the mini PC (using k3s) and in the cloud.

   Install k3s on the mini PC for lightweight orchestration
   curl -sfL https://get.k3s.io | sh -
   sudo kubectl get nodes
   

3. State Management: Ensure persistent volumes (like databases for SIEM) are mapped to external storage to survive reboots or migrations.
4. Deployment Script: Create a single deployment script that detects the target environment and deploys the appropriate configurations automatically.

5. Live Response with ELK Stack

The demonstration includes live response with the ELK stack (Elasticsearch, Logstash, Kibana). This serves as the centralized SIEM tool, aggregating logs from the physical sensors, virtualized PLCs, and the lightweight detection tools.

Step‑by‑step guide to set up ELK for OT security monitoring:
1. Data Ingestion with Logstash: Configure Logstash to parse various OT log formats.

 Sample Logstash configuration for Modbus logs
input {
tcp {
port => 5000
codec => json
}
}
filter {
if [bash] == "modbus" {
mutate { add_field => { "ot_industry" => "water" } }
}
}
output {
elasticsearch { hosts => ["localhost:9200"] }
}

2. Visualization in Kibana: Create dashboards that show real-time alerts, traffic patterns, and physical sensor states. For instance, a dashboard can correlate a physical button press (recorded as a syslog event) with the resulting change in a simulated PLC register.
3. Alerting: Use Elastic’s alerting features to trigger notifications when specific thresholds are crossed (e.g., more than 10 failed Modbus connections in 5 minutes).
4. Threat Hunting: Utilize Kibana’s Lens and Discover interfaces to perform ad-hoc queries on OT traffic, helping trainees identify suspicious patterns like unexpected firmware uploads to controllers.

6. Simulating Real Threat & Defense Scenarios

The Labshock environment is designed for real threat and defense scenarios. This involves simulating attacks like man-in-the-middle (MITM) on industrial protocols, unauthorized access to PLCs, and physical sensor manipulation.

Step‑by‑step guide to simulate and mitigate OT attacks:

1. MITM on Modbus TCP: Use `ettercap` or `scapy` to intercept and modify Modbus packets between the HMI and the PLC.

   Using scapy to craft a malicious Modbus packet
   from scapy.all import 
   packet = IP(dst="192.168.1.100")/TCP(dport=502)/ModbusADU(trans_id=1, proto_id=0, len=6, unit_id=1, func_code=6, data=b'\x00\x01\x00\x64')
   send(packet)
   

2. Defense with iolite secure: Configure iolite to detect and block such anomalous writes, providing a real-time defense mechanism.
3. Physical Sensor Manipulation: Write a Python script that simulates a sensor sending false data to the PLC via the Arduino connection.

   import serial
   ser = serial.Serial('/dev/ttyUSB0', 9600)
   ser.write(b'TEMP:9999')  Simulate overheating condition
   

4. Response Workflow: Train participants to identify the attack via Kibana alerts, isolate the affected zone using network segmentation (e.g., via firewall rules), and finally restore the correct state from a known good backup.

What Undercode Say:

• Convergence is Key: The Labshock demonstration underscores that effective OT security training cannot exist solely in virtualized silos. The integration of physical sensors with virtualized IT/OT infrastructure is essential for simulating real-world attack vectors and defense mechanisms.
• Portability Drives Adoption: By packaging complex industrial environments into a mini PC, organizations can now conduct high-fidelity security training anywhere, lowering the barrier to entry for companies looking to upskill their OT security teams without investing in massive, permanent testbeds.
• Ecosystem Collaboration: The synergy between Kasm (secure access), SteelDome (hardware abstraction), and iolite (lightweight detection) highlights a mature ecosystem where best-in-breed tools can be integrated into a cohesive workflow, providing a blueprint for enterprises to build their own modular OT security labs.

Prediction:

The trend towards portable, all-in-one OT security labs will accelerate as industries face increasing regulatory pressure (e.g., NIS2, TSA directives) to demonstrate practical security capabilities. We predict a shift from theory-based OT security training to hands-on, scenario-based learning that replicates real-world physical processes. As edge computing and AI-driven anomaly detection mature, future OT labs will incorporate more predictive analytics and automated response workflows, making live demonstration environments like Labshock’s the standard for certification and continuous professional development in industrial cybersecurity.

▶️ Related Video (80% Match):

🎯Let’s Practice For Free:

IT/Security Reporter URL:

Reported By: Zakharb Labshock – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky