Hands-on Labs

Explore Labs

A progressive series to learn cybersecurity in OT/ICS industrial systems.

13 labs available

Recommendation: follow the numerical order. Each lab includes objective, steps, and expected outcome.

Lab 01 - Basic OT-ICS Device Detection

Discovery of OT-ICS devices through network scanning, service enumeration, and industrial protocol analysis.

OT/ICS Intermediate

Open Lab →

Lab 02 - Siemens S7 PLC Emulation

Discovery and analysis of a Siemens S7 PLC through network scanning, service enumeration, and identification of vendor-specific protocols.

OT/ICS Intermediate

Open Lab →

Lab 03 - Service Station Control System Emulation

Discovery and analysis of a simulated service station control system through host identification, service enumeration, and ATG device analysis.

OT/ICS Intermediate

Open Lab →

Lab 04 - Modbus/TCP Emulation and Register Access

Configuration of a Modbus/TCP simulator and interaction with holding registers through network discovery and Modbus register access.

OT/ICS Intermediate

Open Lab →

Lab 05 - Modbus/TCP Routing Between Subnets

Discovery of subnet ranges, active OT-ICS hosts, TCP/UDP services, and intercepted Modbus/TCP communications.

OT/ICS Intermediate

Open Lab →

Lab 06 - Industrial Protocols and Web Interface Exposure

Discovery of industrial devices through subnet enumeration, service analysis, web interface inspection, and SNMP information gathering.

OT/ICS Intermediate

Open Lab →

Lab 07 - Default Password Exposure

Discovery of an OT-ICS host, identification of exposed services, and access to a management interface protected by default credentials.

OT/ICS Intermediate

Open Lab →

Lab 08 - Subnet Masks and Segmentation

Exploration of subnet masks, IP addressing, network segmentation, and routing behavior across multiple workstations.

OT/ICS Intermediate

Open Lab →

Lab 09 - Nmap Scanning Techniques

Nmap scanning techniques in corporate subnets using ICMP, ARP, TCP and UDP analysis.

OT/ICS Intermediate

Open Lab →

Lab 10 - TCP/IP and Three-Way Handshake

Introduction to TCP/IP communication, ARP discovery and TCP three-way handshake analysis.

OT/ICS Beginner

Open Lab →

Lab 11 - MFA Bypass via AiTM

Simulation of an adversary-in-the-middle attack to capture session cookies and bypass MFA in an OT-ICS environment.

OT/ICS Advanced

Open Lab →

Lab 12 - Fundamental Network Topologies

Exploration of fundamental network topologies through ARP analysis, ICMP testing and Layer 3 path mapping.

OT/ICS Intermediate

Open Lab →

Lab 13 - Jump Host

Security assessment of an industrial network involving IT-to-OT pivoting, service discovery and enumeration.

OT/ICS Advanced

Open Lab →