Lab Environment · v0.1

Pentest the protocols. Don’t pentest production.

Each lab boots an isolated simulator (pymodbus, snap7, cpppo, IEC 104, OPC UA) with a realistic plant scenario. Use the tools you’d ship in your kit: nmap NSE, mbtget, scapy, Wireshark. Capture pcap, write the finding, submit.

Total labs: 6
Ready now: 4
Avg duration: 108m
Protocols: 6+

Available environments

Pick a runtime

Phase 3 will add live availability + filtering

LAB-01READY
502/tcp
Modbus pentesting
Modbus pentesting: enumeration and forced coil writes
Proto
Modbus/TCP
Time
90m
Level
int
Open lab
ICS Pentest · SL1·SL2
LAB-02READY
102/tcp
S7comm exploitation
S7comm exploitation: STOP/RUN abuse and block download
Proto
S7comm
Time
120m
Level
int
Open lab
ICS Pentest · SL2·SL3
LAB-03QUEUE
44818/mixed
EtherNet/IP & CIP
EtherNet/IP & CIP: class enumeration and attribute writes
Proto
EtherNet/IP
Time
150m
Level
adv
Open lab
ICS Pentest · SL2·SL3·SL4
LAB-04READY
443/tcp
HMI hardening
HMI hardening: zone and conduit design with View ME
Proto
HMI
Time
90m
Level
int
Open lab
OT Defense · SL2·SL3
LAB-05MAINT
2404/tcp
IEC 104 substation
IEC 60870-5-104: substation traffic analysis
Proto
IEC
Time
120m
Level
adv
Open lab
OT Defense · SL3·SL4
LAB-06READY
4840/tcp
OPC UA trust
OPC UA: certificate trust list hardening
Proto
OPC
Time
75m
Level
int
Open lab
OT Defense · SL2·SL3

Pentest the protocols. Don’t pentest production.

Modbus pentesting

S7comm exploitation

EtherNet/IP & CIP

HMI hardening

IEC 104 substation

OPC UA trust