All labs

LAB-01 · Modbus/TCP · 502/tcp

Modbus pentesting: enumeration and forced coil writes

You are auditing a small water-treatment skid. The integrator left Modbus/TCP exposed on the engineering VLAN. Map the device, identify the holding registers used for setpoints, and demonstrate impact without crashing the simulator.

Duration

90m

Level

intro

ISA SL

SL1 · SL2

Track

ics pentest

Certification path

Objectives

  1. 01Enumerate registers and coils on a live Modbus/TCP slave
  2. 02Force-write a discrete output and observe HMI response
  3. 03Detect the attack from Wireshark captures

Success criteria

  • Submit a pcap showing register-read enumeration
  • Submit the mbtget command that flipped coil 42
  • Write a 200-word report mapping findings to IEC 62443-3-3 SR 1.1, SR 2.1