Sources: Mike Holcomb LinkedIn post

Want hands-on experience in OT cybersecurity?

Start with these FREE projects – no power plant required!

Getting started in OT/ICS cybersecurity doesn’t have to be hard.

And it doesn’t have to be expensive.

So start with these projects and build from there!

1. Setup Your Own “Attack & Defend” OT/ICS Lab with Labshock

Labshock is a new virtual OT environment that helps you get started!

Use it to explore defensive capabilities like detection and SEIM.

As well as having an OT environment to attack!

https://lnkd.in/eG-Y-Z2z

2. Hack Into a Power Plant with GRFICSv2

GRFICS takes a fun twist with virtual OT networks.

Giving you a CCTV feed to watch over the environment.

And then allowing you to see what changes happen due to your “testing.”

Is that smoke I see coming out of the power plant???

https://lnkd.in/eam3eQDx

3. Setup an OT/ICS Honeypot

Honeypots are systems that are designed to be hacked.

Set one of these virtual honeypots up for target practice.

Take your time to interact with different OT protocols like Modbus.

github.com/mushorg/conpot
Probably the most popular OT/ICS honeypot to get started with

https://lnkd.in/emiiasR3
Another OT/ICS honeypot from T-Mobile (yes, THAT T-Mobile)

4. Analyze Real World OT/ICS Cyber Incidents

While this might not be as exciting as some of the others…

Learning from real world incidents can help you learn.

-> Understand how attackers break into OT environments
-> Learn what attackers do once they are inside OT networks
-> Figure out how to prevent the same attacks from occuring again

OT/ICS cybersecurity companies such as Dragos and Mandiant release some incredible research on the latest incidents.

Need help getting started?

Lookup Stuxnet, TriSIS, Colonial and Fuxnet.

And don’t stop!

5. Find OT/ICS Assets Exposed to the Internet and Contact the Owners

Want to learn more about finding OT/ICS assets on the Internet?

Check out my YouTube video here:

https://lnkd.in/e7e2VkbA

Once you find these assets without obtrusive means, see if you can determine who the asset owner is.

If you’re really feeling brave, reach out and contact them.

Honestly, most of the time your work will fall on deaf ears.

But every once in a while it has a significant impact!

Just don’t share sensitive information with others.

6. Write Your Own Modbus Scanner with Python and/or ChatGPT

Writing defensive and offensive tools can be a great way to learn!

Not a developer like me? Use ChatGPT or other GenAI tools.

Interested in using ChatGPT to create security tools?

Watch “Hacking ICS/OT (& IT) with ChatGPT”

https://lnkd.in/eVduTgcC

Don’t forget – the best way to learn is to share!

As you work through your projects…

-> Document your steps
-> Take screenshots
-> Post and share
-> Have fun!
-> 🙂

P.S. What would you start with first?

🔔 Follow Mike Holcomb for more OT/ICS cybersecurity
♻️ Useful? Share to help others!

Sumber: Post LinkedIn Gilang Bhagaskara

Dulu saya kenal dua orang programmer.

Yang satu jago banget. Web dev, frontend-nya rapi, backend-nya efisien, debugging cepet. Tapi dia punya satu kebiasaan:
nggak mau belajar hal baru.
Udah nyaman di stack lama, ogah ngulik bahasa lain, bahkan anti banget sama hal-hal di luar “zona aman” dia.
“Ngapain belajar lagi? Gue udah cukup senior kok.”
Dan iya, saat itu… dia memang salah satu yang paling top di tim.

Yang satu lagi, anak baru.
Skillnya waktu itu pas-pasan. Tapi attitude-nya? Luar biasa.
Apapun dilempar, dia coba.
Disuruh ngulik Rust? Digas.
Dapet proyek mobile? Buka docs Flutter, mulai dari nol.
Sempat salah, sempat di-review habis-habisan, tapi nggak pernah berhenti belajar.

Fast forward 5 tahun…

Yang pertama masih di tempat yang sama.
Masih web dev, masih stack lama, dan gajinya stagnan.
Sementara yang kedua, sekarang lead engineer di perusahaan multinasional, megang sistem skala besar, dan gajinya?
Di atas 50 juta per bulan.

Kenapa?
Karena skill itu bisa diasah. Tapi growth mindset nggak bisa dipaksain.
Dan di dunia tech yang berubah setiap hari, yang tahan lama bukan yang paling jago, tapi yang paling mau belajar.

Kita nggak selalu butuh orang yang “bisa segalanya.”
Tapi kita butuh orang yang nggak takut belajar apa aja.