OT Security Training with Labshock: Modbus, SCADA, and Real Attack Simulation

Last week, Labshock was presented in an OT Leaders Club webinar focused on practical OT security training using real industrial simulation environments.

The session demonstrated how OT cybersecurity concepts can be taught through hands-on interaction with systems instead of slides or theoretical explanations.

The webinar was organized by OT Leaders Club, with special thanks to Alexandro Fernandez and Karla Isabel Soriano Salgado.

Training focus: Modbus in OT systems

The session began with an introduction to the Modbus protocol and its role in industrial environments.

Key concepts included: - Modbus memory model (Coils and Registers) - lack of authentication in the protocol - direct device-level communication in OT networks

These fundamentals explain why Modbus remains a common target in industrial cybersecurity assessments.

SCADA and PLC operation in Labshock

Participants were then introduced to a live Labshock environment.

This included: - starting a SCADA system - observing industrial process execution - inspecting PLC tags and logic behavior

The goal was to demonstrate how industrial systems behave in a controlled but realistic simulation environment.

Direct Modbus interaction

The next phase focused on active network interaction.

Using common network tools, the workflow included: - scanning the environment to identify PLC devices - detecting Modbus services on TCP port 502 - reading and writing Modbus coils directly - observing real-time changes in system behavior

This demonstrated how industrial processes can be influenced through protocol-level interaction when proper security controls are missing.

Traffic analysis and detection

The session also covered OT monitoring and detection strategies.

Participants analyzed: - Modbus traffic patterns - Labshock collector event outputs - the relationship between protocol activity and detection logic

This part emphasized why visibility and monitoring are essential in OT environments.

Key takeaway

One of the main conclusions of the webinar was that industrial systems are not abstract or isolated.

Without proper security controls, OT systems can be directly accessed and modified at the network level.

This highlights the importance of hands-on training environments where engineers can observe real system behavior.

Conclusion

The OT Leaders Club webinar demonstrated how Labshock can be used for practical OT cybersecurity training, combining SCADA systems, PLC interaction, Modbus analysis, and detection engineering in a single environment.

This approach helps bridge the gap between theoretical knowledge and operational understanding in industrial cybersecurity.

Organizations interested in implementing similar training programs can use Labshock to build realistic OT simulation environments for education and security testing.