Overview What You Will Learn Curriculum Instructor

Course Overview

Practical Industrial Control System Penetration Testing introduces the unique world of OT (Operational Technology) security and the tools used to probe PLCs, SCADA, and other industrial devices. Because ICS environments blend legacy protocols, safety-critical processes, and often lax default configurations, learning targeted pentesting methods is essential to identify real-world attack surfaces, reduce operational risk, and responsibly validate defenses before adversaries exploit them.

This course begins with fundamentals—IT versus OT, attack surfaces, default credentials, IPv4/subnetting and typical OT pentest scenarios—then moves into offensive OSINT (Shodan, Google dorks, CISA), building a virtual ICS lab, and a practical overview of pentester tools (netdiscover, Nmap, snmp-check, Metasploit and other open-source utilities). You’ll complete hands-on simulations against S7 and Modbus PLCs, work through Shodan/OSINT tasks, practice enumeration and exploitation techniques, learn to add and run external exploits, and apply the same methodology against real Siemens and Modicon hardware, a gas-station controller simulation, and a final red-team challenge simulating an infrastructure substation.

Key takeaways: Hands-on ICS exploit techniques, defensive insights, lab build, OSINT skills, PLC/SCADA attack and mitigation workflows—readying you for practical OT penetration tests and red-team assignments.

What You Will Learn

  • Show your pentest skills on 6 interactive industrial controller simulations.
  • Build your own ICS pentest platform with open-source tools.
  • NO exploits, privilege escalation nor root shells.
  • Learn the typical attack surfaces of an ICS.
  • Workshop with high practical part with more than 30 tasks.

Program Curriculum

  • Welcome and Introduction to the Workshop
  • IT x OT
  • ICS are Easy Targets for Attackers
  • Typical ICS Attack Surface
  • Default Credentials and Exposed ICS Webservers
  • Typical OT Pentest Scenarios and Focus of this Workshop
  • Classification of a Pentest
  • Understanding Security Goals of IT and OT
  • IPv4 Address and Subnetting
  • $7 Million Cybersecurity Scholarship by EC-Council
  • Chapter 01 Quiz

  • Welcome to the Section
  • Default Credentials in ICS
  • Google Dorks for Finding Exposed ICS
  • Shodan
  • Find and Scan Public IP Address Ranges with Shodan
  • Hunt for Vulnerabilities with CISA
  • Chapter 02 Quiz

  • Welcome to the Section
  • Introduction to Your Lab and Virtual Machines
  • Installation of Virtual Box
  • Downloading the Kali Linux VM
  • Installation of Ubuntu Server
  • Setting up the ICS Simulations
  • Setting up Kali Linux and Installation of Open-source Tools
  • Chapter 03 Quiz

  • Welcome to the Section
  • Starting a Simple Honeypot and Kali Linux
  • Host Discovery with netdiscover
  • Fingerprinting with Nmap
  • Enumeration with snmp-check
  • Metasploit: The Pentesters Toolkit
  • Open-source Tools
  • Chapter 04 Quiz

  • Welcome to the Section and Preparation of the VM
  • Shodan Task
  • Shodan Solution
  • Google Dorks Task
  • Google Dorks Solution
  • Default Credentials Task
  • Default Credentials Solution
  • Starting the Simulation and Host Discovery Task
  • Host Discovery Solution
  • Nmap Task
  • Nmap Solution
  • Snmp Enumeration Task
  • Snmp Enumeration Solution
  • Chapter 05 Quiz

  • Welcome to the Section
  • Starting the Simulation and Host Discovery Task
  • Host Discovery Solution
  • Nmap Task
  • Nmap Solution
  • Nmap NSE Task
  • Nmap NSE Solution
  • plcscan Task
  • plcscan Solution
  • Search Exploits in Metasploit and Exploit DB
  • Adding External Exploits to the Metasploit Framework
  • Attacking the Simulation Task
  • Attacking the Simulation Solution
  • SiemensScan
  • Chapter 06 Quiz

  • Welcome to the Section
  • Recon and Fingerprinting with Nmap
  • Enumeration and Exploitation with Metasploit
  • Enumeration and Exploitation with Open-source Tools
  • Chapter 07 Quiz

  • Welcome to the Section
  • Shodan Task
  • Shodan Solution
  • Starting the Simulation and Host Discovery Task
  • Host Discovery Solution
  • Nmap Task
  • Nmap Solution
  • Nmap NSE Task
  • Nmap NSE Solution
  • OSINT Task
  • OSINT Solution
  • Attack Task
  • Attack Solution
  • Chapter 08 Quiz

  • Welcome to the Section
  • Shodan Search Task
  • Shodan Search Solution
  • Google Dorks Task
  • Google Dorks Solution
  • Default Credentials Task
  • Default Credentials Solution
  • Starting the Simulation and Host Discovery Task
  • Host Discovery Solution
  • Nmap Task
  • Nmap Solution
  • Finding Metasploit Modules Task
  • Finding Metasploit Modules Solution
  • Running Metasploit Modules against the Target Task
  • Running Metasploit Modules against the Target Solution
  • Chapter 09 Quiz

  • Welcome to the Section
  • Starting the Simulation and Nmap Scan Task
  • Nmap Scan Solution
  • Metasploit Task
  • Metasploit Solution
  • Read Memory Blocks Task
  • Read Memory Blocks Solution
  • Manipulate Memory Blocks Task
  • Manipulate Memory Blocks Solution
  • Chapter 10 Quiz

  • Welcome to the Section
  • Recon and Fingerprinting with Nmap
  • Enumeration and Exploitation-trial with Metasploit
  • Enumeration and Exploitation with Open-source Tools
  • Chapter 11 Quiz

  • Welcome to the Section and Preparation of the VM
  • Your Red Team Assignment
  • Hint: Methodology and Steps (No Spoilers)
  • Step 1 Solution: Recon and Fingerprinting
  • Step 2 Solution: Enumeration
  • Step 3 Solution: Triggering the Shutdown
  • Chapter 12 Quiz
Load more modules

Instructor

Marcel Rick-Cen

Marcel Rick-Cen is an OT Security Consultant with years of experience in the field of automation technology. He holds a master's degree in automation engineering and has a strong background in fixing mechanical, electrical, and software problems on the shopfloor. Marcel has worked on the shopfloor in various international locations, gaining firsthand experience in the challenges of keeping OT systems running. Additionally, as an ethical hacker, he spends his nights trying open-source exploits against real industrial hardware in his ICS homelab. Marcel's unique blend of technical expertise and real-world experience makes him an invaluable contributor to the OT security field. In his courses and workshops, he teaches newcomers exciting basics about the possibilities to attack and defend an ICS/OT system and places special emphasis on practicality.

Join over 1 Million professionals from the most renowned Companies in the world!

certificate

Fastest Way to Level Up Your Cybersecurity Skills

Invest in your future with flexible subscription plans that give you access to the world’s largest online cybersecurity course library. Whether you're exploring cybersecurity courses for beginners or advancing your expertise,
access in-demand courses, practical labs, and CTF challenges designed to support continuous learning.

Monthly Plans
Annual Plans
Save 20% with our annual plans!

Pro

Build your cybersecurity skills with 900+ bite-sized courses and curated learning paths designed for continuous learning.

$ 69.00
Billed monthly or $599.00 billed annually
Get Started Now
Start your 7-day trial for $1

What is included

  • 880+ Premium Short Courses
  • 70+ Structured Learning Paths
  • Validation of Completion with all courses and learning paths
  • New Courses added every month
Early Access Offer

Pro +

Develop real-world cybersecurity skills through hands-on labs and CTF challenges designed for practical learning.

$ 79.00
Billed monthly or $699.00 billed annually
Get Started Now
Start your 7-day trial for $1

Everything in Pro, Plus:

  • 1600+ Hands-on lab exercises with guided instructions
  • 150+ CTF Challenges with detailed walkthroughs
  • New Hands-on Labs and Challenges added every month

Related Courses

  • Bootstrap 4 Quick Website Bootstrap Components Course
    Short Course

    Bootstrap 4 Quick Website Bootstrap Components Course

    Software Development

    Explore the basics of Bootstrap and learn to create a website...

    $49.99

    Beginner

    1 hr 30 m

  • CCNA - Understanding Routers and Switches
    Short Course

    CCNA - Understanding Routers and Switches

    Security Architecture and Operations

    A comprehensive guide to understanding the in-depth functioni...

    $49.99

    Intermediate

    2 hr 0 m

  • The Complete Full-Stack JavaScript Course
    Short Course

    The Complete Full-Stack JavaScript Course

    Software Development

    Learn full-stack web development using JavaScript (ReactJS, N...

    $79.99

    Beginner

    24 hr 17 m

  • React.JS for Ecommerce: Building a Store with React.JS
    Short Course

    React.JS for Ecommerce: Building a Store with React.JS

    DevSecOps

    From React.js Fundamentals to Crafting an Online Storefront

    $49.99

    Advanced

    3 hr 30 m

  • CISSP Certification Domains 5, 6, 7, and 8 Video Training
    Short Course

    CISSP Certification Domains 5, 6, 7, and 8 Video Training

    Cybersecurity

    This course is ideal for individuals who desire to pass the I...

    $69.99

    Intermediate

    6 hr 30 m

  • Helm 3 - Package Manager for Kubernetes
    Short Course

    Helm 3 - Package Manager for Kubernetes

    Software Development

    A must tool for every DevOps engineer

    $49.99

    Intermediate

    1 hr 27 m

  • Learn Ethical Hacking by Hacking Real Websites Legally
    Short Course

    Learn Ethical Hacking by Hacking Real Websites Legally

    Vulnerability Assessment and Pentesting

    Fun way to learn ethical hacking by playing online hacking ga...

    $69.99

    Beginner

    4 hr 18 m

  • Mastering Ansible Playbooks: Debugging and Security
    Short Course

    Mastering Ansible Playbooks: Debugging and Security

    Software Development

    Securing and Automating Linux and Windows Systems with Advanc...

    $99.99

    Advanced

    5 hr 34 m

1 50
View all