🟨 Getting Started

Labshock is the Virtual Lab for learning ICS. It provides a versatile platform for both educational purposes and advanced OT SIEM testing. The lab is designed to emulate real-world ICS environments, allowing you to simulate multivendor PLC setups, configure SCADA systems & create Detection and Response strategies.

The main purpose of Labshock is multi OT SIEM testing, enabling simultaneous evaluation of different SIEM solutions in real time.

Labshock is designed to provide a hands-on environment for:

• configuring PLC
• learning ICS Networks
• exploring SCADA systems
• emulating multivendor PLC
• pentesting & network monitoring
• creating OT SIEM correlation rules
• practicing Detection & Response techniques

Find more Guides on Wiki

Find more information on main OT SIEM Leveling Guide 1-60

Join our Discord Server for more information and support!

🟨 Requirements

Use How to on wiki

Install Docker components, thats all:

• Docker
• Docker-compose
• Git (optional)

Minimal System Requirements PLC + SCADA + EWS:

• CPU 1 | RAM 1G | HDD 10G

🟨 Install & Run & Update

Install

git clone https://github.com/zakharb/labshock.git
cd labshock/labshock
docker-compose build

Run

docker-compose up

Update

git pull
cd labshock
docker-compose build

🟨 Services

What's Inside

PLC                # OpenPLC
SCADA              # FUXA
ROUTER             # Custom
EWS & OWS          # Linux / Windows
PENTESTING         # Kali Linux
FIREWALL           # Iptables
TRANSFER           # FTP
REMOTE             # VNC / RDP
SIEM               # Multi Vendor
IDS                # Multi Vendor
And more...

How to connect

SCADA      # http://localhost:1881
PLC        # http://localhost:8080, user/pwd: openplc/openplc
EWS        # http://localhost:5911/vnc.html, user/pwd: engineer/engineer

🟨 PLC

Labshock contains modified version of OpenPLC

PLC supports all five languages defined in the IEC 61131-3 standard:

• LD Ladder Logic
• IL Instruction List
• ST Structured Text
• FBD Function Block Diagram
• SFC Sequential Function Chart

PLC supports protocols

• Modbus
• DNP3

With PLC you can:

• login into dashboard http://localhost:8080
• user/password openplc/openplc
• start/stop PLC
• upload project
• monitor status
• change settings

🟨 SCADA

Labshock contains modified version of FUXA

SCADA supports protocols:

• Modbus RTU/TCP
• Ethernet/IP
• BACnet IP
• OPC UA
• WebAPI
• MQTT
• S7

With SCADA you can:

• login into main interface http://localhost:1881
• user/password you can set in settings
• interact with controls
• check alarms
• edit layout
• edit connections/tags

🟨 EWS

Labshock contains Engineering Station based on Kali Linux

EWS comes pre-configured and ready to use:

• IDE OpenPLC Editor
• Interface to PLC
• Interface to SCADA
• Saved PLC/SCADA projects

With EWS you can:

• login into noVNC interface http://localhost:5911/vnc.html
• password engineer
• all links/projects are on Desktop
• access PLC/SCADA via browser
• access IDE via OpenPLC Editor

Windows

It's also possible to run Windows inside Labshock:

• check & use this github repo dockur/windows
• use at your own risk & effort

To run inside labshock include in docker-compose.yml service:

  ews-win:
    image: dockurr/windows
    container_name: windows
    environment:
      VERSION: "11"
    devices:
      - /dev/kvm
      - /dev/net/tun
    cap_add:
      - NET_ADMIN
    ports:
      - 8006:8006
      - 3389:3389/tcp
      - 3389:3389/udp
    stop_grace_period: 2m

🟨 Versioning

Using SemVer for versioning.

For the versions available, see the tags on this repository.

🟨 Authors

• Zakhar Bernhardt - Initial work - Ze

See also the list of contributors who participated in this project.

🟨 License

This program is free software.

You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation - see the LICENSE file for details