Overview

Learn OT/ICS pentesting by exploring, breaking things, and having fun

What is this?

A full-day adventure where you learn industrial security by actually doing it. No lectures. No rigid schedule. Just you, a simulator full of vulnerable control systems, and interesting challenges to tackle.

You can crash turbines. Steal secrets. Break things. All safely in a simulator where mistakes don’t matter and curiosity is encouraged.

Duration: A full day (arrive around 9am, finish around 5pm, with breaks for coffee and lunch when you want them)

For: University students learning security, especially those who know IT security and want to understand OT/ICS

Style: Montessori for adults - explore at your own pace, pick challenges that interest you, learn by doing

How it works

You arrive. You get:

  • Access to the UU Power & Light simulator (a power plant with PLCs, SCADA servers, and lots of vulnerabilities)

  • A collection of pentesting scripts

  • A list of interesting challenges

  • Facilitators who’ll help when you’re stuck

  • Freedom to explore however you want

You choose:

  • Which challenges interest you

  • Whether to work alone or in a small group

  • How deep to go on any topic

  • When to take breaks

  • Whether to focus on technical hacking or communication/reporting

You discover:

  • How industrial protocols work (or don’t)

  • Why OT security is different from IT security

  • What you can do with unauthenticated access to control systems

  • How to explain technical findings to non-technical people

  • That breaking things in a simulator is really quite fun

What you can learn

Technical skills:

  • Industrial protocol pentesting (Modbus, S7, OPC UA, EtherNet/IP)

  • Network reconnaissance in OT environments

  • Vulnerability discovery and exploitation

  • Creating proof of concepts that demonstrate real impact

Contextual understanding:

  • Why OT security differs from IT security

  • How industrial control systems work

  • What constraints operations teams face

  • Why “just patch it” isn’t always possible

Communication skills:

  • Translating technical findings to business language

  • Handling sceptical stakeholders

  • Understanding different perspectives (security vs operations vs management)

Most importantly: you can understand that OT security is about people, processes, and context as much as it’s about technical vulnerabilities.

The setting

You’re in Ankh-Morpork at Unseen University Power & Light, which supplies electricity to the University, the Patrician’s Palace, and significant portions of the city.

The systems are vulnerable. The stakes are high (in the story). The learning is real.

And yes, if you’re convincing enough, you might have to present your findings to Lord Vetinari. He will ask difficult questions.

What you need

  • Laptop with Python 3.12+

  • Curiosity and willingness to explore

  • Collaborative attitude (if working in groups)

  • No prior OT security experience required (that’s what you’re here to learn!)

A typical day (but not rigid!)

Morning: Most people explore and hack, trying different challenges, discovering how industrial protocols work

Lunch: Natural break, informal discussions about what people found

Afternoon: Some continue hacking, others want to present findings and practice explaining them, roleplay emerges naturally

End of day: Everyone shares what they discovered, what surprised them, what they learnt

AND: This is self-paced. If you want to spend the whole day on one deep technical challenge, do that. If you want to try lots of different things, do that. There’s no “correct” way to learn.

Ready to explore?

This isn’t a traditional workshop where you sit and listen. This is an adventure where you explore, break things (safely), and discover how industrial security works by actually doing it.

The simulator is ready. The challenges are waiting. The coffee is hot.

See you in the Unseen University at Ankh-Morpork.

Details: See the Exploration challenges for challenge descriptions and Student guide how to make the most of your day.

“Learning by doing is all very well, but learning by doing something that goes ‘bang’ is considerably more educational.” - Ponder Stibbons (probably)