Skip to content

New OT Defense Labs#2

Open
fariasrafael10 wants to merge 11 commits into
substationworm:mainfrom
2025-26-EI-Projects:NewOTLabs
Open

New OT Defense Labs#2
fariasrafael10 wants to merge 11 commits into
substationworm:mainfrom
2025-26-EI-Projects:NewOTLabs

Conversation

@fariasrafael10

@fariasrafael10 fariasrafael10 commented Jun 25, 2026

Copy link
Copy Markdown

What and why

Adds the DNP3 OT defensive trilogy, closing this lab series:

  • OTLab14 — DNP3 traffic analysis with Wireshark (understand the protocol).
  • OTLab15 — behavioural detection with Zeek (baseline → allowlists → detectors).
  • OTLab16 — OT incident response (triage, surgical containment, recovery).

Each lab feeds the next (one lab's deliverable is the next lab's input).

Contents (per lab)

  • OTLabNN.sh — Docker Compose orchestration.
  • OTLabNN.md` (+ -EN/-ES) — lab brief: PT-PT canonical, EN/ES translations.
  • Reference cards and (in 16) the IR template, with PT/EN/ES versions.
  • index.md/index.en.md/index.es.md — Hugo wrappers (front matter + shortcodes).
  • 3 index lines in README.md.

LandingPage / Hugo integration

  • Depends on the .landingPage/ machinery (shortcodes readfile/code-preview/
    collapsible) already on main via the LandingPage PR.
  • The CI auto-discovers the labs (mounts) and generates the PDFs — not included here.
  • Banner/title/README nomenclature aligned with Prof. Luiz's request.

How to test (OTLab14 example)

./OTLab14.sh -start ubuntu → http://localhost:3000, capture DNP3 in Wireshark
./OTLab14.sh -stop

fariasrafael10 and others added 11 commits June 22, 2026 22:56
Adição da pasta OTLab14: scripts e tasks
fe7cd7b
OTLab14: add -web option to usage section
f08de7e
Update OTLab14 script and tasks
4b3fc45
Update OTLab14 script and tasks
49e4e11
@claude
OTLab14: add attribution badges and ATT&CK for ICS skills section
24d8872 
Header: keep original author badges and add GitHub/LinkedIn/IPL ESTG-DEI.
New Skills section maps lab tasks to MITRE ATT&CK for ICS (T0846, T0840, T0842, T0861).
Minor updates to OTLab14.sh and DNP3WiresharkReference.md. Ignore *.bak via .gitignore.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@claude
Remove .gitignore from repo (committed by mistake)
9fc1658 
The .gitignore was not intended for this fork. Local-only ignore of *.bak
now lives in .git/info/exclude, which is never versioned.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Add OTLab15: DNP3 + Zeek detection lab (scripts and tasks)
58a6cca
Add OTLab16: OT Incident Response Lab (scripts and tasks)
989b011
Update README: index OTLab14-16 with repo-relative links so the index…
82367d9 
… resolver under any fork/branch/clone.
OTLab14: normalize H1 title
abb28c9
OTLab14-16: Hugo/LandingPage integration (PT-PT canonical, EN/ES, ind…
8ccb208 
…ex bundles, numbered tasks) + README index
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@fariasrafael10