-
Section 1: Foundations - Why OT Environments Get Attacked
7 Lessons -
Section 2: Understanding OT Systems from an Defender's Perspective
8 Lessons -
Section 3: Building Your Hands-On OT Deception Lab
6 Lessons -
Section 4: Core Deception Technology and Architecture
6 Lessons -
Section 5: Creating Believable Low-Interaction Industrial Devices
8 Lessons-
Start28 Section Overview
-
Start29 Example: Simulating a Siemens Simaric S7-300 PLC
-
Start30 Exercise Overview and Guideline for Planning Effective Deception
-
Start31 Exercise 1: Modbus PLC Simulation
-
Start32 Exercise 2: Industrial HMI Simulation
-
Start33 Exercise 3: SEW Eurodrive Movidrive Drive Inverter Simulation
-
Start34 Exercise4: Simulated Production Server
-
Start35 Section Summary
-
-
Section 6: Designing a Low-Interaction OT Network
6 Lessons-
Start36 Section Overview
-
Start37 Example: Designing a Flat OT Network with Multiple Siemens PLCs and HMIs
-
Start38 Exercise Overview and Guideline for Planning Effective OT Honeynets
-
Start39 Exercise 1: Flat OT Network with Siemens and IIoT Devices
-
Start40 Exercise 2: Multi-Vendor OT Network with Schneider Electric and VFDs
-
Start41 Section Summary
-
-
Section 7: Simulating Real Industrial Services and Protocols
9 Lessons-
Start42 Section Overview
-
Start43 Adding Interactive Behavior to Industrial TCP Services
-
Start44 Using the DCEPT Honeypot Launcher
-
Start45 Simulating Siemens S7-300/1500 PLCs
-
Start46 Simulating Rockwell Allen-Bradley PLCs
-
Start47 Simulating Schneider Electric Modicon PLCs
-
Start48 Simulating IIoT and Smart Factory MQTT Services
-
Start49 Simulating Industrial HMIs
-
Start50 Section Summary
-
-
Section 8: Building Interactive Industrial Hosts
9 Lessons-
Start51 Section Overview
-
Start52 Example: Creating an Interactive Siemens S7-300 PLC
-
Start53 Exercise Overview and Guideline for Deploying Interactive Deception Hosts
-
Start54 Exercise 1: Interactive Siemens S7-1500 PLC
-
Start55 Exercise 2: Interactive Rockwell Logix 5561 PLC
-
Start56 Exercise 3: Interactive Modicon M221 PLC
-
Start57 Exercise 4: Interactive Industrial HMI
-
Start58 Exercise 5: Interactive IIoT MQTT Broker
-
Start59 Section Summary
-
-
Section 9: Deploying a Fully Interactive OT Deception Network
8 Lessons-
Start60 Section Overview
-
Start61 Example: Designing a Flat Interactive OT Network with Multiple Siemens PLCs and HMIs
-
Start62 Exercise Overview and Guideline for Planning Effective Network-Scale Deception Scenarios
-
Start63 Exercise 1: Interactive Siemens and IIoT Network
-
Start64 Exercise 2: Interactive Schneider Electric and VFD Network
-
Start65 Exercise 3: Interactive Rockwell Network with Production Server
-
Start66 Understanding Honeypot and Honeynet Limitations
-
Start67 Section Summary
-
Deception Technologies for Industrial Environments
Master industrial deception from PLC honeypots to fully interactive OT networks — practical, hands-on, engineered for real defenders
Industrial environments are not protected by theory. They are protected by people who understand how attackers actually move through OT networks. This training was built for defenders who want real, practical deception skills, not vendor black boxes, marketing slides, and abstract threat models. In this training, you don’t talk about deception. You build it from single PLC honeypots to fully interactive OT networks that look real, behave realistically, and deceive attackers where it matters.
Why This Training Works
Most OT security trainings stop at what deception is. This one teaches how deception is engineered — by someone who has designed, deployed, and defended real industrial systems in the field.
You won’t learn abstract concepts or vendor talking points. You’ll learn how attackers evaluate devices, what makes industrial assets believable, and how to design deception that actually works in production-like environments.
If you’re serious about protecting industrial devices and networks with clarity instead of guesswork, this training gives you the skills to do exactly that.
✅ Learn from a Pro: Training built by a veteran automation engineer — academic theory and real‑world OT know‑how.
✅ Cut Through the Vendor Black Boxes: You learn what attackers look for in PLCs, HMIs, MES servers, and network layouts — and how to exploit that behavior defensively.
✅ Incremental and realistic: You start with low-interaction deception and progressively build toward interactive hosts and networks, just like real environments evolve.
“The training equipped me to learn about testing real life [although simulated] ICS devices. The final Red team assignment was icing on the cake, reminded me of Matrix 2 movie scene of shutting down Power Plant”
Khanjen P. ⭐⭐⭐⭐⭐
PICSPT Alumni
"Well laid out, detailed with practical examples and exercises, bridging the gap between theory and practical. I would highly recommend this training."
Rohan V. ⭐⭐⭐⭐
PICSPT Alumni
"Training was put together well and identified all of the necessary tools. Hits close to home as one of the devices shown was only a few miles away from where I live. Hopefully they have fixed that since the data was collected eight years ago."
Michael E. ⭐⭐⭐⭐
PICSPT Alumni
Meet Your Instructor
Marcel — Automation Engineer
turned Offensive OT Expert
With 20+ years in automation and control, Marcel has commissioned production lines, wrestled PLCs into shape at 3 AM, connected HMIs in complex networks, reversed firmware, and defended real industrial environments.
Marcel’s journey spans debugging industrial systems in substations to securing entire production floors under real-world pressure.
Most OT security training is designed from the outside in—this one starts from the inside. He is not just someone who studied industrial security; He lived it.
Who It’s Built For
Built for anyone ready to roll up their sleeves, ask smart questions, and own their learning. You might be an IT pro, an engineer, a student, or a newcomer. It doesn’t matter where you’re coming from. At FOXGRID, your curiosity is what counts.
👨💻 For IT Professionals:
You already understand networks, attackers, and defensive security, now it’s time to apply that knowledge to industrial environments using deception.
This training helps you translate your IT security skills into OT-specific deception techniques.
You’ll build OT deception environments step by step, designed for defenders, SOC analysts, and red teams working near or inside industrial networks.
🤖 For Automation Professionals and Engineers:
You know how industrial systems are supposed to work, this training adds deception to your toolkit.
Use realistic decoys of Siemens, Rockwell, Schneider Electric, HMIs, and MES/OEE servers, and design safer network layouts.
Support your security team with practical, realistic honeypots and honeynets.
🌱 For Newcomers:
If you’re serious about learning how industrial environments are protected, this training gives you a hands-on entry point into OT deception.
You’ll learn how deception is used to mislead attackers. This is not a passive course. You’ll build real labs, deploy realistic honeypots, and see how attackers would interact with them.
That said, this training does not start from zero.
⚠️ Important prerequisite: This training assumes a fundamental understanding of offensive industrial security concepts.
If you are not yet comfortable with:
⚡Industrial attack surfaces
⚡OT protocols from an attacker’s view
⚡How adversaries exploit OT vulnerabilities
You should consider joining:
Practical Offensive Industrial Security Essentials
This training builds directly on that foundation.
Does This Sound Like You?
This training is for you if…
✅ You want hands-on OT deception skills, not theory
✅ You learn best by building and breaking systems
✅ You work with or plan to work with industrial environments
✅ You want skills that translate to real deployments and assessments
This training is not for you if…
❌ You expect hand-holding every step of the way
❌ You want vendor-specific product training
❌ You’re not comfortable doing a bit of setup and troubleshooting
❌ You want to “watch and forget”—this training requires doing
❌ You don't want to think independently and research like an engineer
By the end of this training, you will be able to:
✅ Design convincing OT deception scenarios
✅ Build low- and medium-interaction industrial honeypots
✅ Simulate PLCs, HMIs, MES/OEE servers, and IIoT services
✅ Create interactive industrial hosts attackers can engage with
✅ Deploy complete deceptive OT networks
✅ Understand the limitations and risks of honeypots and honeynets
🚀 Build and Deploy Realistic OT Deception Labs
- Siemens S7-300 / S7-1500 PLC Deception Hosts
- Modbus-Based Industrial Controller Honeypot
- Simulated Production Server (MES/OEE-Style Systems)
- Smart Factory IIoT Deception
- Rockwell Allen-Bradley PLC Deception Host
- Siemens Simatic HMI Service Deception
- Multiple OT Honeynets with Deceptive Devices
Get Certified with FOXGRID
When you complete this course, you’ll receive a FOXGRID Certificate of Completion – a verifiable digital credential you can share with employers, clients, and your professional network.
✅ Showcase your expertise on LinkedIn
✅ Strengthen your CV and stand out in job applications
✅ Demonstrate hands-on skills in real-world OT cybersecurity
✅ Join a growing community of certified FOXGRID professionals
Frequently Asked Questions (FAQ)
What exactly will I learn in this training?
You will learn how to design, build, and deploy believable low- to medium-interaction honeypots and entire honey networks tailored to industrial environments. You’ll start with the fundamentals of OT-focused deception, then move step-by-step from simple hosts to interactive protocols and full network simulations.
Is this course beginner-friendly?
You don’t need to be an OT security expert, but you should have basic familiarity with industrial networks or previous exposure to offensive security concepts. If you’ve completed POISE — or similar practical training — you’re perfectly prepared.
Do I need real PLCs or industrial hardware?
No. Everything is built inside a virtualized lab (VirtualBox + Ubuntu). You can complete the entire course with a laptop capable of running a few VMs.
How realistic are the honeypots we build?
The course focuses on believable, low- to medium-interaction deception designed to redirect opportunistic attackers and scanners away from real assets. These are not full digital twins or high-fidelity PLC simulations — the goal is strategic diversion, not perfect emulation.
Does this course include detection, SIEM, or NDR integration?
No. The training focuses entirely on building the deception layer itself. Once deployed, your honeypots may feed logs into any detection system you already use — but that’s outside the scope of this course.
Will this work against targeted or highly skilled attackers?
The deception techniques here are most effective against
Persona A: opportunistic external scanners and
Persona B: internal curious explorers.
Highly targeted industrial APT-level adversaries may still bypass low-interaction deception — which is why this training emphasizes practicality, not fantasy-grade realism.
Is this training only about honeypots?
It goes beyond that. You’ll also learn how to design honey networks, manage fake subnets, handle proxying of interactive services, and create deception layers that look consistent and believable to attackers.
I’ve never built a honeypot before. Can I still take the training?
Yes — the course is structured so each module builds on the previous one. You’ll start with the absolute basics (spawning a single host) and gradually progress to interactive OT deception networks.
What are the technical requirements for the training?
You’ll need a Windows 10 or Windows 11 machine with admin rights to install software. The practical labs run inside Oracle VirtualBox, so your machine should support virtualization. Minimum: 8 GB of RAM Recommended: 16 GB of RAM for smooth performance A stable internet connection is also recommended to stream the videos and download lab resources. VirtualBox also works on Apple silicon, but you need to install it on your own.
What’s Inside the Training
This training is a hands-on journey into the real OT deception technology—engineered for learners who want depth, realism, and structure. This is just a high-level overview. Scroll down to preview the full curriculum with 65+ lessons on FOXGRID.
Section 1 - 2 : Fundamentals
✅ Industrial attacker mindset
✅ OT attack surfaces
✅ How deception works in industrial environments
Section 3: Build Your Virtual Lab
✅ Building a realistic OT lab with attacker and deception hosts
✅ Everything runs on open source—no extra costs
Section 4 - 6: Deception Technology Basics
✅ Deception architecture and launcher concepts
✅ Core commands and configuration patterns
✅ Low-Interaction honeypots and honeynets
Section 7 - 9: Interactive Honeypots & Honeynets at Scale
✅ Fully interactive OT networks
✅ Multi-vendor environments
✅ Understanding real-world limitations
⚠️ What You’ll Need to Get Started ⚠️
To make the most of the hands-on simulations in this training, ensure your system meets the following requirements:
✅ Windows 10 or 11 with admin rights to install and run Oracle VirtualBox
✅ At least 8 GB RAM (16 GB recommended for optimal performance)
✅ A stable internet connection for streaming and downloads
No industrial hardware or expensive tools needed — the entire lab runs virtually using open-source resources.
Ready to Learn OT Deception the Right Way?
Start today.
Build your lab.
Spawn your first ghost host next week.
Course Curriculum
Ready to Get Started?
65+ lessons, 2.5+ hours of content, 3.0+ hours of practical lab exercises.
Click here to enroll:
