🏭

Learning Track · 15 modules

IoT & OT Security

Connected devices and industrial control systems. Hardware, firmware, ICS protocols, safe OT testing.

Why this track

Connected devices and industrial control systems. Hardware, firmware, ICS protocols, safe OT testing. This track walks you from fundamentals through advanced techniques across 15 practitioner modules — the same body of knowledge senior security professionals build over years, structured for self-paced progression with India-specific context throughout.

Prerequisite: See module 1 for entry context. Most modules are self-contained but follow the suggested sequence for best results.

Modules

11.3 h

Total time

Free modules

∞

Quiz retries

Difficulty mix

Beginner · 1 Intermediate · 7 Advanced · 6 Expert · 1

Module sequence

IoT & OT Security Fundamentals

IoT vs OT, the Purdue model, defender constraints, threat landscape, notable real-world OT incidents.

Beginner 60 min →

IoT Device Security Testing

Hardware reconnaissance, UART/JTAG, firmware extraction with binwalk, BLE/Zigbee testing, cloud API audit.

Intermediate 90 min →

Industrial Control Protocols

Modbus, DNP3, OPC-UA, S7Comm, EtherNet/IP, BACnet — protocol attack surfaces and defenses.

Intermediate 90 min →

OT Security Testing Methodology

Safe OT assessment phases, scoping rules, dual-track reporting for engineering and CISO, India-focused compliance.

Advanced 120 min →

IoT/OT Lab Walkthrough

Build a small ICS lab with OpenPLC, ScadaBR, run a complete assessment cycle, hardening, detection.

Expert 150 min →

IoT Protocols — MQTT, CoAP, Modbus

IoT/OT runs on protocols designed for constrained devices, often without security as primary concern. The big four MQTT — pub/sub for IoT. Default no auth; if auth, often password in plaintext. TLS optional. CoAP — HTTP-like for constrained devices. UDP-based; DTLS optional. Modbus — industrial. No auth. No encryption. Designed 1979. BACnet — building automation. […]

Intermediate 20 →

OT Network Monitoring

Active scanning breaks OT — even an Nmap can crash a PLC. Passive monitoring is the norm. Tools Claroty CTD — top-tier; Indian energy sector adoption Nozomi Networks — competitor Dragos Platform — industrial-control-specific Open source — Zeek with industrial parsers Detection patterns Unauthorised PLC programming (write to coil/register) HMI talking to non-PLC destinations Firmware […]

Intermediate 20 →

Purdue Model & ICS Architecture

Purdue Model = standard reference architecture for ICS networks. Six levels of segmentation. Levels Level 0 — physical process (sensors, actuators) Level 1 — basic control (PLCs, RTUs) Level 2 — area supervision (HMIs, historians) Level 3 — site operations (MES, plant historians) Level 3.5 — DMZ between OT and IT Level 4-5 — corporate […]

Intermediate 15 →

IoT Firmware Analysis

IoT pentesting often starts with firmware. Extract, analyse, find vulns offline. Workflow # Identify firmware structure binwalk firmware.bin binwalk -e firmware.bin # extract everything # If squashfs / cpio extracted ls _firmware.bin.extracted/ # Look for /etc/passwd, /etc/shadow, /www/, hardcoded secrets # Static analysis on binaries ghidra (or radare2) # Emulate qemu-system-arm -kernel kernel.bin firmadyne / […]

Advanced 20 →

M10

Bluetooth & Zigbee Security

Wireless protocols for IoT have specific attack surfaces. BLE Pairing modes: Just Works (no auth), Passkey, OOB Many devices use Just Works (vulnerable to MITM during pairing) Tools: Ubertooth, BTLEjuice, Sniffle, ESP32-based Zigbee / Z-Wave Network keys; if leaked once during initial pairing, devices vulnerable forever Tools: KillerBee, Z-Wave Hacking Toolkit Common findings Smart locks […]

Intermediate 15 →

M11

ICS Threat Actors

ICS attacks have public-policy gravity. Each provides defender learning. The big incidents Stuxnet (2010) — Iranian nuclear centrifuges; multi-stage; PLC manipulation BlackEnergy / Industroyer (2015-16) — Ukraine power grid; substations TRITON / TRISIS (2017) — Saudi petrochemical; targeted safety systems Colonial Pipeline (2021) — IT-side ransomware; OT shutdown precautionary Pipedream / Incontroller (2022) — modular […]

Advanced 15 →

M12

OT Incident Response

OT IR differs from IT IR. Safety supersedes investigation. Containment can mean physical action, not just network isolation. Differences Safety first; never an action that endangers people or environment Operations team has veto on technical decisions Evidence preservation often impossible (PLCs don’t log; HMI logs sparse) System restoration may require physical access Recovery from backup […]

Advanced 15 →

M13

IoT Supply Chain Risk

IoT devices ship with security debt. Default creds, no update mechanism, hardcoded keys. Supply chain compounds it. Issues Default credentials never changed (Mirai botnet exploited this) No firmware updates after sale (10-year-old vulns active) Hardcoded private keys discovered post-shipment Foreign-manufacture concerns (geopolitical) Recycled chips with unknown firmware Indian regulatory environment 2022 CERT-In Direction requires equipment […]

Intermediate 15 →

M14

IoT Cloud Integration Security

Modern IoT goes cloud. Cloud security + IoT security overlap. Patterns Device identity — per-device X.509 cert (best); shared key (acceptable); password (avoid) MQTT over TLS — standard transport Device shadows — last-known state for offline devices OTA updates — signed firmware; A/B partition for rollback Cloud-specific AWS IoT Core — most mature; per-device certs; […]

Advanced 15 →

M15

IoT Penetration Testing Methodology

IoT pentesting spans more layers than typical web. Methodology to cover all of them. Phases Reconnaissance — manuals, FCC IDs, FCC database, related devices Hardware — open device, identify chips, find debug ports (UART, JTAG) Firmware extraction — flash dump, firmware update interception, OTA capture Firmware analysis — Module 9 above Wireless — Wi-Fi, BLE, […]

Advanced 20 →

Common questions about this track

How long will this track take me? +

Most learners finish in 4-8 weeks at a sustainable 4-5 hours per week. Modules are self-paced so you can move faster or slower as life allows.

Do I need prior experience? +

Module 1 sets the entry baseline. The first module is always free; if it feels approachable, the track is for you.

Will this prepare me for industry certifications? +

Most modules align with the body of knowledge tested by senior security certifications. The Academy is not a cert-prep course but produces working knowledge that transfers to any cert exam in the same domain.

Ready to start?

Begin with Module 1. Work through at your own pace. Free modules require no signup — everything else unlocks with a free RingSafe Academy account.

Start Module 1 → View pricing tiers 🗺️ Explore Skill Map