Cybertek 2024

Training: Adversary Emulation for OT 2024/05/14

  • Workshop with discussion and scenarios
  • Intense day with coffee and lunch to strengthen your strength.
  • Fantastic trainers.
  • Limited number of participants.
  • Training in English.

In this workshop, we will introduce adversary emulation for OT. Adversary emulation is a type of Red Teaming driven by Cyber Threat Intelligence (CTI), attempting to closely emulate real-world threats in order to test an organization’s resilience. OT environments come with unique challenges in this regard, not just in terms of execution – but also in terms of environmental uniqueness. In this workshop, we will illustrate the fundamentals of adversary emulation with real-world case studies applied to realistic OT environments. Participants will leave with an appreciation for and hands-on experience with the value and nuances of this methodology for OT environments. The training is dedicated to technical people such as SOC/blue team members, security/ISO officers and automation engineers, and is also designed for experienced security managers and CISOs.

Simplified agenda:

  • Intro: What is Adversary Emulation? What makes OT different?
  • Fundamentals: The Cyber-Physical Attack Lifecycle, MITRE ATT&CK for ICS, and Cyber Threat Intelligence (CTI)
  • Case study 1: Mapping a recent OT threat to the lifecycle and MITRE ATT&CK
  • Lunch break
  • How-to: Scenario Development for OT and porting Emulation Plans to your OT environment
  • Case study 2: Developing a basic adversary emulation plan for a recent OT threat
  • Group exercise: Porting an existing emulation plan to your OT environment
  • Duration: 4 hours + breaks


  • Please have a positive attitude, a willingness to learn and accept a possible steep learning curve, depending on your current skill set.
  • Basic knowledge of OT security.


  • Dr. Marina Krotofil has more than 10 years of industry experience as an ICS/SCADA information security specialist and leader. She has extensive knowledge in performing customized audits for OT environments, including security and supply chain systems. She has been recognized in a number of publications and received a two-year full scholarship from Airbus under the Global Engineering Program. She actively participates on the review boards of conferences such as Black Hat, ESORICS, AIoTS, CPSS, ICSS, SINConf, CRITIS and serves as an evaluator of grant proposals for European Commission security projects (HORIZON 2020 program).
  • Jos Wetzels is a co-founder and security researcher at Midnight Blue. His research has included reverse engineering, vulnerability research and exploit development in areas ranging from industrial and automotive systems to IoT, networking hardware and deep embedded SoCs. He previously worked as a researcher in the Distributed and Embedded Security (DIES) group at the University of Twente (UT) in the Netherlands. He conducted security analyses of state-of-the-art network and host-based intrusion detection systems and was involved in research projects on on-the-fly detection and containment of unknown malware and APTs.

Join the event & enjoy the cyber!

Scroll to Top