Pentest OT/SCADA: PLC, RTU, Modbus, DNP3, IEC 61850
Pentest em ambiente industrial OT — PLC, RTU, SCADA, HMI, historian, Purdue Model. Protocolos Modbus, DNP3, IEC 61850, OPC UA.
Why now
The real pain
OT não pode parar. Indústria, energia, água, óleo & gás operam infra crítica que ataque pode literalmente matar gente. NotPetya, Industroyer, Triton, Pipedream — gangs estatais já vão atrás. Pentest OT especializado entende safety + cibersegurança simultaneamente.
Applicable frameworks
/attack-surface
Pentest OT/SCADA
Every engagement is designed for your environment. The points below are part of our standard playbook for this sector — final scope is adapted to your stack and contract.
Purdue Model & segregação
Validação de níveis 0-5 do Purdue, DMZ industrial, conduit firewall, jump server.
PLC e RTU
Modbus TCP sem auth, write coil unauthorized, firmware vulnerável, default credentials.
SCADA e HMI
Inductive Automation, WinCC, Wonderware, FactoryTalk — acesso indevido, manipulação de set point.
Protocolos industriais
Modbus, DNP3, IEC 61850 (MMS/GOOSE/SV), OPC UA — captura, replay, manipulação.
Historian e MES
PI Server, Aspen Historian, manipulação de histórico, integração ERP comprometida.
Engineering workstation
Engenheiro com download/upload de lógica, USB protocol, supply chain de software.
/methodology
Genuinely manual pentest
Automated scanners find what's documented. Real attackers find what isn't. 90% of the work is manual — performed by specialists holding OSCP, CISSP, CRTO and GPEN.
01 · Reconnaissance
Target mapping, OSINT, footprint, sector-specific threat modeling.
02 · Discovery
Deep enumeration, complementary scanning, manual exposure identification.
03 · Exploitation
Manual validation with controlled PoC, finding chaining, escalation.
04 · Report
Executive + technical, step-by-step replication, mapped to applicable regulation.
/why-trust
Who has trusted our work
Engajamentos em geração de energia, água e indústria de processo. Trabalho coordenado com equipe de safety.
Technical assessment recognized in highly regulated, mission-critical environments — the pentest that finds what nobody had found before.
Douglas Lopes
Founder · CEO · intrus.io
/crivo · integrity program
of pentester candidates fail our Crivo screening
Do you know who's getting access to your environment?
NDAs work in court. They don't work day-to-day. Before first access, every pentester on our team passes background, psychometric profile and integrity testing.
- In-depth criminal, fiscal and professional verification
- Psychometric assessment and risk profile
- Practical integrity testing with controlled scenarios
- Fixed team — non-rotating, no 'stranger every engagement'
/faq
FAQ — Pentest OT/SCADA
Vocês quebram processo?
Não. Operamos em ambiente de teste/HIL quando possível, ou em janela de manutenção planejada com safety presente. Nunca tocamos PLC ativo sem alinhamento total.
Faixa de preço?
Site único: R$ 40-100k. Multi-site (geração + transmissão + distribuição): R$ 120-350k. Operação grande de indústria de processo: R$ 200-600k.
/contact
Conversar sobre OT/SCADA
Schedule a confidential meeting. Within 48h we'll send a proposal with scope, timeline and pricing.