At Below∅Day, we are experts in Industrial Control Systems (ICS) penetration testing. Our team has extensive experience in performing assessments on critical infrastructure and we use a variety of techniques and tools to thoroughly evaluate the security of ICS environments.

During an ICS penetration testing engagement, we first conduct a thorough reconnaissance phase to understand the systems, assets, and attack surface that we will be targeting. We use this information to develop a custom testing plan that will simulate real-world attack scenarios.

Once the testing plan is in place, we begin the testing phase where we identify and exploit vulnerabilities in the ICS environment. Our team has extensive knowledge of ICS protocols and architectures, which allows us to test every aspect of the environment, from the sensors and actuators to the programmable logic controllers (PLCs) and human-machine interfaces (HMIs).

We also employ a wide range of tools and techniques to help us identify vulnerabilities and exploit them. These include network scanners, vulnerability scanners, port scanners, and exploit frameworks. We also use custom-built tools to test for specific vulnerabilities in ICS environments.

Our reports are comprehensive and easy to understand, and they provide detailed information about the vulnerabilities that were found, the methods used to exploit them, and the potential impact on the ICS environment. We also provide remediation guidance to help organizations prioritize and address the identified vulnerabilities.


At Below∅Day, we know what we’re good at and we stick to it – red team services.

Internal & Cloud Penetration Testing

Our testing team will connect (remotely or on-site) to your internal network, simulating an attack as if a malicious actor were inside the network.

External Penetration Testing

Simulated attack acting as a malicious actor from the internet. We will test your external facing sites and services, as a real hacker would.

Web Application Testing

Pre-release and Production web application testing. This test is a complete and comprehensive analysis of your web application, looking for vulnerabilities and weaknesses in both front-end and back-end systems.

Server and Desktop Application Testing

Windows, Linux, or MacOS application testing. Both client and server-side security assessment of pre-production or production applications.

Wireless Penetration Testing

Wireless networks often spread over much larger areas than desired, leaving a greater footprint of your network to be attacked.

Mobile Testing

Mobile application penetration testing is the process of identifying and exploiting vulnerabilities in a mobile application to ensure that it is secure against external attacks.

PCI Penetration Testing

PCI Penetration Testing is a security assessment process that identifies vulnerabilities in a company’s network and systems to ensure compliance with the Payment Card Industry Data Security Standards (PCI DSS).

Industrial Controls Systems Penetration Testing

Industrial control systems penetration testing involves simulating cyber attacks on critical infrastructure to identify vulnerabilities and improve security measures.

Phishing Services

Phishing services simulates attacks on an organization’s employees to assess their susceptibility to phishing attempts and identify potential security weaknesses.