🔸Before any OT/ICS risk assessment, profile the system.
🔸System profiling = a deliberate inventory of components, connections, and weak points of the complete System under Consideration (SuC) so your risk model is built on facts, not assumptions.
🔸In practice, that means mapping interfaces, routes, listeners, identities, and services first. As shown in the depicted PDF file, I compiled a concise Linux/Windows cheat sheet for this phase.
🔸Use these commands: if the OT asset runs a general-purpose OS (e.g., HMI/SCADA servers, engineering workstations, jump hosts, historians).
