DEF CON 30 - Sharon Brizinov - Evil PLC Attacks - Weaponizing PLCs

These days, Programmable Logic Controllers (PLC) in an industrial network are a critical attack target, with more exploits being identified every day. But what if the PLC wasn’t the prey, but the predator? This presentation demonstrates a novel TTP called the "Evil PLC Attack", where a PLC is weaponized in a way that when an engineer is trying to configure or troubleshoot it, the engineer’s machine gets compromised. We will describe how engineers diagnose PLC issues, write code, and transfer bytecode to PLCs for execution with industrial processes in any number of critical sectors, including electric, water and wastewater, heavy industry, and automotive manufacturing. Then we will describe how we conceptualized, developed, and implemented different techniques to weaponize a PLC in order to achieve code execution on an engineer’s machine. The research resulted in working PoCs against ICS market leaders which fixed all the reported vulnerabilities and remediated the attack vector. Such vendors include Rockwell Automation, Schneider Electric, GE, B&R, Xinje, OVARRO and more.

Inside Claroty Team82's EvilPLC Attack
▶︎

Inside Claroty Team82's EvilPLC Attack

Their Junior Tech Destroyed This $2000 Gaming Laptop In 60 Seconds!
▶︎

Their Junior Tech Destroyed This $2000 Gaming Laptop In 60 Seconds!

DEF CON 33  - Can't Stop the ROP: Automating Universal ASLR Bypasses - Bramwell Brizendine
▶︎

DEF CON 33 - Can't Stop the ROP: Automating Universal ASLR Bypasses - Bramwell Brizendine

The Dark Side of Wireless Networks: Intro to Wi-Fi Hacking - Megi Bashi - Ryan Dinnan
▶︎

The Dark Side of Wireless Networks: Intro to Wi-Fi Hacking - Megi Bashi - Ryan Dinnan

Formation-Preserving Control for Multi-Robot Systems Using Artificial Potential Functions
▶︎

Formation-Preserving Control for Multi-Robot Systems Using Artificial Potential Functions

A Decade After Stuxnet: How Siemens S7 is Still an Attacker's Heaven
▶︎

A Decade After Stuxnet: How Siemens S7 is Still an Attacker's Heaven

Zig 2026: No-AI Policy, $670K Foundation, Left GitHub & Why Zig Isn’t 1.0 - Andrew Kelley Explains
▶︎

Zig 2026: No-AI Policy, $670K Foundation, Left GitHub & Why Zig Isn’t 1.0 - Andrew Kelley Explains

Exploiting OPC-UA in Every Possible Way: Practical Attacks Against Modern OPC-UA Architectures
▶︎

Exploiting OPC-UA in Every Possible Way: Practical Attacks Against Modern OPC-UA Architectures

DEF CON 33 - Cash, Drugs, and Guns - Why Your Safes Aren't Safe - Mark Omo, James Rowley
▶︎

DEF CON 33 - Cash, Drugs, and Guns - Why Your Safes Aren't Safe - Mark Omo, James Rowley

DEF CON 32 - Inside the FBI’s Secret Encrypted Phone Company ‘Anom’ - Joseph Cox
▶︎

DEF CON 32 - Inside the FBI’s Secret Encrypted Phone Company ‘Anom’ - Joseph Cox

Building a Secure OT Network | SANS ICS Concepts
▶︎

Building a Secure OT Network | SANS ICS Concepts

DEF CON 31 War Stories - Tracking the Worlds Dumbest Cyber Mercenaries - Cooper Quintin
▶︎

DEF CON 31 War Stories - Tracking the Worlds Dumbest Cyber Mercenaries - Cooper Quintin

DEF CON 30 - Gal Zror - Hacking ISPs with Point-to-Pwn Protocol over Ethernet (PPPoE)
▶︎

DEF CON 30 - Gal Zror - Hacking ISPs with Point-to-Pwn Protocol over Ethernet (PPPoE)

HP 3458A - Why is this 31 year old Multimeter UNRIVALLED?
▶︎

HP 3458A - Why is this 31 year old Multimeter UNRIVALLED?

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup
▶︎

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup

World's Most Famous Hacker Kevin Mitnick & KnowBe4's Stu Sjouwerman Opening Keynote
▶︎

World's Most Famous Hacker Kevin Mitnick & KnowBe4's Stu Sjouwerman Opening Keynote

OT Security 101 Training: How to Get Started
▶︎

OT Security 101 Training: How to Get Started

DEF CON 32 - From getting JTAG on the iPhone 15 to hacking Apple's USB-C Controller - Stacksmashing
▶︎

DEF CON 32 - From getting JTAG on the iPhone 15 to hacking Apple's USB-C Controller - Stacksmashing

DEF CON 26 - Thiago Alves - Hacking PLCs and Causing Havoc on Critical Infrastructures
▶︎

DEF CON 26 - Thiago Alves - Hacking PLCs and Causing Havoc on Critical Infrastructures

#HITB2022SIN EDR Evasion Primer For Red Teamers - Jorge Gimenez & Karsten Nohl
▶︎

#HITB2022SIN EDR Evasion Primer For Red Teamers - Jorge Gimenez & Karsten Nohl