Presented at
DEF CON 33 (2025),
Aug. 9, 2025, 11 a.m.
(45 minutes).
Dive into the world of Operational Technology (OT) adversary emulation — no racks of hardware required. With Caldera for OT (C4OT) and our new virtual device simulators, you can explore the inner workings of OT network communications from the comfort of your own home lab. The biggest industrial control systems incidents — FrostyGoop, PIPEDREAM, Industroyer — didn’t rely on flashy zero-days to impact physical systems. Instead, they used native OT protocols to send valid messages with malicious intent. Now, with C4OT, you can step into the attacker’s shoes and explore the quirks and capabilities of protocols like Modbus, DNP3, and IEC61850. No hardware? No problem. No experience? Even better. In this session, we’ll show you how to get started with adversary emulation against simulated OT devices, unlocking a hands-on environment to test your attacks, validate your defenses, and gain practical insights into the world of industrial cybersecurity. Whether you’re a defender looking to understand the threats, a researcher diving into OT protocol behavior, or a red-teamer eager to sharpen your skills, C4OT gives you the tools to experiment safely and effectively. Join us to see how C4OT is revolutionizing adversary emulation for OT — one packet at a time.
Presenters:
-
Devon Colmer
Devon serves as the lead for Caldera for operational technology (OT) within MITRE’s Critical Infrastructure Protection Innovation Center (CIPIC). He specializes in OT adversary emulation and detection engineering, leading the development of OT plugins for MITRE’s Caldera platform. Beyond Caldera, he is researching a common data model for OT protocols to lower the barrier of entry for OT network defenders.
-
Tony Webber
Tony is the lead for counter measures for operational technology in MITRE’s Critical Infrastructure Protection Innovation Center (CIPIC). His work has spanned systems engineering, solution prototyping, capabilities development, and deployment of cybersecurity and cyber situational awareness solutions for defending industrial control systems. His current focus is adversary emulation for ICS and space systems.
Similar Presentations: