Hacking the connected plant: AI edition!

Presented at DEF CON 33 (2025), Aug. 10, 2025, 9 a.m. (240 minutes).

Tired of legacy ICS systems? Attend this workshop to hack the next generation of Industrial Control Systems,! No more Modbus, no more standard PLC, no more Purdue model! This workshop is designed to show what the future might look like for Industrial Control Systems, with a focus on ML & AI! We’ll bring a realistic ICS setup that features all the fancy current and future trends: SD-WAN and Zero Trust, OPC-UA, MQTT, Digital Twin, Edge devices and soft-PLCs to control a small-scale industrial process simulation. This year, we’ll also add some machine learning and LLM challenges! Will you be able to trick the ICS virtual assistant into giving you access to the production systems? After a short introduction, we’ll get into hacking! We will walk you through a CTF-style exercise to go from 0 to full industrial process hacking! The CTF will be guided so that everyone learns something and gets a chance to get most flags!

Presenters:

• Arnaud Soullié - Senior Manager at Wavestone
  Arnaud Soullié is a Senior Manager at Wavestone, a global consulting company. For 15 years, he has been performing security assessments and pentests on all types of targets. He started specializing in ICS cybersecurity 10 years ago. He has spoken at numerous security conferences on ICS topics, including: BlackHat Europe, BruCon, 4SICS, BSides Las Vegas, and DEFCON. He is also the creator of the DYODE project, an open source data diode aimed at ICS. He has taught ICS cybersecurity trainings since 2015.
• Alexandrine TORRENTS - Senior Manager at Wavestone
  Alexandrine Torrents is a Senior Manager at Wavestone. She started as a penetration tester, and performed several cybersecurity assessments on ICS. She worked on a few ICS models to demonstrate attacks on PLCs and developed a particular tool to request Siemens PLCs. Then, she started working at securing ICS, especially in the scope of the French military law, helping companies offering a vital service to the nation to comply with security rules. Now, Alexandrine works with different industrial CISOs on their cybersecurity projects: defining secure architectures, hardening systems, implementing detection mechanisms. She is also IEC 62443 certified and still performs assessments on multiple environments.

Similar Presentations:

• BSidesLV 2023 / Pentesting ICS 101
• DEF CON 32 (2024) / Industrial Control Systems: how to secure them in practice! Workshop
• DEF CON 32 (2024) / Hack the connected plant! Workshop