PLC Playground: Hands-On Industrial Control Systems Attacks

Presented at DEF CON 33 (2025), Aug. 8, 2025, 2 p.m. (240 minutes).

Ever wanted to tinker with a real industrial controller without risking a plant meltdown? In this workshop, you'll get to play in a PLC playground using actual industrial control hardware like the MicroLogix 1100 PLC that simulates physical processes like a fluid tank and a garage door. Guided by ladder logic programming and Proportional Integral Derivative (PID) tuning exercises, you will program the PLC to maintain tank levels and move machines, observing how the control system responds in real-time. This workshop focuses on directly interacting with and exploiting the physical PLC hardware and its underlying protocols with a hardware-in-the-loop setup that includes an HMI. Participants won't just click buttons. They'll write ladder logic, interact with real I/O, and observe how PLCs process and respond to industrial inputs in real-time. Along the way, we'll highlight common ICS quirks and vulnerabilities (from insecure protocols to "insecure by design" logic) that can make these systems a hacker's playground. The Hardware In the Loop Industrial Control System (HILICS) kits used in this workshop are an open-source project that was designed and built by the Air Force Institute of Technology (AFIT) to provide a safe, scalable platform for exploring the cyber-physical dynamics of ICS environments.

Presenters:

• Anthony "Coin" Rose - Director of Security Research and Chief Operating Officer at BC Security
  Dr. Anthony "Coin" Rose is the Director of Security Research and Chief Operating Officer at BC Security, as well as a professor at the Air Force Institute of Technology, where he serves as an officer in the United States Air Force. His doctorate in Electrical Engineering focused on building cyber defenses using machine learning and graph theory. Anthony specializes in adversary tactic emulation planning, Red and Blue Team operations, and embedded systems security. Anthony has presented at security conferences, including Black Hat, DEF CON, HackMiami, RSA, HackSpaceCon, Texas Cyber Summit, and HackRedCon. He also leads the development of offensive security tools, including Empire and Moriarty.
• Daniel Koranek - Air Force Institute of Technology
  Dr. Daniel Koranek is an Assistant Professor of Computer Science at the Air Force Institute of Technology (AFIT) and a two-time graduate of AFIT in cyber operations (2010, M.S.) and computer science (2022, Ph.D.), where his research interests focus on the intersection of artificial intelligence/machine learning and cybersecurity. This includes using AI/ML to enhance cybersecurity and using vulnerability assessment and secure design techniques to improve AI deployments. He has spent most of his career on reverse engineering and vulnerability assessment of embedded systems like the HILICS kit, and overlapping AI and cybersecurity drove Dr. Koranek's dissertation research on using the reverse engineering tool Binary Ninja to visualize explanations of malware classifications.
• Tyler Bertles
  Tyler Bertles is a Captain in the United States Army, currently pursuing a Master's degree in Cyber Operations at the Air Force Institute of Technology. He holds a Bachelor's degree in Computer Science and has conducted prior research on automated flight systems, with a focus on quadcopter platforms. With over 10 years of experience in Army Aviation, he has worked extensively with satellite navigation and communication systems. His current thesis research centers on developing intrusion detection capabilities for satellite cybersecurity.
• César Ramirez
  Captain César Ramirez is a student in the Cyber Operations Master's Program at the Air Force Institute of Technology (AFIT). He has a strong interest in penetration testing and digital forensics, which is reflected in his current research on attribution through proxy chains and the use of Explainable Artificial Intelligence (XAI) to identify malware functionality within blue networks. He has supported defensive cyber operations for space systems and intelligence-sharing platforms. In addition, he brings unique expertise in the application of non-kinetic effects to degrade the performance and functionality of military-grade drones. Captain Ramirez holds multiple certifications, including Security+, Pentest+, and Certified Cloud Security Professional (CCSP).

Similar Presentations:

• Black Hat USA 2019 / Rogue7: Rogue Engineering-Station Attacks on S7 Simatic PLCs
• DEF CON 30 (2022) / The Evil PLC Attack: Weaponizing PLCs
• DEF CON 30 (2022) / Securing Industrial Control Systems from the core: PLC secure coding practices Workshop