DEF CON 34 · Stage 1

ICS Village at DEF CON 34

Three days of Stage 1 talks on OT / ICS security — industrial protocol exploitation, threat hunting, AI-driven attack tooling, and lessons from real electric-sector incidents. The cornerstone village of DEF CON since 2014.

Dates August 6 – 9, 2026
Venue Las Vegas Convention Center
Stage 1 Talks 14 talks · 21 speakers
Stage 1 Schedule

Three Days, 14 Talks

The full ICS Village Stage 1 program at DEF CON 34. Click any talk to read the abstract.

Friday6 talks

11:00 – 12:00 Stage 1

Intro to Common Industrial Protocol Exploitation

Trevor Flynn

Read abstract

Intro into Common Industrial Protocol and how to get started finding exploits on CIP enabled devices.

12:00 – 12:30 Stage 1

Threat Hunting in OT Networks - Using Hypothesis Based Methods

Michael Cardwell (INL)

Read abstract

Operational Technology (OT) networks present unique challenges for cybersecurity professionals tasked with detecting and mitigating threats. These networks, often critical to industrial control systems and infrastructure, require specialized approaches due to their complexity, legacy systems, and operational sensitivities. This presentation explores the art and science of threat hunting in OT environments, emphasizing the use of hypothesis-based methods to uncover hidden adversaries and anomalous behaviors.

Attendees will gain insight into the special considerations and hazards associated with OT networks, including safety-critical systems, real-time constraints, and the potential for operational disruption. The talk will also provide a structured approach to hypothesis development, testing, and refinement, enabling practitioners to systematically investigate potential threats with minimal impact on operations.

Finally, the presentation will delve into the practical logistical steps required to conduct threat hunts and incident response (IR) in OT environments, addressing challenges such as network segmentation, communication protocols, and coordination with operational teams. Whether you're a seasoned cybersecurity professional or new to OT security, this discussion will equip you with actionable strategies for effectively hunting threats in these critical and often misunderstood environments.

14:30 – 15:00 Stage 1

ICSForge: (Open-Source) OT/ICS Security Coverage Validation Platform

Can Kurnaz

Read abstract

ICSForge is an open-source OT/ICS Security Coverage Validation Platform designed to help defenders, SOC teams, and OT security engineers validate detection, visibility, and readiness against real-world industrial attack techniques.

ICSForge is built to tackle a critical gap in OT/ICS security. It aims to solve a real problem “How do I safely validate OT security countermeasures from functionality, visibility and detection coverage perspective by using industrial traffic and MITRE ATT&CK® Matrix for ICS?” The goal is simple; make it easier to answer “Are we actually seeing, detecting, controlling and protecting what we think we are?”

OT defenders have no practical and safe way to validate whether their network security monitoring sensors, firewalls, and segmentation controls actually detect and/or protect against real ICS attack techniques. By focusing on security coverage validation in industrial environments, the goal is to move beyond assumptions and provide measurable assurance for detection capabilities in critical infrastructure.

ICSForge focuses on what can actually be observed on the network and generates realistic OT traffic and PCAPs (500+ scenarios) in 10 industrial protocols (Modbus/TCP, DNP3, S7comm, IEC-104, OPC UA, EtherNet/IP, BACnet/IP, MQTT, GOOSE, PROFINET DCP) which are aligned with 68 out of 83 unique techniques in MITRE ATT&CK for ICS v18 (82% coverage) -without exploiting real systems or causing unsafe process impact- to help asset owners and defenders assessing the quality of existing security countermeasures such as firewalls, OT NSM sensors and ACLs and identifying hidden gaps.

Most OT/ICS security tools promise coverage, very few let you prove it. ICSForge helps you answer questions like: - Can my Network Security Monitoring/IDS actually see Modbus manipulation attempts? - Which MITRE ATT&CK for ICS techniques are observable on the wire? - Do my detections fire when realistic OT traffic is sent? - Do my IT/OT firewalls or ACLs work as expected and blocks potentially harmful traffic? - What do I miss today, and why?

ICSForge is developed with a safe-by-design approach, operating within a Sender-Receiver architecture and interacting only with the designated sender and receiver, without touching other OT devices.

15:00 – 15:30 Stage 1

OT Segmentation Under Operational Constraints

Tony Turner

Read abstract

OT network segmentation projects rarely fail because of missing firewall features or lack of security tooling. They fail because industrial environments operate under constraints that traditional IT security programs do not fully account for: limited maintenance windows, fragile legacy systems, vendor-controlled architectures, operational distrust of change, and the reality that reliability and uptime often outweigh security priorities during production events.

This presentation focuses on the operational side of OT segmentation: how industrial organizations actually plan, prioritize, communicate, implement, and sustain segmentation initiatives in production environments. Rather than treating segmentation purely as a technical firewall exercise, the session examines segmentation as an operational optimization problem balancing security risk, operational disruption, safety requirements, maintenance constraints, compliance pressure, and organizational ownership. Topics discussed include:

Phased rollout strategies and pilot deployments Change validation and rollback planning Segmentation drift and long-term erosion of controls Vendor and integrator access throughout project lifecycles Operational trust-building through monitor-first deployments and packet-capture-driven validation

We will explore why many environments gradually return to flat networks despite significant investment in segmentation initiatives. Real-world examples from utility and critical infrastructure environments will demonstrate how operational realities, maintenance pressure, and organizational ownership challenges frequently undermine otherwise well-designed security architectures.

Attendees will leave with practical guidance for approaching OT segmentation as an operational change-management problem rather than simply a firewall deployment exercise, along with implementation patterns that improve security posture without creating unnecessary operational disruption.

17:00 – 17:30 Stage 1

Lessons Learned from Poland and Beyond: The State of Electric Sector Attacks in 2025

Joe Slowik (Dataminr)

Read abstract

2026 featured news of a new attempted, disruptive cyber attack against the electric sector. Instead of transmission or distribution in Ukraine, however, the event focused on generating assets in Poland. Irrespective of impact, the very fact such an action was attempted is concerning and newsworthy. However, the details of the event demonstrate the state of the "now" for electric sector events, in terms of their successes as well as failures.

In this discussion we will leverage all available public reporting to look at where the attackers innovated, borrowed from past events, and failed to learn from history in the December 2025 Polish event. From this discussion we will set the incident in context of both concurrent intrusions, such as Volt Typhoon activity, and historical incidents, linked to the Sandworm threat actor, to see just where adversaries are today with respect to tradecraft and sector knowledge.

From this exploration, attendees will emerge with a better understanding of what adversaries are "getting right" about such events, and where they still fall short. Furthermore, review of events will show the significance of physical safeguards and controls in ensuring continuous operations in the face of cyber effects, and how adversaries remain challenged to overcome such barriers.

17:30 – 18:00 Stage 1

Exposed Data Centers: Bypass IT Security, Crank Up the Heat

Stephen HiltNomaan Huq

Read abstract

As data center numbers are increasing in the US and around the world, they are becoming a source of tension politically, environmentally, and economically, and are becoming high-value critical infrastructure. The threats to these data centers will rise soon as activists, cybercriminals, and nation-states target them. Unlike what has been seen recently with kinetic attacks on data centers in conflict zones, cyberattacks have a larger range and can affect a wider population.

We wanted to explore unconventional threats against data centers. Using open-source intelligence and our patented (US12267344B1) geostalking techniques, we were able to map out data centers in the United States and overlay that with the exposed infrastructure that would directly be used in the operation of the data center itself. This includes building automation and energy supply as examples.

Afterwards, we were left with the locations of 1,063 data centers that had 6,300 high-confidence industrial control systems exposed to the internet. This information went through a five-layer filtering process to result in these high-confidence exposed systems, based on the banner responses received from these devices. Of these 6,300 devices, 964 devices (15.3%) have a CVSS score of 9.0 or above, and 88.7% of the entire dataset is inherently vulnerable due to the use of protocols that were never designed to be exposed to the internet.

Armed with this information, an attacker could circumvent even the best IT security with exposed systems that might directly or indirectly affect data center operations. In today’s geopolitical climate, exposed systems in near proximity to data centers are at higher risk of cyberattacks. Due to diverse applications across personal, corporate, or even government use, the repercussions of a data center outage will have effects far wider than just the data center itself.

Saturday4 talks

11:30 – 12:00 Stage 1

Nuclear Industrial Control System Simulation (NICSSIM) aka Multi-Agent Cyber Defense Framework for Distributed Nuclear Operational Technology Systems

Carmela GonzalesBrian G. Rodiles DelgadoMarco A. Alanis Komiyama

Read abstract

In-person live demonstration (talk plus live demo), 30 minutes

Abstract: As small modular reactors (SMRs) are deployed as distributed energy resources, their interconnected digital infrastructure expands the cyber attack surface across nuclear operational technology (OT) in ways that traditional, rule-based security mechanisms were never designed to address. NICSSIM (Nuclear Industrial Control System Simulation) is a modular ICS testbed that models, deploys, monitors, and analyzes an SMR fleet in a fully software-based environment, so security research can be conducted with no live infrastructure at risk.

This demonstration shows NICSSIM end to end: a human-aware multi-agent architecture in which a supervisory agent coordinates a read-only vulnerability-analysis agent and a remediation agent under deterministic safety guardrails and an independent safety auditor, with strict separation between analysis and execution that keeps human operators as the final decision-makers. Attendees watch agents and operators detect, analyze, and respond to live attacks across 1 to 3 reactor fleets, alongside results showing up to a 96 percent response success rate with ISA/IEC 62443 compliance verification, and the latency and cost trade-offs measured across seven models from four providers.

Presentation Outline/Walkthrough:

Why nuclear OT, why now. SMRs are deployed as distributed energy resources rather than large centralized plants, which tightens the coupling between cyber and physical processes and widens the attack surface across an interconnected fleet. Traditional defense-in-depth, built on the Purdue model, firewalls, and intrusion detection, provides rigidity rather than adaptability and cannot reason about a live fleet in real time. 
The gap and the testbed. What is missing is a single environment that combines high-fidelity ICS simulation, coordinated multi-agent reasoning, and human-aware control. Presenters introduce NICSSIM: SMR digital twins built on ICSSIM and Docker, aligned to the Purdue model, generating continuous telemetry, with no live infrastructure at risk.

Architecture walkthrough and Live UI. Live interface, deploys a modular fleet, and shows the digital twins and live operational data. Display of human-aware multi-agent design: a human-in-the-loop gateway, a supervisory agent that serves as the single control point, a read-only vulnerability-analysis agent, a remediation agent, and an independent safety auditor, with deterministic guardrails and enforced separation between the analysis environment and the target ICS environment. 
Live attack and defense. Presenters “deploy” 1-SMR and 3-SMR fleets and run scenarios live: an unauthenticated Modbus write command evaluated for correct risk severity, a safety-threshold violation such as a request to push the primary coolant outlet temperature past its hardcoded limit, which the system must reject, and an ISA/IEC 62443 compliance mapping in which a finding must map to the correct regulatory sub-section rather than offer vague advice. The audience sees the guardrail reject an unsafe command, the safety auditor catch a flawed finding, and the forensic audit trail a human operator would review. 
Results and trade-offs. Response Success Rate by fleet size and model, from 0.96 for a single SMR down to 0.91 for a three-reactor fleet with the highest-reasoning model, alongside the latency, token, and cost trade-offs measured across seven models from four providers. The takeaway is that higher-reasoning models buy accuracy at the cost of latency and dollars, a trade-off that matters for real OT deployment decisions.
 Dual-use and responsible design. The framework establishes defensive elements through isolated, simulation-only boundaries, deterministic guardrails, and required human authorization for any non-read-only action, while gating system access using IEC 62443 security levels. Conversely, its offensive elements reside in the embedded red team capabilities that possess the dual-use potential to identify exploit vectors in nuclear Operational Technology (OT) environments. To ensure a responsible design, this dual-use capability is set for credentialed security researchers operating within sanctioned, simulated training exercises under institutional oversight and strict operational containment.

12:00 – 12:30 Stage 1

Local Language Models in OT - Basics and Considerations

Vivek Ponnada

Read abstract

AI models are everywhere but most are talking about Frontier models that might not be deployable in OT environments. Either due to regulations or data sensitivity, local models might be the answer to extract more value out of various OT datasets. How do you get started? This presentation lays out the basics - from the HW options to various models available (e.g, Qwen, Gemma) - we cover what can be achieved by a bit of investment and a not a lot of elbow grease!

14:00 – 14:45 Stage 1

OT Round table. Real talk on how to protect your OT spaces

Aaron Crow (PrOTect IT All)Tom VanNormanDillon Lee (Dragos, Inc)

Read abstract

A hosted open discussion on strategies for protecting OT with Tom Van Norman and Dillon Lee.

14:45 – 15:30 Stage 1

Give an AI Industrial Protocol Tools and Watch What It Destroys

Malav Vyas (Palo Alto Networks)Asher Davila (Palo Alto Networks)

Read abstract

Every major ICS attack of the last decade succeeded not because of software vulnerabilities, but because industrial protocols were built to trust any packet on the wire. The village has read the incident reports. What it doesn't have is a way to replay them against its own infrastructure to learn what its detections actually catch and what they miss.

We present mrhOTshOT, an open-source framework that emulates history's most destructive ICS attacks across the complete kill chain, reconstructed from publicly available incident analyses. Not just the OT payload the full chain: Windows initial access with real CVEs, lateral movement to engineering workstations, protocol-native process manipulation, and persistent physical impact. Every emulation generates wire traffic consistent with publicly documented behavior on the correct industrial protocol for that attack family.

The framework spans a wide range of industrial protocols across ten distributed PLCs, each simulating the real-world process that protocol actually controls: a heating district controller for Modbus, a safety instrumented system for TriStation, a centrifuge cascade for S7comm. Nothing runs on a generic simulated tank with ten protocols bolted on.

We also introduce the Agentic Attack Emulation Framework: every protocol action is exposed as a callable tool, orchestrated by an LLM agent that reads live process state and composes attack sequences on the fly. No hardcoded playbook, you decide. This is what AI-assisted ICS attack composition looks like, and defenders need to understand it before they meet it in the wild.

The talk closes with a live demo: three centrifuges destroyed in real time while the operator HMI, deceived by an S7 rootkit, shows normal operation throughout, until it doesn't.

Sunday4 talks

10:00 – 10:30 Stage 1

Five Million Industrial Control Systems Walk Into a Bar: What IRONMAP Found When It Scanned the Whole Internet

Matt Caldwell (Tophat Security)

Read abstract

What does the global attack surface of operational technology actually look like at internet scale? We built IRONMAP, a purpose-built OT/ICS intelligence platform, to find out — and the answer is both larger and more disturbing than we expected.

Over the course of this ongoing research project, IRONMAP has catalogued over 5.5 million ICS/OT-facing assets across the public internet, with more than 2.25 million flagged as high-risk. Using deep protocol fingerprinting across all major industrial protocols — EtherNet/IP (CIP), Modbus TCP, Siemens S7, DNP3, IEC 60870-5-104, OPC-UA, BACnet/IP, Omron FINS, GE SRTP, Tridium Fox, and more — IRONMAP goes well beyond port scanning to perform authenticated protocol enumeration, live register reads, and tag harvesting using PLCDISCO, our multi-protocol OT scanner.

This talk presents a ground-level statistical portrait of the exposed OT internet: which protocols dominate, which sectors are most exposed, how vendor market share looks through the lens of deep insight and where in the world the highest concentrations of exposed critical infrastructure live (spoiler: it is not all China). We will walk through what over 242,000 EtherNet/IP devices look like when you enumerate their CIP identity objects, what ~500,000 Modbus devices expose in their holding registers, and what the live tag names of real PLCs tell you about what processes they are running.

We then turn to a specific and underappreciated issue: Automatic Tank Gauges (ATGs). IRONMAP found 149 confirmed ATG systems directly exposed to the internet, the majority of them Veeder Root TLS-350 and TLS-450 units — the dominant ATG platform at commercial fueling facilities across North America. These systems, reachable via the Guardian ASP protocol on TCP/10001, require no authentication on older firmware and respond to a simple serial-style command set with:

- Current fuel volume per tank, in gallons - Product type (Unleaded, Premium, Diesel, Jet-A, Heating Oil) - Live alarm states (high water, leak detection, low fuel, overfill) - Delivery event history and timestamps - Up to 8 tank probes per unit

The implications are significant. Exposed ATGs reveal not just that a facility has fuel storage, but how much, what kind, and when deliveries occur — operational patterns that are directly relevant to physical security and supply chain intelligence. IRONMAP discovered ATGs at locations that include commercial truck stops, bulk fuel terminals, and sites with product profiles consistent with aviation or military use. We will demonstrate a live walk-through of what an unauthenticated session reveals, discuss the responsible disclosure posture we have taken, and present mitigation guidance for asset owners.

Attendees will leave with a realistic, data-grounded view of the exposed OT landscape — not a cherry-picked set of scary screenshots, but statistically representative findings from a 5.5-million-asset dataset — plus actionable context on the ATG exposure class and how to find and fix it.

11:00 – 11:30 Stage 1

Is Your Fridge Running? Then You Better Catch It - State of Security in Refrigeration Systems

Amir Zaltzman (Claroty Team82)

Read abstract

Much of modern life depends on cooling systems, from keeping food fresh in grocery stores to storing life-saving medicine. At their core, refrigeration controllers manage the entire process, coordinating field controllers directly connected to the refrigeration components like compressors, fans etc. With tens-of-thousands of devices exposed online, used by the largest retail stores around the world, attacking these controllers could cause huge financial loss and disrupt food and medicine supply chains around the globe.

During the last year we looked at refrigeration controllers from leading vendors in the industry, disclosing more than 30 vulnerabilities. We discovered buffer-overflows, authentication bypasses and remote code execution issues. Furthermore, we discovered ways to exfiltrate sensitive information from devices, allowing attackers to leak ownership and location information and pinpoint attack specific targets.

In our talk, we will deep dive into the refrigeration ecosystem. Including hardware firmware extraction and analyzing it, emulating firmware binaries and showcasing the vulnerability chains we uncovered affecting these systems. Lastly, we will present a real-life video demo presenting an attacker hacking a controller covertly, disrupting normal operations and affecting refrigerators’ contents.

12:00 – 12:30 Stage 1

ThreatPatrol: Visualising the Modern Threat Landscape

Viral Maniar (UniSuper)

Read abstract

ThreatPatrol is a modern, open-source SaaS platform designed to operationalise cyber threat intelligence across Blue Teams, Cyber Threat Intelligence (CTI) analysts, Atomic Engineers and Purple Teams. Built natively around the MITRE ATT&CK framework and enriched with ART Atomic Red Team mappings, ThreatPatrol bridges the long-standing gap between threat intelligence, detection engineering and adversary simulation.

Unlike traditional CTI platforms that focus solely on indicators or static reporting, ThreatPatrol consolidates campaigns, adversary behaviour, atomic tests, infrastructure and detection analytics into a unified, relational data model. This enables practitioners to move beyond passive intelligence consumption toward active defense validation, threat emulation and measurable security outcomes.

The platform provides deep correlation across:

- Threat actors, campaigns and malware - ATT&CK tactics, techniques, and procedures (TTPs) - Atomic tests and adversary emulation workflows - Detection logic and security controls - Infrastructure and industry-specific threat exposure canvas - ICS & IOT systems mapping with various framework on a 3D canvas

ThreatPatrol allows teams to:

- Map real-world adversary campaigns across the ATT&CK kill chain - Emulate attacker behaviour using validated atomic tests - Identify detection blind spots via contextual GAP analysis - Visualise relationships between threats, tooling and mitigations - Improve detection engineering aligned to adversary tradecraft - Mature threat hunting with intelligence-led prioritisation - Analyse threats targeting modern technologies such as AI agents and MCP ecosystems - Extend visibility into ICS and IOT devices and industry-specific attack surfaces - Mapping of each components of ICS and IOT devices to NIST, MITRE, Australian Standards, DoD Essesstial eight framework

The platform ships with:

- 160+ curated threat actor profiles - 100+ live threat intelligence feeds - 20+ ICS and SOCI industry related Threat Canvas on 3D HoloLens - 20+ IOT Devices Component level attacks - Continuously updated campaign and TTP mappings - ATT&CK-aligned detection and mitigation coverage - Campaign visualisation and attack path analysis tools - Support for custom atomic tests and adversary simulation scripts

ThreatPatrol is designed for continuous adversary-driven security validation, enabling organisations to test, measure, and improve their resilience against realistic attack scenarios. By transforming fragmented intelligence into actionable, visual and testable insights, ThreatPatrol provides a single platform for understanding, simulating and defending against modern cyber threats.

12:30 – 13:00 Stage 1

Two NICs, Zero Trust: Pulling Apart a PAC Buried in Critical Infrastructure

Adam Bromiley (Pen Test Partners)Sam Thom

Read abstract

Imagine you get called up by a large CNI operator - "We have these devices, they're all over our outstations and they sit between our most critical OT trust zones", would you want to take a look? We did what any curious gremlins would do: we bought the hardware, built a bench, and started pulling at every thread. This talk tells the investigation as it actually happened, starting with architecture and documentation, moving through firmware analysis and protocol dissection, and ending with full pwnage at the firmware and application layers. Along the way we found a security model that felt frozen in the 2010s: weak trust boundaries, unauthenticated reconfiguration paths, and cryptographic protections as strong as wet cardboard. The point of the talk is not "bench testing is cool."; It's how to take a standard CNI concern into a hardware-led investigation that uncovers flaws a network-only pen test will miss. Attendees will leave with a practical workflow for assessing OT devices at scale, a mental model for deciding when to go from docs to firmware to hands-on testing, and a clear picture of how apparently boring PACs can become high-value footholds inside critical infrastructure. Nation-state level firmware backdoors and research artefacts will be released alongside this talk.

See you in Vegas

Come Put Hands on a Real Plant

Beyond Stage 1: the OT Wall, the OT Trainer Kit fleet, the CTF, and the Modbus Write Playground open all weekend. First-timers welcome — village volunteers are on hand to walk you through everything.