About Session
Technical Level: Beginner/Intermediate
Performing a security assessment (aka. penetration testing) on Operational Technology (OT) systems presents a unique set of challenges – especially when the target is a one-of-a-kind prototype. In this session, we’ll explore how to conduct effective, non-destructive security assessments on fragile or irreplaceable OT devices on loan.
Using a real-world case study (under NDA), we’ll demonstrate how our team approached third-party validation on a highly sensitive device. With destructive testing off the table, we leveraged virtualization techniques to create a safe and flexible testing environment. This enabled us to exploit the device, in a live configuration—without risking hardware failure.
We’ll walk through the OT pen testing methodology, highlight key differences from IT security testing, and discuss how to manage risk, scope, and tooling in these constrained environments.
The session will conclude with a live demonstration on a Moxa Ethernet-to-Serial device, showcasing practical techniques for safe and efficient vulnerability research in the OT space.
The delegates would gain a new insight combined with a practical demonstration of why some previous restraints may be overcome by using this approach.
