Arnaud Soullie - Hack the Connected Plant! - DCTLV2025
Name of Training: Hack the connected plant!
Trainer(s): Arnaud Soullié
Dates: August 11-12, 2025
Time: 8:00 am to 5:00 pm PT
Venue: Las Vegas Convention Center
Cost: $2100
Course Description:
Tired of legacy ICS systems? Attend this training to hack the next generation of Industrial Control Systems! No more Modbus, no more standard PLC, no more Purdue model!
This training is designed to show what the future might look like for Industrial Control Systems, and how it will impact cybersecurity.
We’ll bring a realistic ICS setup that features all the fancy current and future trends: SD-WAN and Zero Trust, OPC-UA, MQTT, Edge device and soft-PLCs to control a small-scale industrial process simulation.
The first day will be dedicated to introducing the new cybersecurity challenges faced by modern Industrial Control Systems, and doing hands-on exercises on AWS pentesting, soft-PLC exploitation
On the second day we’ll reflect on the updated threat models and then we’ll spend the full day working on a realistic Capture-the-Flag exercise, where we’ll have to go from 0 to impacting a small industrial setup. The CTF will be guided, with answers given on a regular basis, so that all attendees can capture all the flags. We’ll end this exciting day with the takeaways of the exercise, and what could be done to prevent & detect the attacks we performed.
Course Outline:
DAY 1
-
Introduction to Industrial Control Systems
- A little bit of history
- Components
- Main weaknesses
- Wavestone’s ICS cybersecurity benchmark
- Architecture models for modern ICS
- New network solutions: SD-WAN, Zero-Trust Network Access…
- Interfacing legacy and modern ICS
- Cloud computing
-
Legacy & modern ICS protocols (Modbus/tcp, MQTT, OPC-UA)
- Presentation of common ICS protocols and their characteristics
- Exercises analyzing network captures
- Using clients to assess the features and security of modern protocols
-
Soft and hybrid PLCs, Edge devices
- Analyzing the differences between standard and hybrid / soft PLCs
- New attacks
- New defense capabilities
-
Cloud security & AWS pentesting
- Cloud security model
- AWS-specifics
- Hands-on exercises to get initial access and perform privilege escalation on AWS
DAY 2
-
Updated threat models for modern ICS
- Putting everything we learned on day 1 together to create an updated threat model, that will serve as a blueprint for the capture the flag
-
Capture the Flag!
- Almost day-long exercise to go from 0 to impacting a small industrial setup
- Exercice will be guided, answers shared on a regular basis so that everyone can get all the flags
- We’ll use a CTFd server to make things a little more exciting!
Difficulty Level:
This beginner-intermediate training is accessible to anyone familiar with cybersecurity basics, TCP/IP and usage of the command line. An experience in Industrial Control Systems is a plus but not a prerequisite.
Suggested Prerequisites:
There are no hard prerequisites for this class.
What Students Should Bring:
Students need to bring a laptop with a web browser and a SSH client.
Trainer(s) Bio:
Arnaud Soullié is a Senior Manager at Wavestone, a global consulting company. For 15 years, he has been performing security assessments and pentests on all types of targets. He started specializing in ICS cybersecurity 10 years ago. He has spoken at numerous security conferences on ICS topics, including: BlackHat Europe, BruCon, 4SICS, BSides Las Vegas, and DEFCON. He is also the creator of the DYODE project, an open source data diode aimed at ICS. He has taught ICS cybersecurity trainings since 2015.
Registration Terms and Conditions:
Trainings are refundable before July 8, 2025, minus a non-refundable processing fee of $250.
Trainings are non-refundable after July 8, 2025.
Training tickets may be transferred. Please email us at training@defcon.org for specifics.
If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).
Failure to attend the training without prior written notification, will be considered a no-show. No refund will be given.
By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.
Several breaks will be included throughout the day. Please note that food is not included.
All courses come with a certificate of completion, contingent upon attendance at all course sessions.
Training Justification Request – DEF CON Training
To: [Manager Name]
From: [Employee Name]
Date: [Date]
Subject: Business Justification for Attendance at DEF CON Training
Dear [manager’s name],
I am requesting approval to attend DEF CON Training, one of the cybersecurity industry's most recognized technical training programs. I’ve reviewed the options and selected a course to expand my skills with [1-2 key skills focus areas for the course].
DEF CON has been one of the world’s leading cybersecurity communities for more than three decades, known for convening industry, government, and independent experts to exchange advanced knowledge and practical skills. Building on this tradition, DEF CON Training delivers intensive courses taught by recognized global instructors. DEF CON Training courses offer hands-on instruction in a challenging, fast-paced environment. Many of the courses offered by DEF CON Training align with the National Institute of Standards and Technology (NIST) NICE Framework and Department of Defense Cyber Workforce Framework (DCWF), and attending this course will help me build and sharpen the skills required for my role.
Training: [Name of DEF CON Training Course]
Instructor/Provider: [Trainer Name(s)]
Dates: [Training Dates]
Location: Las Vegas, NV
Cost: [Course Fee]
Travel Expenses: [estimated travel & accommodations costs]
Course Description: [Copy short description of the selected class from the website here]
Trainer Bio: [Copy bio of the trainers of the selected class from the website here]
Once I’ve completed the course, I’ll be able to:
[copy student outcomes from course page where available or choose 3-4 skills or topic areas from the outline that are applicable to your current role, will help you fill a skill gap, etc.]
Business Need
As cyber threats continue to evolve, it is critical that our organization maintains current knowledge of emerging techniques and industry best practices. The selected DEF CON training aligns directly with my responsibilities in [your role/field here - for example, security operations, incident response, threat detection and hunting, application security, cloud security, risk management, security engineering].
The course will provide practical, hands-on experience that can be immediately applied to our environment and security initiatives. DEF CON training emphasizes real-world attack and defense scenarios, enabling participants to develop skills that extend beyond traditional classroom learning.
Request for Approval
I respectfully request approval and funding to attend DEF CON Training this August in Las Vegas. The knowledge, hands-on experience, and industry insights gained will directly support our cybersecurity objectives and contribute to strengthening our organization's security capabilities.
Thank you for your consideration. Please let me know if you have questions or need additional information to support this request.
Sincerely,
[Employee name]