SEC536: Adversarial AI - Penetration Testing AI Systems


Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsWe built command-and-control over DNP3. Then we realized we'd solved the wrong problem. Getting a C2 implant on an IED sounds impressive until you remember that this isn't IT and protective relays and RTACs aren't Windows boxes. Traditional C2 framework capabilities—credential harvesting, lateral movement, persistence mechanisms—don't translate to embedded systems running DNP3 stacks. Worse, DNP3 traffic rarely egresses OT network boundaries, so that beacon has nowhere to call home. Our C2-over-DNP3 proof-of-concept worked technically but failed operationally. The real value isn't deploying implants, it is gaining interactive access to IEDs that firewalls protect from everything except DNP3. This insight led us to Virtual Terminal Objects. DNP3 Groups 112/113, specified in IEEE 1815-2012, were designed for text-based operator interaction with field devices. We added support for these objects to an open-source DNP3 library, then repurposed them as a transport layer for SSH. The result: authenticated, encrypted remote administration of RTUs through firewalls that only permit DNP3—using nothing but built-in functionality of standards-compliant protocol traffic. Consider a common scenario: an RTU supports SSH for local administration, but network segmentation blocks direct access from the control center or anywhere that's not in the local substation LAN. DNP3 is allowed because it's required for operations. Our tunnel rides that permitted path, establishing an SSH session to the IED as if the operator were locally adjacent. No firewall changes. No anomalous protocols. Just legitimate DNP3 carrying legitimate SSH through a feature most defenders have never heard of. Most crucially, our tunnel exposes the entire IED administrative suite, not just DNP3 functions like Direct Operate. We validated this technique against SEL RTAC platforms, where SSH is a documented feature for engineering access. However, the methodology applies to any IED supporting remote administration services behind DNP3-only firewall rules. What this talk delivers: - Why C2-over-DNP3 fails: Lessons from our initial approach and what they reveal about realistic adversary objectives in OT environments. Traditional IT attack patterns don't map cleanly to OT. - The SSH tunnel implementation: Technical walkthrough of our architecture—framing protocol design, fragmentation handling, flow control over DNP3's poll-based model, and integration with open-source DNP3 libraries. We'll cover what worked, what didn't, and why. - Live demonstration: Watch an SSH session traverse a firewall via DNP3 Virtual Terminal Objects, providing full interactive access to an RTAC. - Behavioral detection strategies: Signature-based tools won't catch valid protocol traffic. We'll share detection approaches based on anomalous VT traffic patterns, data entropy, session characteristics, and baseline deviations, such as sustained bidirectional flows to devices that typically only receive polls, or VT object updates with high data entropy occurring outside operator shift hours. This research maps to several MITRE ATT&CK for ICS tactics (T0869, T0885, T0886), demonstrating how adversaries can abuse built-in protocol features to bypass network controls. As OT monitoring matures, we must anticipate that attackers will increasingly leverage protocol-native techniques to evade signature detection or bypass robust defensible architecture paradigms.


Tyler Webb, Dragos Principal Penetration Tester and ICS613 co-author, teaches real-world OT penetration testing, giving students adversary and operational insight to strengthen assessments and turn findings into lasting security improvements.
Read more about Tyler Webb





