A live demo often leads to a presentation disaster, but this was not enough of a challenge of Eireann. He decided to run a Red Team / Blue Team exercise live on the S4 stage.


The target was a Siemens SCALANCE switch with a known vulnerability. The Red Team had exploit code and had practiced with the exploit prior to going on stage. The Blue Team had a patch and the ICS security bulletins from ICS-CERT and the Siemens CERT.

Beyond the Red / Blue exercise, Eireann goes over the CERT bulletins and how that information might be more helpful.

The result of the Red/Blue may surprise you.