DeepSec 2025 Talk: Breaking Into OT Environments: Exploiting Vulnerabilities to Compromise Critical Infrastructure – Avanish Pathak
In this session, we’ll delve into how attackers systematically exploit weaknesses in Operational Technology (OT) systems to compromise critical infrastructure. OT systems—including building management systems (BMS), access control systems (ACS), and surveillance networks (CCTV)—are the backbone of many critical sectors, managing everything from facility operations to security and environmental controls. Despite their importance, these systems are often neglected in cybersecurity frameworks, making them prime targets for exploitation.
We’ll explore real-world attack vectors and strategies used by adversaries to infiltrate OT environments, focusing on how they gain control over critical systems. Through a real-world example, I’ll demonstrate how I successfully gained unauthorized access by chaining faulty configurations to compromise a building management system (BMS). We’ll break down how attackers exploit common entry points, escalate privileges, and disrupt operations. Additionally, we’ll examine how adversaries move laterally across OT networks, leverage faulty configurations, and maintain persistence, evading detection to carry out long-term disruptions. Through case studies and practical demonstrations, you’ll gain insight into the methodologies malicious actors use to infiltrate and compromise entire facilities, all while staying undetected and maintaining control.
By the end of this session, you’ll walk away with actionable technical insights into how to safeguard OT environments against these evolving threats. We’ll discuss effective countermeasures, such as securing remote access, hardening OT networks, and implementing monitoring systems to detect and mitigate attacks before they can compromise critical infrastructure.
This session will equip you with the knowledge to understand how these attacks unfold, how to secure your OT infrastructure, and how to identify and address vulnerabilities that could be exploited by malicious actors.
We asked Avanish a few more questions about his talk.
Please tell us the top 5 facts about your talk.
- It highlights how attackers systematically exploit Operational Technology (OT) environments, including but not limited to Building Management Systems (BMS), Access Control Systems (ACS), CCTV/Surveillance Networks, Industrial Control Systems (ICS), SCADA systems, HVAC, energy management systems, and other critical facility controls.
- Demonstrates a real-world case study of compromising a building management system by chaining multiple faulty configurations to gain unauthorized access.
- Breaks down attacker techniques: privilege escalation, lateral movement, persistence, and evasion strategies in OT networks.
- Demonstrates how frequently disregarded OT systems can be used as gateways to disrupt facility operations, safety, and overall critical infrastructure.
- Provides actionable defensive strategies to secure OT infrastructure, including securing remote access, hardening OT networks, and implementing continuous monitoring.
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
While working as a red team security consultant, I noticed OT systems are frequently neglected in cybersecurity programs despite their importance. One engagement in particular, where I compromised a building management system, made it clear how small faulty configurations can cascade into full control over critical systems. This sparked the idea to create a talk that exposes the real risks and shares actionable insights with both technical and non-technical audiences.
Why do you think this is an important topic?
OT environments are the backbone of critical infrastructure, from energy and utilities to hospitals, manufacturing, and smart buildings. Many OT systems are outdated, wrongly configured, or isolated from standard IT security oversight, making them prime targets for attackers. Understanding how attacks unfold and learning how to protect these systems is essential to prevent operational disruptions, safety risks, and significant financial or reputational damage.
Is there something you want everybody to know – some good advice for
our readers maybe?
Never underestimate OT systems—they may seem isolated, but they are often connected to IT networks or exposed indirectly through remote access points. Regular security assessments, proper network segmentation, and continuous monitoring of these systems are critical. Remember: attackers exploit the smallest overlooked gaps.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?
As OT systems become more integrated with IT and cloud services, attack surfaces will expand significantly. Innovations in AI-driven monitoring and anomaly detection will help, but attackers will also adapt, blending into normal OT traffic. Organizations that delay investing in OT security will face increased operational and safety risks. Future defenders will need to combine automated detection with expert human analysis to stay ahead.
Avanish is a motivated individual, always up for breaking stuff ! Currently working as a Red Team Security Consultant with a focus on penetration testing and security assessments for Web, Mobile, API, OT, and Network environments. Avanish has experience leading 150+ security assessments, working with vendors from various industries such as government agencies, private organizations, healthcare, crypto, finance, retail, education, and many more to identify vulnerabilities and improve their overall security and help organizations strengthen their defenses against potential threats.
In addition to his professional work, he’s an active bug bounty hunter on platforms like Bugcrowd and Synack. He’s earned recognition in 70+ Hall of Fame lists, including those of Microsoft, Apple, Google, Zoom, Okta, Canva, Indeed, Atlassian, Dell, and many more, helping organizations strengthen their security by identifying vulnerabilities and contributing to their overall cybersecurity efforts.
Constantly learning, always hacking, he thrives on offensive security challenges and takes pride in discovering the unknown before attackers do.