Crossing the Line: Advanced Techniques to Breach the OT DMZ
Christopher Nourrie
DEF CON 33 · Day 1 · Main Stage
This talk, presented by Christopher Nourrie at DEF CON, delves into advanced penetration testing techniques specifically designed to breach the **Operational Technology (OT) Demilitarized Zone (DMZ)** from a compromised enterprise IT network. Nourrie, an experienced OT pentester, outlines a series of methods that attackers can leverage, even when faced with seemingly robust security controls like multifactor authentication (MFA). The core objective is to demonstrate how initial access within the IT domain can be escalated to gain control over critical OT systems, often by exploiting common misconfigurations and human factors in remote access architectures.
AI review
Competent OT pentest tradecraft talk covering the IT-to-OT pivot problem with solid practitioner credibility and clear defensive takeaways. Nothing here is novel for anyone who's done this work, but the systematic treatment of bypass techniques against RDP-centric remote access architectures is well-organized and grounded in real engagements.