Date: September 26, 2025 (GMT +8)

Time: 13:00

Industrial Control Systems (ICS) remain a high-value target for attackers due to legacy protocols like Modbus, which lack fundamental security features. This paper presents MATRIX (Modbus Attack Tool for Remote Industrial eXploitation), a custom-built offensive security tool designed to simulate and demonstrate real-world Modbus-based cyberattacks in critical infrastructure environments.

MATRIX enables in-depth adversarial testing with capabilities including unauthorized read operations, coil and register manipulation, passive sniffing, replay attacks, denial-of-service, and malicious slave response injection. Each module is crafted to illustrate the operational impact of successful exploitation, bridging the gap between theoretical vulnerabilities and their practical consequences.

Complementing the attack simulations is an OSINT-driven reconnaissance effort that includes Shodan-based global heatmaps of Modbus server exposure, detection of a real Modbus system, and identification of ICS honeypots in the wild. These findings align with insights from my prior IEEE peer-reviewed publication, which ranked Modbus among the most frequently targeted ICS protocols based on honeypot and darknet data analysis.

The presentation will offer live demonstrations of attacks against simulated industrial setups, highlighting how simple protocol-level exploits can cause device manipulation or downtime in operational environments. By combining academic rigor with practical execution, this work aims to raise awareness of Modbus protocol weaknesses and provide defenders with a deeper understanding of the risks and countermeasures associated with insecure ICS deployments.

Speaker

Karl Biron
Karl Biron is a Security Researcher in the SpiderLabs Database Security team at Trustwave, bringing nine years of hands-on technical experience across the cybersecurity landscape. He holds multiple industry-recognized certifications and has built a global perspective through his work in Singapore, the United Arab Emirates, and the Philippines. Karl is the lead author of two IEEE peer-reviewed publications covering diverse topics such as cybersecurity and data science. He is also an experienced IEEE speaker, having delivered technical presentations that bridge research and practical application.

Over the past year, Karl has authored multiple in-depth technical blogs for Trustwave SpiderLabs, each providing detailed, hands-on walkthroughs that are accessible and actionable for practitioners and researchers alike. These blogs span a wide range of topics, including exploitable vulnerabilities (e.g., MariaDB RCE CVE), anonymous data corruption campaigns (e.g., Meow Attack), ransomware threats (e.g., Xbash Malware), offensive security tool evaluations (e.g., OracleDB vs ODAT), security feature simulations (e.g., Elasticsearch X-Pack Security Plugin), and Modbus attack simulations using his in-house-built CLI tool (Using M.A.T.R.I.X to Learn About Modbus Vulnerabilities).

« Back