SYSRUPT
Abstract
Sysrupt is the next-generation evolution of CompatrIoT, presented at Black Hat Asia 2025 Arsenal Training. Where CompatrIoT focused on IoT and embedded hardware exploitation, Sysrupt extends into the world of Operational Technology by combining PLC firmware, OT protocols, and hardware attack surfaces into a portable, self-contained cyber-physical training platform.
All devices are connected through an onboard managed Ethernet switch that keeps the Pi, PLC, ESP32, and participant laptop in the same network segment. This setup enables participants to observe and manipulate live OT protocol traffic, capture data, and analyze how attacks influence both network behavior and physical outputs. Sysrupt also includes a secure hardware-based signing process for proof-of-exploit tokens, ensuring verifiable scoring and safe reuse in CTFs and research labs. It turns OT and hardware security from a theoretical topic into a tangible, hands-on experience that fits in a backpack.