This war story session will share the techniques our penetration testing team has used in the last year to hack into SCADA systems. The client names have been changed, but the stories are real. The talk will conclude with revealing three principles that we share with all of our clients that would prevent the majority of our attacks.