Programmable Logic Controllers (PLCs) are devices that factories, office buildings, and utilities, among other facilities, use to control the processes running in their environment. These devices were designed to do their job and do it well, however they were not built to protect against malicious actors. This talk walks through some of the vulnerabilities discovered while investigating a well known PLC, discussing some of the methodologies used in discovery and showing how stringing together a few seemingly minor vulnerabilities can result in device takeover.