This is a video recording of my talk for NetworkRail when I was working for PA Consulting Group. The presentation was about possible vulnerabilities in a train traffic management system (ICS and SCADA) and a demonstration of exploitation by hackers (simulated attack). The attack features SQL injection, weak credentials, client-side HMI GUI manipulation and more. The "train management system" featured in this video was initially designed by me as one of the challenges for the Certified Security Testing Professional (CAST) training course.