Explore the vulnerabilities in railway systems through this eye-opening conference talk from Nullcon Berlin 2024. Delve into an OSINT exercise that began as a joke and evolved into a serious investigation of cybersecurity risks in the railway industry. Discover how a low-skilled attacker might gain remote access to sensitive railway systems via the public internet, and learn about the potential consequences of such breaches. Examine the challenges of cybersecurity compliance in the industry and understand why meeting compliance standards alone may not be sufficient protection. Gain insights into the ease with which novice attackers could potentially replicate these findings, highlighting the urgent need for improved security measures in railway infrastructure.