Cyber Range:
Operation Par00t (Hacking a Physical Control Network)
Friday 13th April - Packet Hacking Village
CTF competitions focus on single result objectives or stand-alone technical skills and exploitation techniques. They seldom offer a chance to practice real world scenario based or business focused penetration testing, which usually incorporates consecutive security testing or a chain of successive attack vectors, in addition to a myriad of peripheral or overarching factors such as intelligence gathering, scope constraints, business logic, human psychology, safety concerns and competing technologies. This is especially true for operational technology or cyber physical networks, where hacking workshops exclusively focus on field devices or endpoint equipment (without the context of real world network environment or business context) and training laboratories or simulation environments are too expensive or just not available for practice and training.
Leveraging components from Context's in-house labs and incorporating lessons learnt from notes in the field penetration testing and red team engagements across both IT and OT networks, we would like to present an event that provides such an opportunity for the security community at BSides Canberra. It is unrealistic to expect a full-fledged penetration test or red team experience over a half day or one day event, but we hope to offer a chance for both rookies and experts to get their hands dirty with some scenario based hacking experience on a purpose built enterprise network. Not to mention- the end goal of the competition is to compromise an electronic physical control system for a remote control drone, and the first team (or individual) to control the drone gets to walk away with a real life Bebop 2 Parrot Drone!
Rules of Engagement:
Leveraging components from Context's in-house labs and incorporating lessons learnt from notes in the field penetration testing and red team engagements across both IT and OT networks, we would like to present an event that provides such an opportunity for the security community at BSides Canberra. It is unrealistic to expect a full-fledged penetration test or red team experience over a half day or one day event, but we hope to offer a chance for both rookies and experts to get their hands dirty with some scenario based hacking experience on a purpose built enterprise network. Not to mention- the end goal of the competition is to compromise an electronic physical control system for a remote control drone, and the first team (or individual) to control the drone gets to walk away with a real life Bebop 2 Parrot Drone!
Rules of Engagement:
- Teams can have maximum 4 members (including Team Leader)
- Each participant or team that takes part in the event will be provided with means to connect to the environment through OpenVPN, but own laptop is required.
- Each participant or team will then proceed to attack the systems and network part of the scenario using whatever tools or scripts they have at their disposal.
- Denial of service (DOS) attacks against the online infrastructure or other participants is strictly prohibited and will lead to immediate disqualification of the team.
- Disruptive or offensive actions towards any of the other participants will not be tolerated and will result in the disqualification of the participant (and team if member of a team).
