Pwn to Drone

Start: Friday 10.00am
End: Saturday 3.00pm
Location: Ballroom, 1st Floor


CTF competitions focus on single result objectives or stand-alone technical skills and exploitation techniques. They rarely offer a chance to practice real world scenario based or business focused penetration testing, which usually incorporates consecutive security testing or a chain of successive attack vectors, in addition to a myriad of peripheral or overarching factors such as intelligence gathering, scope constraints, business logic, human psychology, safety concerns and competing technologies. This is especially true for operational technology or cyber physical networks, where hacking workshops exclusively focus on field devices or endpoint equipment (without the context of real world network environment or business context) and training laboratories or simulation environments are too expensive or just not available for practice and training.

Leveraging components from Context's in-house labs and incorporating lessons learnt from notes in the field penetration testing and red team engagements across both IT and OT networks, we would like to present an event that provides such an opportunity for the security community at BSides Canberra. It is unrealistic to expect a full-fledged penetration testing or red team experience over a half day or one day event, but we hope to offer a chance for both rookies and experts to get their hands dirty with some scenario based hacking experience on a purpose built enterprise network.


You have been hired to test the network of Carbon Free Electricity. Carbon Free Electricity is an Electricity Company that provides small scale power balancing and distribution on a local scale. Before activating and connecting their other substations they would like you to red team their network and see what systems on the network you are able to compromise and what actions you are able to undertake.

Due to operational demands, testing will be undertaken over the ‘weekend’, so staff might not be around to answer emails.

Rules of Engagement

  • Teams may have maximum 4 members (including Team Leader). However, only a single prize is given to teams.
  • Each participant or team that takes part in the event will be provided with means to connect to the environment through OpenVPN, but own laptop is required.
  • Each participant or team will then proceed to attack the systems and network part of the scenario using whatever tools or scripts they have at their disposal.
  • Denial of service (DOS) attacks against the online infrastructure or other participants is strictly prohibited and will lead to immediate disqualification of the team.
  • Disruptive or offensive actions towards any of the other participants will not be tolerated and will result in the disqualification of the participant (and team if member of a team).


Connor Scott
Connor is a Senior Consultant at Context Information Security with 9+ years of experience in the security industry. He enjoys hacking things and cutting code. Connor specialises in vulnerability research, software development, reverse -engineering and software exploitation. He spends most of his work time leading Red Teams, Infrastructure testing and Code/Application Reviews. He spends much of his own time hacking out of date software and hardware no one uses or cares about anymore. He finally campaigned successfully to name this event Pwn to Drone.
Matt Dunwoodie
Matt is a Consultant at Context Information Security. He enjoys breaking software and crushing up the pieces. Matt specialises in systems programming, reverse engineering and the odd bit of hardware hacking. Most of Matt's time is spent attacking web applications, mobile applications and hypothetically stolen devices. When he's not sitting in front of a computer, Matt enjoys spending his time in the great outdoors.
Gerard Kelso
Kelso is an IT Consultant at Context Information Security and has had over 16 years of experience working in and around systems and servers spanning most of Australia. In particular he's worked in development, automation and maintaining many different network for a variety of needs. Ranging from Schools and family restaurants to international Engineering Companies and various Managed Server Providers. He's now starting to look into the IT security realm and is avidly studying and learning everything he can get his hands on.