Pwn to Drone
Start: Friday 10.00am
End: Saturday 3.00pm
Location: Ballroom, 1st Floor
Leveraging components from Context's in-house labs and incorporating lessons learnt from notes in the field penetration testing and red team engagements across both IT and OT networks, we would like to present an event that provides such an opportunity for the security community at BSides Canberra. It is unrealistic to expect a full-fledged penetration testing or red team experience over a half day or one day event, but we hope to offer a chance for both rookies and experts to get their hands dirty with some scenario based hacking experience on a purpose built enterprise network.
Due to operational demands, testing will be undertaken over the ‘weekend’, so staff might not be around to answer emails.
End: Saturday 3.00pm
Location: Ballroom, 1st Floor
Description
CTF competitions focus on single result objectives or stand-alone technical skills and exploitation techniques. They rarely offer a chance to practice real world scenario based or business focused penetration testing, which usually incorporates consecutive security testing or a chain of successive attack vectors, in addition to a myriad of peripheral or overarching factors such as intelligence gathering, scope constraints, business logic, human psychology, safety concerns and competing technologies. This is especially true for operational technology or cyber physical networks, where hacking workshops exclusively focus on field devices or endpoint equipment (without the context of real world network environment or business context) and training laboratories or simulation environments are too expensive or just not available for practice and training.Leveraging components from Context's in-house labs and incorporating lessons learnt from notes in the field penetration testing and red team engagements across both IT and OT networks, we would like to present an event that provides such an opportunity for the security community at BSides Canberra. It is unrealistic to expect a full-fledged penetration testing or red team experience over a half day or one day event, but we hope to offer a chance for both rookies and experts to get their hands dirty with some scenario based hacking experience on a purpose built enterprise network.
Scenario
You have been hired to test the network of Carbon Free Electricity. Carbon Free Electricity is an Electricity Company that provides small scale power balancing and distribution on a local scale. Before activating and connecting their other substations they would like you to red team their network and see what systems on the network you are able to compromise and what actions you are able to undertake.Due to operational demands, testing will be undertaken over the ‘weekend’, so staff might not be around to answer emails.
Rules of Engagement
- Teams may have maximum 4 members (including Team Leader). However, only a single prize is given to teams.
- Each participant or team that takes part in the event will be provided with means to connect to the environment through OpenVPN, but own laptop is required.
- Each participant or team will then proceed to attack the systems and network part of the scenario using whatever tools or scripts they have at their disposal.
- Denial of service (DOS) attacks against the online infrastructure or other participants is strictly prohibited and will lead to immediate disqualification of the team.
- Disruptive or offensive actions towards any of the other participants will not be tolerated and will result in the disqualification of the participant (and team if member of a team).