Buy Tickets
 
Back to Contests
Crack the SCADA

Mission:

Your mission, should you decide to accept it, is to find a way to compromise and to shut down the SCADA: Automatic Transfer Switch of the ABC Energy Utility Company that is serving millions of customers.
As always, should you or any of your Cyber Force be caught, we will deny any knowledge of your actions.
Good Luck!

Background:

You are part of a highly skilled group of cyber adversaries with the role to disrupt the energy infrastructure of ABC Energy Utility Company — a major provider of electricity to millions of customers across the region. 

Your target is a critical piece of the Infrastructure within ABC’s Operational Technology (OT) environment: the Automatic Transfer Switch (ATS) Platform integrated into their Supervisory Control and Data Acquisition (SCADA) system. The ATS ensures that electricity is consistently and reliably transferred between power sources to keep the grid online during maintenance, faults, or power fluctuations. 

Compromising the SCADA platform and the OT ecosystem will have devastating effects on power availability. 

A successful infiltration could cause service outages, cascade failures, and significant chaos, undermining public trust in ABC Utility’s reliability, financial loss, reputational damage, and potentially a massive public safety crisis.

WHEN: November 28th 10:30  – November 29th 14:00
Goal of the Competition

Primary Objective

Gain unauthorized access to the SCADA-controlled ATS Platform and find a way to manipulate its operational state to disrupt the electricity distribution managed by ABC Utility Company. 

To win this exercise, you need to identify and exploit the vulnerabilities in the SCADA (Servers and PLC) environment that controls the ATS Platform, leading to a critical compromise in its ability to manage power transfer seamlessly.
Rules of Engagement
Scope of the Competition: The competition’s scope will be clearly defined and communicated by the organizers at the designated stand. Participants must strictly follow the outlined parameters, which may specify particular targets, systems, or applications within the simulated SCADA system. Any attempts to access systems outside the defined scope are strictly forbidden.
 
Participation and Challenge Format: The challenge is a hands-on activity that can be undertaken either individually or in teams. Teams must consist of maximum 2 players.
 
Time Limit: The competition has a strict time limit of 2 hours. Participants must adhere to the specified start and end times, and all activities must cease when the competition concludes.
 
Communication: Participants are encouraged to seek clarification from the organizers if any rules or guidelines are unclear. Misinterpretations or misunderstandings will not be considered valid excuses for rule violations.
 
Rule Enforcement and Prohibited Actions: Sabotaging other players or teams is strictly forbidden. Any violations of the rules, including offensive behavior towards other participants, will result in immediate disqualification.
 
Winner’s Write-Up Requirement: The winning participant or team must submit a detailed write-up. The report should include step-by-step instructions that are clear and reproducible. If the report lacks sufficient detail to reproduce the identified issue, the issue may not be considered valid or marked as triaged.
Victory Conditions:
The best malicious actor will be the one who achieves the following:
/Successful Compromise – Gain control over the SCADA-controlled ATS Platform and disrupt the platform’s normal operation.
/Stealth – Maintain covert access to the system, masking your actions to avoid detection by ABC Utility’s security team.
/Impact – Demonstrate the impact on the ATS system’s ability to transfer power, such as delayed response, incorrect switching, or complete shutdown.
/Report – Prepare complete and detailed report of the attack method that demonstrates your exploitation approach and compromised infrastructure (snip pictures and logs are mandatory).
/The participant with the most sophisticated, stealthy, and impactful attack will be declared the winner of the Enevo Cybersec DefCamp Cybersecurity Exercise.
Working Environment
Each team has access to the following terminals / devices:
– own laptop connected directly to the infrastructure.
More details you will find in the following PDF.

PRIZES

1st Prize: Team of 1-2 participants → 1-2 x Samsung 870 EVO Solid State Drive (SSD), 1TB, 2.5″, SATA III

2nd Prize: Team of 1-2 participants → 1-2 x Samsung 870 EVO Solid State Drive (SSD), 500GB, 2.5″, SATA III

3rd Prize: Team of 1-2 participants → 1-2 x Samsung 870 EVO Solid State Drive (SSD), 500GB, 2.5″, SATA III

REGISTRATION

TBA

registration
SPONSORED BY