A Percival Engineering CTF Event

JUNE 7-8, 2023

winner medals badges and trophy set 38

Visionist's Unrefined Hackers

Team 7


Congratulations Text

compete. hack. secure. learn.


Critical infrastructure systems are increasingly becoming targets for cyber attacks, and it's up to us to protect them! This CTF is designed to help raise awareness about the importance of protecting critical infrastructure from cyber threats while also supporting the development of skills and knowledge in the cybersecurity community.

A Capture the Flag (CTF) competition is where teams must solve a series of challenges to obtain flags for points. In Fuel Frenzy, teams will be tasked with various fuel-related challenges: securing fuel supplies, interrupting fuel transportation, protecting fuel-related assets, and disrupting fuel critical infrastructure.

Irregular dotted line

Fuel Frenzy is a FREE event open to Government, Industry, and Academia

Must be a U.S. Citizen to Participate

Colorful Comic Panel. Comic Frame with Halftone Backdrop
White Rectangle Illustration


JUNE 7th


Virtual Only

Colorful Comic Panel. Comic Frame with Halftone Backdrop
White Rectangle Illustration


JUNE 8th


In-Person (Percival)

& Virtual

Registration is Now Closed

Please review FAQ prior to registering & check back here regularly for updated information!

Day one: Pre-CTF Training

WED | JUN 7 | 9:00AM - 4:30PM | VIRTUAL ONLY

Online pre-event training focusing on tactics, techniques, and tools relevant to the CTF.

Link to live stream: https://www.youtube.com/watch?v=xI-NzPQ0zQM







Welcome to Fuel Frenzy!



ICS/SCADA Systems 101

Intro to ICS/SCADA

Mr. Henry Budris



ICS/SCADA Enumeration


Ms. Kayla Hoffman (Percival)


BACnet: Building Automation & Control Networks Protocol

BACnet Usage & Capabilities

Mr. Connor Bluestein (Percival)




Network Packet Captures (PCAPs)

Using Wireshark (Network Analyzer/Packet Capture Tool) to Analyze ICS/SCADA Traffic

Mr. Nicholas Jackson (Parsons)


Password Cracking Tools

Using John the Ripper or Hashcat to Break Encryption Using Wordlists

Mr. Vince Wolterman (Clear Ridge Defense)


Siemens S7 Network Protocol

Communication, Analysis, & Interfacing

Mr. Ian Swasing



Reverse Engineering Tools


Mr. Mike J. Bell



Programmable Logic Controllers (PLC)

Reverse Engineering PLC Programming Ladder Logic

Ms. Kayla Hoffman (Percival)



Closing Remarks


**agenda subject to change


Mr. Henry Budris, Percival Engineering: Mr. Budris joined Percival full-time in 2022 where he works on the team developing emulators for embedded devices. He works closely with various hardware components and reverse engineers their capabilities in an effort to emulate their functions in QEMU. Mr. Budris thoroughly enjoys sharing his cybersecurity knowledge through tech talks, helping teach classes at UMBC, and contributing to CTF events. He earned his B.S. in Computer Science and is pursuing a Masters Degree in Computer Science from University of Maryland Baltimore County.

Ms. Kayla Hoffman, Percival Engineering: Ms. Hoffman joined Percival in 2018 where she works hands-on with various ICS/SCADA systems. Her knowledge and expertise includes reverse engineering, network protocol analysis, and vulnerability research. She earned her B.S. in Computer Engineering from University of Maryland Baltimore County.

Mr. Connor Bluestein, Percival Engineering: Mr. Bluestein is currently interning at Percival while pursuing his undergraduate degree at Virginia Tech. He is a junior majoring in Computational Modeling and Data Analytics with a specialization in Cybersecurity and Cryptography. At Virginia Tech, Mr. Bluestein holds the position of Vice President in the Cybersecurity Club and serves as the Executive Officer for the Virginia Tech Corps of Cadets Cyber Team. He has actively participated in numerous CTF competitions and other challenges, honing his skills in areas such as forensics, data analysis, cryptography, and penetration testing.

Mr. Nicholas Jackson, Parsons: Mr. Jackson is a VP at Parsons, a Parsons Fellow, and has more than 19 years of experience supporting cyber operations, engineering, and development for the U.S. Department of Defense and Intelligence Community. Mr. Jackson has regularly shared his cyber thaumaturgy skills and expertise over the years via tech talks, large-scale interactive training sessions, and Capture the Flag events and trainings.

Mr. Vince Wolterman, Clear Ridge Defense: Mr. Wolterman leads both internal and external cybersecurity efforts for Clear Ridge Defense. He is a retired Army Chief Warrant Officer who brings technical and tactical expertise to bear for both our company and our clients. Mr. Wolterman has authored and disclosed multiple ‘0-day’ vulnerabilities and has participated in U.S. Government bug bounty programs. He earned his bachelor’s degree as a 2010 graduate of American Military University’s Homeland Security program, and holds a Master of Science, Cybersecurity and Information Assurance through Western Governors University. Formally trained and certified by the DoD Cyber Crime Center’s Cyber Training Academy, he also possesses over 20 additional technical certifications related to cybersecurity: most notably the Offensive Security Certified Expert (OSCE) certification. Mr. Wolterman understands a variety of adversarial decision-making processes due to his time with the 780th Military Intelligence Brigade and time spent overseas in support of U.S. operations in Iraq and Afghanistan. He brings this knowledge to bear when both leading Clear Ridge Defense’s Red Team on engagements and Clear Ridge Defense’s Blue Team in incident response.

Mr. Ian Swasing, Percival Engineering: Mr. Swasing joined the Percival team in 2020, after graduating with a Bachelor of Science in Electrical Engineering from Pennsylvania State University. With a passion for solving technical problems, Ian spends a lot of his time utilizing his experience in software development and network protocol analysis.

Mr. Mike J. Bell, BlueHalo: Mr. Bell has worked in the intelligence community for 23 years on a wide variety of projects and domains, and currently serves as an engineer at BlueHalo. He spent eight years helping to develop Ghidra, NSA’s Software Reverse Engineering (SRE) tool, and played a key role training analysts of all levels how to use Ghidra across the agency. Over the course of his time on Ghidra, Mr. Bell was involved in the design of many of its features, including the Function Graph, Version Tracking, Function ID and the Java Sleigh Compiler, as well as maintaining such processor models as x86, ARM, MIPS, 680x0 and PowerPC. Outside work, he enjoys spending time with his wife and two sons.

Day Two: Fuel FrenZY CTF

THU | JUN 8 | 9:00AM - 5:00PM | VIRTUAL & IN-PERSON

CTF Participant Platform Link: https://cyberskyline.com/events/fuel-frenzy

Teams are not auto-populated in the Cyberskyline CTF Platform. When you join the event, a team code will be generated for you. Use one team members code as the primary team code and have everyone else on the team transfer to the team using the team primary code.

For additional help, visit Cyberskyline at: https://docs.cyberskyline.com/team-management/manage-team-members

In-person participants please arrive between 8:00am to 8:30am to ensure you have enough time to sign-in and set-up




& Set-Up for In-Person Participants @ Percival

Lite breakfast will be served for in-person participants




CTF Phase One


Working Lunch

Lunch will be served for in-person participants


CTF Phase Two


Break & Wrap-Up




Post-CTF Social

All participants (in-person & virtual), sponsors, and trainers invited to attend

Hors d’oeuvres and cocktails will be served

Speech Bubbles Phone Communication Organic Drawn   Style

CTF Communications & Virtual Participants

Discord will be used for all communications and virtual participation

Fuel Frenzy Discord Server: https://discord.gg/Ry45SMK9dx

Visit FAQ for more information on Discord

In-Person Participants

Percival Engineering

6220 Old Dobbin Lane, Suite 100, Columbia, MD 21045

fuel frenzy sponsors



  • Who can register?
    • Government, Industry, & Academia
    • Must be a U.S. Citizen
  • Can I register as an individual or a team?
    • Individual - you will be placed on team based on level of experience
    • Teams - each individual on a team must register and input team name in registration form
  • What are the team sizes?
    • Three - Five per team
  • Who can I contact with questions?
  • What tools/programs are needed before the event?
    • All you need is a modern web browser and access to the internet
    • If attending in-person, bring your own laptop able to connect to Wi-Fi
  • Do I need any prior knowledge/experience to compete?
    • No. However, it is recommended to have a basic understanding of networking and Linux fundamentals
  • Do I have to attend both the pre-event training and the CTF?
    • No. You can attend either or both
  • What is the cost to participate in Fuel Frenzy?
    • There is no cost to attend the training or participate in the CTF
  • Can I receive Continuing Education (CE) Credits for attending the training and/or participating in the CTF?
    • Yes, how many credits you can receive will be dependent on the specific requirements of your certification
      • Send an email to percivalctf@percivaleng.com letting us know that you would like to earn CE credits
      • Upon completion we will provide you with proof of attendance (likely in the form of Fuel Frenzy Certificate of Completion) that you will need to submit to earn the credits towards your respective certification
  • What are the defined Levels of Expertise for the CTF?
    • Basic
      • Fundamental understanding of cybersecurity concepts and basic tools
      • Perform basic network scanning, identify common vulnerabilities and exploits, and perform basic web application attacks
      • Some experience with Linux command-line tools and basic scripting
    • Intermediate
      • Deeper understanding of cybersecurity concepts and familiar with more advanced tools and techniques
      • Perform more advanced network scanning, identify more complex vulnerabilities and exploits, and perform more sophisticated web application attacks
      • Experience with scripting languages such as Python, and able to write simple exploits or tools to automate tasks
    • Advanced
      • High level of expertise in cybersecurity, and perform advanced penetration testing and exploit development
      • Identify and exploit zero-day vulnerabilities, perform advanced web application attacks, and be familiar with advanced evasion techniques
      • Experience with reverse engineering and malware analysis
    • Expert
      • Deep understanding of cybersecurity and performing complex attacks and defending against them
      • Perform advanced reconnaissance, develop custom exploits and payloads, and familiar with advanced post-exploitation techniques
      • Experience with red teaming and simulate sophisticated attacks against critical infrastructure
  • What platform will be used for communications and virtual participation for the CTF?
    • Discord will be used for virtual communications and participation
      • We recommend all participants, either in-person or virtual, join our Discord server (https://discord.gg/Ry45SMK9dx)
      • Announcements will be made here, and competition support will be available in chat for Q&A
      • Private, virtual rooms will also be created for each team to collaborate and store notes
      • Joining the Discord server is optional, we highly recommend joining, especially if you do not already have a team
  • How do I join the Discord server and/or create a Discord account if I don't already have one?
    • If you do not already have a Discord account please create one here: https://discord.com/. Then, follow the directions below to submit your username (optional) on the registration form
      • You can copy your full username (name and discriminator) by following these steps:
        • Click on your profile in the bottom left corner of your screen
        • Click on the copy icon to the right of your username in the popup. The copy icon will appear when you hover over your username. It should be similar to "username#discriminator" (ie: "discord_user#1458")
        • Submit your full username ("username#discriminator") in this field
  • How do I learn more about Percival Engineering?
  • If I am unable to attend after I have registered how do I cancel my registration?


Fuel Frenzy Event Location

Percival Engineering

6220 Old Dobbin Lane, Suite 100

Columbia, MD 21045

Park Outside Building Main Entrance

Suite 100 is 2nd Door on Left


While we are not partnered with any specific hotels for this event we can provide some recommendations based on proximity to event location:

Extended Stay America - Columbia Gateway Drive

Extended Stay America - Columbia Corporate Park

Sonesta - Columbia/Baltimore

Homewood Suites - Columbia


Airports & Travel Time to Columbia, MD

  • BWI - approx. 20 mins (this is the way to go)
  • Dulles (IAD) - 50 min if you are lucky, maybe 1 hr 10 min on a good day, plan for ~2 hrs because there is always traffic
  • Ronald Reagan (DCA) - same as IAD