Critical infrastructure systems are increasingly becoming targets for cyber attacks, and it's up to us to protect them! This CTF is designed to help raise awareness about the importance of protecting critical infrastructure from cyber threats while also supporting the development of skills and knowledge in the cybersecurity community.
A Capture the Flag (CTF) competition is where teams must solve a series of challenges to obtain flags for points. In Fuel Frenzy, teams will be tasked with various fuel-related challenges: securing fuel supplies, interrupting fuel transportation, protecting fuel-related assets, and disrupting fuel critical infrastructure.
Fuel Frenzy is a FREE event open to Government, Industry, and Academia
BACnet: Building Automation & Control Networks Protocol
BACnet Usage & Capabilities
Mr. Connor Bluestein (Percival)
Network Packet Captures (PCAPs)
Using Wireshark (Network Analyzer/Packet Capture Tool) to Analyze ICS/SCADA Traffic
Mr. Nicholas Jackson (Parsons)
Password Cracking Tools
Using John the Ripper or Hashcat to Break Encryption Using Wordlists
Mr. Vince Wolterman (Clear Ridge Defense)
Siemens S7 Network Protocol
Communication, Analysis, & Interfacing
Mr. Ian Swasing
Reverse Engineering Tools
Mr. Mike J. Bell
Programmable Logic Controllers (PLC)
Reverse Engineering PLC Programming Ladder Logic
Ms. Kayla Hoffman (Percival)
**agenda subject to change
MEET THE TRAINERS
Mr. Henry Budris, Percival Engineering: Mr. Budris joined Percival full-time in 2022 where he works on the team developing emulators for embedded devices. He works closely with various hardware components and reverse engineers their capabilities in an effort to emulate their functions in QEMU. Mr. Budris thoroughly enjoys sharing his cybersecurity knowledge through tech talks, helping teach classes at UMBC, and contributing to CTF events. He earned his B.S. in Computer Science and is pursuing a Masters Degree in Computer Science from University of Maryland Baltimore County.
Ms. Kayla Hoffman, Percival Engineering: Ms. Hoffman joined Percival in 2018 where she works hands-on with various ICS/SCADA systems. Her knowledge and expertise includes reverse engineering, network protocol analysis, and vulnerability research. She earned her B.S. in Computer Engineering from University of Maryland Baltimore County.
Mr. Connor Bluestein, Percival Engineering: Mr. Bluestein is currently interning at Percival while pursuing his undergraduate degree at Virginia Tech. He is a junior majoring in Computational Modeling and Data Analytics with a specialization in Cybersecurity and Cryptography. At Virginia Tech, Mr. Bluestein holds the position of Vice President in the Cybersecurity Club and serves as the Executive Officer for the Virginia Tech Corps of Cadets Cyber Team. He has actively participated in numerous CTF competitions and other challenges, honing his skills in areas such as forensics, data analysis, cryptography, and penetration testing.
Mr. Nicholas Jackson, Parsons: Mr. Jackson is a VP at Parsons, a Parsons Fellow, and has more than 19 years of experience supporting cyber operations, engineering, and development for the U.S. Department of Defense and Intelligence Community. Mr. Jackson has regularly shared his cyber thaumaturgy skills and expertise over the years via tech talks, large-scale interactive training sessions, and Capture the Flag events and trainings.
Mr. Vince Wolterman, Clear Ridge Defense: Mr. Wolterman leads both internal and external cybersecurity efforts for Clear Ridge Defense. He is a retired Army Chief Warrant Officer who brings technical and tactical expertise to bear for both our company and our clients. Mr. Wolterman has authored and disclosed multiple ‘0-day’ vulnerabilities and has participated in U.S. Government bug bounty programs. He earned his bachelor’s degree as a 2010 graduate of American Military University’s Homeland Security program, and holds a Master of Science, Cybersecurity and Information Assurance through Western Governors University. Formally trained and certified by the DoD Cyber Crime Center’s Cyber Training Academy, he also possesses over 20 additional technical certifications related to cybersecurity: most notably the Offensive Security Certified Expert (OSCE) certification. Mr. Wolterman understands a variety of adversarial decision-making processes due to his time with the 780th Military Intelligence Brigade and time spent overseas in support of U.S. operations in Iraq and Afghanistan. He brings this knowledge to bear when both leading Clear Ridge Defense’s Red Team on engagements and Clear Ridge Defense’s Blue Team in incident response.
Mr. Ian Swasing, Percival Engineering: Mr. Swasing joined the Percival team in 2020, after graduating with a Bachelor of Science in Electrical Engineering from Pennsylvania State University. With a passion for solving technical problems, Ian spends a lot of his time utilizing his experience in software development and network protocol analysis.
Mr. Mike J. Bell, BlueHalo: Mr. Bell has worked in the intelligence community for 23 years on a wide variety of projects and domains, and currently serves as an engineer at BlueHalo. He spent eight years helping to develop Ghidra, NSA’s Software Reverse Engineering (SRE) tool, and played a key role training analysts of all levels how to use Ghidra across the agency. Over the course of his time on Ghidra, Mr. Bell was involved in the design of many of its features, including the Function Graph, Version Tracking, Function ID and the Java Sleigh Compiler, as well as maintaining such processor models as x86, ARM, MIPS, 680x0 and PowerPC. Outside work, he enjoys spending time with his wife and two sons.
Teams are not auto-populated in the Cyberskyline CTF Platform.When you join the event, a team code will be generated for you. Use one team members code as the primary team code and have everyone else on the team transfer to the team using the team primary code.
Upon completion we will provide you with proof of attendance (likely in the form of Fuel Frenzy Certificate of Completion) that you will need to submit to earn the credits towards your respective certification
What are the defined Levels of Expertise for the CTF?
Fundamental understanding of cybersecurity concepts and basic tools
Perform basic network scanning, identify common vulnerabilities and exploits, and perform basic web application attacks
Some experience with Linux command-line tools and basic scripting
Deeper understanding of cybersecurity concepts and familiar with more advanced tools and techniques
Perform more advanced network scanning, identify more complex vulnerabilities and exploits, and perform more sophisticated web application attacks
Experience with scripting languages such as Python, and able to write simple exploits or tools to automate tasks
High level of expertise in cybersecurity, and perform advanced penetration testing and exploit development
Identify and exploit zero-day vulnerabilities, perform advanced web application attacks, and be familiar with advanced evasion techniques
Experience with reverse engineering and malware analysis
Deep understanding of cybersecurity and performing complex attacks and defending against them
Perform advanced reconnaissance, develop custom exploits and payloads, and familiar with advanced post-exploitation techniques
Experience with red teaming and simulate sophisticated attacks against critical infrastructure
What platform will be used for communications and virtual participation for the CTF?
Discord will be used for virtual communications and participation
Announcements will be made here, and competition support will be available in chat for Q&A
Private, virtual rooms will also be created for each team to collaborate and store notes
Joining the Discord server is optional, we highly recommend joining, especially if you do not already have a team
How do I join the Discord server and/or create a Discord account if I don't already have one?
If you do not already have a Discord account please create one here: https://discord.com/. Then, follow the directions below to submit your username (optional) on the registration form
You can copy your full username (name and discriminator) by following these steps:
Click on your profile in the bottom left corner of your screen
Click on the copy icon to the right of your username in the popup. The copy icon will appear when you hover over your username. It should be similar to "username#discriminator" (ie: "discord_user#1458")
Submit your full username ("username#discriminator") in this field