FUEL FRENZY

A Percival Engineering CTF Event

JUNE 7-8, 2023

important, stamp

CTF (Day 2) In-Person

Location Change!!!

The Fuel Frenzy CTF will now be located at:

Percival Engineering

6220 Old Dobbin Lane, Columbia MD

**note: Day 1 Pre-CTF Training is still completely virtual

compete. hack. secure. learn.

About

Critical infrastructure systems are increasingly becoming targets for cyber attacks, and it's up to us to protect them! This CTF is designed to help raise awareness about the importance of protecting critical infrastructure from cyber threats while also supporting the development of skills and knowledge in the cybersecurity community.


A Capture the Flag (CTF) competition is where teams must solve a series of challenges to obtain flags for points. In Fuel Frenzy, teams will be tasked with various fuel-related challenges: securing fuel supplies, interrupting fuel transportation, protecting fuel-related assets, and disrupting fuel critical infrastructure.

Irregular dotted line

Fuel Frenzy is a FREE event open to Government, Industry, and Academia

Must be a U.S. Citizen to Participate

Colorful Comic Panel. Comic Frame with Halftone Backdrop
White Rectangle Illustration

DAY

JUNE 7th

PRE-CTF TRAINING

Virtual Only

Colorful Comic Panel. Comic Frame with Halftone Backdrop
White Rectangle Illustration

DAY

JUNE 8th

FUEL FRENZY CTF

In-Person (Percival)

& Virtual

Retro Comic Ornament Illustration
Register Now Button

Registration Closes on 5/28/2023

Please review FAQ prior to registering & check back here regularly for updated information!

Day one: Pre-CTF Training

WED | JUN 7 | 9:00AM - 4:30PM | VIRTUAL ONLY

Online pre-event training focusing on tactics, techniques, and tools relevant to the CTF. Topics to be finalized as the event gets closer. Link to live stream will be provided to all registrants.

Time

Topic

Description

Facilitator

9:00

Intro

Welcome to Fuel Frenzy!

Percival


ICS/SCADA Systems 101

Intro to ICS/SCADA

TBD


ICS/SCADA Enumeration

Tools: GRASSMARLIN & Shodan

Percival


BACnet: Building Automation & Control Networks Protocol

BACnet Usage & Capabilities

TBD


Network Packet Captures (PCAPs)

Using Wireshark (Network Analyzer/Packet Capture Tool) to Analyze ICS/SCADA Traffic

TBD


Password Cracking Tools

Using John the Ripper or Hashcat to Break Encryption Using Wordlists

Clear Ridge Defense


Siemens S7 Network Protocol

Communication, Analysis, & Interfacing

TBD


Exploiting ICS/SCADA Engineering Workstations

Exploiting Workstations in a Windows Environment

TBD


Reverse Engineering Tools

Ghidra

TBD


Programmable Logic Controllers (PLC)

Reverse Engineering PLC Programming Ladder Logic

Percival

4:15

Wrap-Up

Closing Remarks

Percival

5:00

Social

Post Training Social & Happy Hour @ Percival

Percival

Post-Training Social

Percival Engineering

6220 Old Dobbin Lane, Suite 100, Columbia, MD 21045

**agenda subject to change

Day Two: Fuel FrenZY CTF

THU | JUN 8 | 9:00AM - 5:00PM | VIRTUAL & IN-PERSON

Time

Topic

9:00

Intro/Welcome

9:30

CTF Phase One

12:00

Lunch & Networking

1:00

CTF Phase Two

4:00

Break & Wrap-Up

4:30

Awards

5:00

Post-CTF Social

**agenda subject to change

Speech Bubbles Phone Communication Organic Drawn   Style

CTF Communications & Virtual Participants

Discord will be used for all communications and virtual participation

Fuel Frenzy Discord Server: https://discord.gg/Ry45SMK9dx

Visit FAQ for more information on Discord

In-Person Participants

Percival Engineering

6220 Old Dobbin Lane, Suite 100, Columbia, MD 21045

fuel frenzy sponsors

contact us

allie.guthrie@percivaleng.com or 443-276-6176 x140

if interested in sponsorship opportunities

FAQ

  • Who can register?
    • Government, Industry, & Academia
    • Must be a U.S. Citizen
  • Can I register as an individual or a team?
    • Individual - you will be placed on team based on level of experience
    • Teams - each individual on a team must register and input team name in registration form
  • What are the team sizes?
    • Three - Five per team
  • Who can I contact with questions?
  • What tools/programs are needed before the event?
    • All you need is a modern web browser and access to the internet
    • If attending in-person, bring your own laptop able to connect to Wi-Fi
  • Do I need any prior knowledge/experience to compete?
    • No. However, it is recommended to have a basic understanding of networking and Linux fundamentals
  • Do I have to attend both the pre-event training and the CTF?
    • No. You can attend either or both
  • What is the cost to participate in Fuel Frenzy?
    • There is no cost to attend the training or participate in the CTF
  • Can I receive Continuing Education (CE) Credits for attending the training and/or participating in the CTF?
    • Yes, how many credits you can receive will be dependent on the specific requirements of your certification
      • Send an email to percivalctf@percivaleng.com letting us know that you would like to earn CE credits
      • Upon completion we will provide you with proof of attendance (likely in the form of Fuel Frenzy Certificate of Completion) that you will need to submit to earn the credits towards your respective certification
  • What are the defined Levels of Expertise for the CTF?
    • Basic
      • Fundamental understanding of cybersecurity concepts and basic tools
      • Perform basic network scanning, identify common vulnerabilities and exploits, and perform basic web application attacks
      • Some experience with Linux command-line tools and basic scripting
    • Intermediate
      • Deeper understanding of cybersecurity concepts and familiar with more advanced tools and techniques
      • Perform more advanced network scanning, identify more complex vulnerabilities and exploits, and perform more sophisticated web application attacks
      • Experience with scripting languages such as Python, and able to write simple exploits or tools to automate tasks
    • Advanced
      • High level of expertise in cybersecurity, and perform advanced penetration testing and exploit development
      • Identify and exploit zero-day vulnerabilities, perform advanced web application attacks, and be familiar with advanced evasion techniques
      • Experience with reverse engineering and malware analysis
    • Expert
      • Deep understanding of cybersecurity and performing complex attacks and defending against them
      • Perform advanced reconnaissance, develop custom exploits and payloads, and familiar with advanced post-exploitation techniques
      • Experience with red teaming and simulate sophisticated attacks against critical infrastructure
  • What platform will be used for communications and virtual participation for the CTF?
    • Discord will be used for virtual communications and participation
      • We recommend all participants, either in-person or virtual, join our Discord server (https://discord.gg/Ry45SMK9dx)
      • Announcements will be made here, and competition support will be available in chat for Q&A
      • Private, virtual rooms will also be created for each team to collaborate and store notes
      • Joining the Discord server is optional, we highly recommend joining, especially if you do not already have a team
  • How do I join the Discord server and/or create a Discord account if I don't already have one?
    • If you do not already have a Discord account please create one here: https://discord.com/. Then, follow the directions below to submit your username (optional) on the registration form
      • You can copy your full username (name and discriminator) by following these steps:
        • Click on your profile in the bottom left corner of your screen
        • Click on the copy icon to the right of your username in the popup. The copy icon will appear when you hover over your username. It should be similar to "username#discriminator" (ie: "discord_user#1458")
        • Submit your full username ("username#discriminator") in this field
  • How do I learn more about Percival Engineering?
  • If I am unable to attend after I have registered how do I cancel my registration?

TRAVEL

Fuel Frenzy Event Location

Percival Engineering

6220 Old Dobbin Lane, Suite 100

Columbia, MD 21045

Park Outside Building Main Entrance

Suite 100 is 2nd Door on Left

Accommodations

While we are not partnered with any specific hotels for this event we can provide some recommendations based on proximity to event location:

Extended Stay America - Columbia Gateway Drive

Extended Stay America - Columbia Corporate Park

Sonesta - Columbia/Baltimore

Homewood Suites - Columbia

Airports

Airports & Travel Time to Columbia, MD

  • BWI - approx. 20 mins (this is the way to go)
  • Dulles (IAD) - 50 min if you are lucky, maybe 1 hr 10 min on a good day, plan for ~2 hrs because there is always traffic
  • Ronald Reagan (DCA) - same as IAD