PI Challenges at the S4x17 CTF

Blog Post created by hpaul Employee on Dec 5, 2016

Brian Bostwick posted earlier about the S4x17 ICS Security Conference (original post here) and I'd like to elaborate on the OSIsoft CTF environment.


The S4x17 Killer Robots CTF environment is designed to be an interactive, fun source of industrial security challenges.  After all, CTF is a great way to explore and defeat ‘forever’ day configuration issues. This year the OSIsoft team has improved and expanded the PI System environment, planting flags inspired by case studies, new security features and threat models.


Below we have a summary of the PI challenges from last year. OSIsoft provided 11 of the 43 total flags for the competition.  There were 5 flags left standing at the end of the competition and 4 flags that were only solved by one team.  The most successful competitor captured 450 of the possible 2025 points from the PI challenges.



Reviewing the logs in our environment revealed that many teams did perform reconnaissance, but did not progress.  Perhaps the low success rate of the competitors has gone to our heads, so this year we are upping the ante.  The first (if any) team that captures the mysterious, illustrious “Golden PI” flag, will win the opportunity to deliver ~3.14 pies to the faces of the OSIsoft security advisory team in attendance.  You heard right, this is your opportunity to exact sweet revenge on a vendor!


Want to learn more? Every Wednesday in December we’ll give an inside look at the CTF environment on the PI Square Security Forum, providing background and perhaps even a few hints along the way.  Search for the S4x17 tag to get all posts related to the event in the coming weeks.


Edit: First post in the series is out. PI and the Killer Robots, Inc. CTF environment, Part 0x01