Stephen Hilt and a team of volunteers are working furiously on the ICS Village for S4x15. The ICS Village at S4x14 had a large amount of ICS devices, 6 different vendor PLC’s, HMI, industrial switches, historians, …, and we allowed attendees to play and attack them at will. Of course, every year near needs to get better.

One thing we learned from our past ICS Villages and the recent Defcon ICS Village is that a lot of people are at a loss of what to do in the Village. So the ICS Village at S4x15 will have a capture the flag (CTF) competition with a ICS flags in five different categories.

The CTF will be scored and prizes will be awarded to the top individuals or teams.

We will be releasing information on the ICS Village every two weeks that will help attendees gather their tools and plan their attacks. To begin, the diagram below shows a simplified network diagram of the ICS Village. Some specific product names will be added in future updates.


The flags and scoring will be on a Jeopardy style board with the following categories. Each category will have different levels of difficulty with corresponding point values.

  • Reconnaissance. Example easy flag: identify a historian on the network. Example medium flag: pull tag names from a PLC.
  • Exploitation. Example medium flag: use Modicon password recovery to recover a super secret password. Example hard flag: downgrade software on a PLC.
  • Process. Example medium flag: modify an HMI display.
  • Forensics. Example easy flag: review firewall logs for signs of ICS specific malware. Example hard flag: Identify hacker identity via evidence left in firmware.
  • Protection. Example easy flag: write ICS signature for an earlier discovered flag.

If you would like to participate in the preparation or running of the ICS Village, or just have an idea for a flag, contact Stephen Hilt.