Curriculum & Activities
Our 5-day training followed by a one-week CTF challenge is a blend of foundational lectures and intensive, hands-on labs. Below is a day-by-day breakdown of the topics and activities you will engage in. Click on each day to see the details.
Topics: Introduction to PLC programming fundamentals, lab environment setup, and common industrial protocols.
Download Day 1 MaterialsTopics: A detailed look into PLC operations, common attack vectors, and the manipulation of control logic.
Download Day 2 MaterialsTopics: Forensic analysis of ICS protocols (from Modbus to UMAS) using Wireshark.
Hands-On: Analyze sample PCAP files and import a custom LUA plugin into Wireshark for UMAS protocol dissection.
Download Day 3 MaterialsTopics: Discovering and analyzing forensic artifacts found within PLC memory.
Hands-On: Analyze a sample PLC memory dump. Practice carving a hidden zip file with Binwalk, using a Python script to extract data, and attempting to decompile logic.
Download Day 4 MaterialsTopics: Introduction to the final SleuthCPS challenge scenario and rules of engagement.
All necessary files for the final challenge can be downloaded from the GitHub repository.