Capture the Flag

The Bristol Industrial Control Systems - Capture the Flag (BrICS-CTF) 2025 event was held on the 26-27 June 2025, supported by RITICS (Research Institute In Trustworthy Inter-Connected Cyber-Physical Systems) and the NCSC  (National Cyber Security Centre). On the 25 June, Hacktonics hosted a free Introduction to Hacking for ICS training session for all participants to ensure even those with limited or no experience could take part.  

This year 11 teams, all from industry, joined us to put their skills to the test against our CNI-themed challenges inspired by our experimental testbed. Participating organisations included Critical National Infrastructure operators, Aerospace, Defence, and Engineering Consultancies. Our jeopardy-style red team exercises - a collection of hacking challenges organised according to different categories and pitched at various difficulty levels allowing for a scoring range – are designed to challenge teams’ Operational Technology (OT) knowledge.  

The teams faced a number of challenges in total across packet capture analysis, logic analysis, asset discovery, data exfiltration, access control, honeypots, value tampering and red team. We will also include a physical red-team challenge – lock-picking - involving multiple practice locks and a singular end “challenge lock”. The challenges harnessed multiple aspects of the BCSG experimental testbed which, for the purposes of the event, was relocated to the competition room: servers, training boxes (bespoke equipment developed for our taught units on ICS security), physical processes and our mobile demo box.