RunbooksΒΆ
Executable procedures for each component and attack chain. Each one is a sequence of moves rather than a story: where you start, what you touch, and what falls over when you touch it.
None of this runs against a real plant. The ics-access-simlab provides a power network that behaves like the genuine article, complete with historians that remember too much and PLCs that trust whoever asks nicely, but without the people in fluorescent vests. Break something here and the only casualty is a container you can rebuild. That freedom is the point: it leaves room to run a move twice, watch what it leaves behind, and work out which countermeasure would have caught it.
The runbooks below are linked from the narrative pages, which carry the context. Starting from one of those tends to read better than starting here.
- Runbook: unseen-gate
- Runbook: wizzards-retreat
- Runbook: SSH pivot through wizzards-retreat
- Runbook: hex-legacy-1
- Runbook: bursar-desk
- Runbook: Exfiltration from bursar-desk
- Runbook: uupl-historian
- Runbook: distribution-scada
- Runbook: uupl-eng-ws
- Runbook: Operational zone exfiltration
- Runbook: uupl-hmi
- Runbook: hex-turbine-plc
- Runbook: relay IEDs
- Runbook: contractors-gate
- Runbook: guild-exchange
- Runbook: sorting-office
- Runbook: clacks-relay
- Runbook: substation-rtu