← All Challenges

Airgap Echo

Forensics 200 pts standard
Challenge Description

An air-gapped industrial environment suffered unauthorized PLC logic changes during scheduled maintenance. No internet traffic was expected. Investigate cross-device artifacts.

Recover:

  1. Maintenance USB serial.
  2. Injected ladder logic payload ID.
  3. Operator account tied to deployment.
  4. Controller name that received malicious download.

Flag format: HackCTF{...}

Files
↓ decoy_maintenance_usb.txt ↓ engineering_notes.log ↓ mixed_case_telemetry.log ↓ noise.log ↓ noise_expanded.log ↓ plc_project_diff.txt ↓ usb_image_manifest.txt ↓ workstation_logs.csv
Hints
View Hint : Hint
  1. Only artifacts in the compromise time window should be trusted.
  2. Controller name is in deployment logs, not project diff.
  3. Keep serial/controller exact case in flag.
Submit Flag

Login to submit a flag.