OT/ICS CTF Forge¶

Industrial control systems run the world’s critical infrastructure: power grids, water treatment plants, manufacturing lines, and pipelines. Yet security testing on live environments is dangerous, expensive, and often impossible. A single misplaced packet can cause physical damage, production downtime, or safety incidents.

Well-designed challenges allow security practitioners to learn OT attack paths, protocol analysis, and operational consequences without risking real equipment.

Root-Me is the lower-friction starting point: no VM to build, no upload pipeline, just assets and a flag. TryHackMe is the more ambitious option, and the harder one to get right.

OT/ICS attack surface reference
Challenge concepts
Foundational resources
Room for TryHackMe
Puzzles for Root-Me