We introduce SCASS, an open-source, modular, and hybrid platform specifically designed for the development of extensible cybersecurity testbeds within the Industrial Control Systems (ICS) domain.
The physical components are located in SafetyGrid.project, located in the CodedPLC directory, that writes all the firmwares that are flashed with PLCs. ABB Automation Builder allows writing PLCs written in CodeSys. In case physical devices are unavailable, the architecture provides virtualized components as an alternative. See this page for reference.
You can find comprehensive documentation about attack graphs and their generation at this link.
Comprehensive documentation on attack execution is available at this link for the ARP Poisoning Attack and at this link for the multistage attack.