Labyrinth, Noise Elimination, Circuit Engineering... Review of the Most Interesting Tasks of PHDays CTF Quals

PHDays CTF Quals, information security competition, ended last week. 493 teams from 30 countries competed in information hacking and protection. All the tasks were divided into five categories from Reverse Engineering to the tasks typical of the real world (the details and results of the competition are available in our previous post). Each category included five tasks of different challenge levels (from 100 to 500 points).

The majority of the tasks were solved by the teams, some of them caused troubles, and some were left unsolved. Moreover, for a part of the tasks the teams used such solutions, which were not even considered by the organizers. This time we want to review the most interesting (in our opinion) and difficult tasks of PHDays CTF Quals.

PHDays CTF Quals – BINARY 500 or Hiding Flag Six Feet Under (MBR Bootkit + Intel VT-x)

PHDays CTF Quals took place on December 15-17, 2012. More than 300 teams participated in this event and fought to become a part of PHDays III CTF, which is going to be held in May 2013. Our team had been developing the tasks for this competition for two months. And this article is devoted to the secrets of one of them – Binary 500. This task is very unusual and hard-to-solve, so nobody could find its flag.

This executable file is an MBR bootkit, which uses hardware virtualization (Intel VT-x). Due to the program’s specific features, we decided to warn users that this program should be executed on a virtual machine or an emulator only.

 Warning and license agreement

Cyberwarriors from All Over the World Fought to Partake in PHDays III CTF

PHDays CTF Quals, interactive information security competition, took place from 10 a.m. on December 15 to 10 a.m. on December 17 and lasted for the whole 48 hours. PPP (Plaid Parliament of Pwning), a team from the USA, became the winner. They had to resist to 493 teams from more than 30 countries in the course of the battle.

The competition went in a more active way comparing to the previous year — 681 teams applied for participation, 154 of them solved at least one task, and more than 100 people discussed the battle on IRC.

Intro: PHDays CTF Quals 2012

Attention! For solving one of the tasks you will need Bochs emulator with installed Windows XP SP3 or higher!


Manual:
1. Download Bochs from official site http://bochs.sourceforge.net/ (version 2.4.6 or 2.6)
2. Download disk image and config files http://downloads.phdays.com/phd_bochs_images.zip
3. Extract image and config to Bochs directory
4. Open config file with bochs and specify path to Windows ISO image in cdrom options (Disk & Boot | ATA channel 0 | first HD/CD on channel 0) (don't forget to check 'inserted')
5. Boot from cd drive and install OS (It can take a long time!!!)

Three Days Left Before PHDays CTF Quals Starts

Let us remind you that PHDays CTF Quals starts on the 15th of December and will last for three days. 300 teams from more than 30 different countries of the world have already registered. You still can join!

Registration for Quals: till 17th of December, 2012.

Time when Quals will be held: From 10 a.m. of the 15th of December till 10 a.m. of the 17th of December, 2012 (Moscow time). The contestants will try their hands at security assessment, vulnerabilities detection and exploitation, as well as fulfilling reverse engineering tasks.

PHDays CTF Quals

From time to time information security experts meet at competitions held on the principle Capture the Flag to check who the best in protecting and attacking is. These contests are frequently compared with Formula 1 and attract attention more and more often.

You know how to search vulnerabilities and want to participate, don't you?

PHDays CTF Quals, the qualifying stage of the PHDays CTF international information security contest, starts in December. The chances are even — not only well-known teams but newcomers as well can try to win a ticket to the final stage of the hacking battle. The finals will be held as part of the international forum Positive Hack Days III at the end of May 2013.

Make your own team, submit an application, and go ahead!

Positive Hack Days III — Call For Papers Has Started

Hello everybody! Positive Russian hackers, organizers of the forum on practical information security Positive Hack Days III, invite you to participate in the forum as a speaker. The forum will take place on May 22-23, 2013.

The previous forum held in 2012 brought together 1,500 information security specialists from all over the world. More than 50 reports, workshops, seminars, and round tables took place there. The most significant representatives of the IS industry such as Bruce Schneier and Datuk Mohd Noor Amin, the chairman of IMPACT, were among the speakers. For the first time Alexander Gostev from Kaspersky Lab gave a detailed account of Flame, and Haythem El Mir spoke about the confrontation between Tunisia and Anonymous. The participants of PHDays 2012 successfully hacked Apple iPhone, Windows XP, and FreeBSD; tried themselves in money stealing from simulated ATMs and remote banking systems and in capturing control over industrial projects via SCADA.

If you want to share your experience, research results or demonstrate your skills, then we will be waiting for you in Moscow at the end of May 2013. Without you the forum will fell through!

Positive Hack Days CTF vol.2

During the Capture The Flag hacking contest at PHDays 2012 twelve teams from ten countries have been attacking the networks of other teams and protecting their own networks for two days and one night non-stop. The conditions were as close to real life as possible – no invented vulnerabilities, only those that occur in real contemporary information systems.

The infrastructure for the hacking battle was organized according to the principle of the King of the Hill game: the points were given not only for successful attacks against the systems, but also for keeping control over the systems, which made the contest more intriguing.

The contest became the highlight of the forum program, that is why an idea came to our minds… Why not to repeat the ‘royal battle’ separately for the Internet community, let us say, in the second half of August? The details are under the cut.

Hack4Fun at PHDays

The forum Positive Hack Days not only discussed urgent issues of IS industry and became a platform for hacking battles, but it went in a very lively and positive atmosphere as well. Ending up with publications related to the forum competitive program, we are going to tell you about two funny competitions that became general favorites. They are Hack-T-Shirts and Too Drunk to Hack NG.

'Free-of-Charge' Tariff. Hacking Coin-Operated Telephone at PHDays

Due to the fact that Positive Hack Days is a forum devoted to the issues of practical IT security, the competitive program contained competitions of practical nature (for example, a contest related to searching information hidden in the Internet and hash cracking).

One of the competitions, where not only your head but hands could work, was a contest named 2600, in the course of which the participants had an opportunity to demonstrate their skills in phreaking and to hack a coin-operated telephone. Any visitor of Positive Hack Days could partake in the competition. The participants were to call a predefined number from a coin-operated telephone using tokens as the means of payment and then extract the used token and give it back to the organizers.

Hack the RFID

The competitive program of Positive Hack Days 2012 was rich not only in battles of hackers, who tried to hack everything without exception via the Internet, but in "applied" competitions as well. One of such contests was Hack the RFID, in the course of which the participants' knowledge and skills in Radio Frequency Identification (RFID) systems were checked.

There were quite few people who wanted to partake in the contest, but those, who still took the risk, did not regret it for sure.

PHDays a la Tunisia

Participation in Positive Hack Days 2012, an information security forum, was available not only in the Digital October Center and by means of online broadcasting. Dozens of hackspaces all over the world joined our program PHDays Everywhere providing local hackers with an opportunity to watch the forum, partake in the competitions, and interact with their colleagues gathered in Moscow.

WikiLeaks at PHDays 2012

We continue our review of competitions at the information security forum Positive Hack Days 2012. Today we will tell you about one of the most popular online competitions – WikiLeaks, which challenged the contestants’ skills of surfing the Internet for concealed information.

There were 150 people registered for the competition, 60 of which managed to succeed at least in one task. A user nicknamed mchumichev took the lead on the first day and held it till the end, so the real fight broke out for the second and third places. Many contestants ended up with the same score, but only the fastest could win.

Workshop on $natch Results at Neúron Hackspace

Less than in a month – on August 11 from 12:00 a.m. till 3:00 p.m. — the Moscow hackspace Neúron [ru] is organizing a workshop that will cover the results of the $natch competition (PHDays 2012).

You will know how the hackers managed to crack the remote banking system at PHDays I-Bank developed specially for PHDays competitions ($natch and CTF vs. HackQuest battle), and will have a chance to beat the record of the teams and demonstrate their cracking skill on such system.

Big Shot — Hacking People at PHDays

This year PHDays 2012 has carried on the tradition of organizing intellectual competitions. The forum's guests saw a highly competitive program — PHDays CTF, Online HackQuest, HashRunner, $natch, and a lot of other contests, in which hackers could demonstrate their skills in hacking and protecting different systems.

However, there is no doubt that the Big Shot contest, in the course of which the participants needed to show their skills in social engineering, was one of the most interesting, peculiar, and funny competitions.

Each participant was provided with a person's photo not clear for unambiguous identification and a number of statements characterizing that person. These people were present at the forum, and the participants were to identify them and make certain actions according to the task (for example, to get the person's business card or to take a joint photo).

Hash Cracking at PHDays 2012: The Hash Runner Competition

PHDays 2012 featured a lot of highly technological, challenging and exciting competitions, but there was one that the visitors hardly noticed – Hash Runner, a competition in hash cracking.

All competitions of this type are characterized with hegemony of a number of teams: hashcat, Inside Pro and john-users, which is not surprising because these are communities of developers, testers and common users formed around most popular hash cracking tools.  And their success is rooted not only in years of experience, good training and unity of teams, and accessibility of formidable computer powers, but in the ability to modify  the tools in the real time mode in response to ever changing circumstances.

All the above-mentioned teams took most active part in Hash Runner at PHDays 2012. For two days the contestants fought for a useful prize - an AMD Radeon HD 7970 graphics cards.

PHDays in Far East

On May 30 and 31, PHDays Everywhere gathered dozens of hackspaces and universities all over the world, but the largest regional platform of Positive Hack Days 2012 was set up in Vladivostok. dvCTF 2012, a task-based CTF contest for university teams, was organized by Far Eastern Federal University.

Show Me the Money! The $natch Competition at PHDays 2012

The visitors of the Positive Hack Days 2012, which took place in the Digital October Center, not only had a chance to listen to reports by information security professionals or watch the epic CTF battle, but take part in discussions over important industry issues at specialized sections.

Among such discussion platforms, there was a section called How to Protect Money, moderated by Artem Sychev (Head of Information Security Department, Rosselkhoznamk). Along with theory – discussions over the security challenges of the banking sector, – the section offered a practical task: the $natch competition. The competition tried out participants’ skills of exploitation of typical remote banking vulnerabilities, rather logic than web ones.

For those who missed the PHDays CTF 2012 legend...

Presentations from Positive Hack Days 2012 Published

It's finally happened! When videos of reports and hands-on-labs from Positive Hack Days were published, we decided to move on. So now you have an opportunity to view presentations of the forum’s reports.

For your convenience we provide links not only to the slides but to the videos of the reports as well (if they were made).

PHDays Online HackQuest 2012 Is Over

Twenty days have passed since Positive Hack Days 2012, an international forum on practical security, wished goodbye to the visitors, but the echo of the words is still heard around. In particular, it tells about the Online HackQuest competition, which was on throughout the forum days on May 30 and 31 and carried on for two more weeks.

Any Internet user could take part in HackQuest. The participants were granted an access to a VPN gateway. Once connected, they were to find target systems and detect vulnerabilities in them. By exploiting the vulnerabilities, participants obtained access to a key (flag) in the MD5 format, which they were to send to the jury via a special form on their personal profiles. For each correct flag participants scored a corresponding number of points. A participant who totaled 100 points earlier than others won the competition.

Positive Hack Days CTF 2012 – The Way It Was

The battle between hackers based on the Capture The Flag model has become the star turn of the PHDays 2012 program: for two days and a night non-stop 12 teams from 10 countries were breaking rival networks and protecting theirs.

PHDays CTF conditions, unlike those of other contests of this kind, were as real as possible: the vulnerabilities used for the competition are common for modern information systems. Besides, the participants were allowed to take blind actions when solving the tasks. In other words, they could attack systems that they had no access to. The most curious feature of PHDays CTF 2012 was the King-of-the-Hill scheme used at the heart of the contest. According to the logic of this scheme, a team scored not only for having captured a system, but for having held it down as well.

Available Video of Positive Hack Days 2012

On May 30-31 the Digital October Center threw its doors open for the international forum on practical security PHDays 2012. With a thousand and a half of people, the forum saw dozens of reports, hands-on-labs, large-scale CTF competitions, and a full contest schedule.

Now it can be officially declared that we managed to mix Internet community representatives, IS experts and hackers from different countries which made the whole event even more interesting.

As we have earlier promised, videos of the reports and hands-on-labs from PHDays 2012 are publicly available now. Among dozens of videos related to information security there is a report that can be compared with the world classics – the report of Bruce Schneier, a legendary cryptographer. Enjoy it!

Forum Positive Hack Days 2012 Is Over!

Two days, 1500 guests, dozens of reports and hands-on labs, large-scale CTF contest, lots of competitions, – all that was the PHDays 2012 hackers conference held in the Digital October technocentre. Information security experts, hackers from all over the world and Internet users met to discuss and try to solve the key IS issues.

PHDays Competitions Finished

After the major CTF battle was over, other PHDays 2012 competitions were also coming to the end. In the Workshop area, the Hack the RFID competition was in full swing. The target was two stationary boxes under locks controlled by RFID readers. The corresponding RFID tags were attached at a distance from the readers, so that it was impossible to unlock the boxes directly with these tags.

The contestants were required to open the boxes to take the prizes from within.

PHDays CTF - The final!

For two long days and all through the night 12 CTF teams from ten countries were engaged in tense battle. They faced many challenges: diving into garbage container in search for bonus flags, fighting sleep, taking control over a flying droid that was hovering across the lobby of the technocentre Digital October, and eliminating vulnerabilities in the online banking system attacked by the participants of Online HackQuest.

The $natch is Taken!

Specially for this competition the Positive Technologies experts developed their own online banking system containing some typical vulnerabilities.

Forum guests and contestants have a good time in the cozy lobby of the Digital October technocentre, where they can follow the competition thanks to live video streaming.

The goal of the competition was to detect and exploit the online banking system vulnerabilities to transfer money to the team account.

Once Again about Remote Banking Security

There is a specific section in the information security forum Positive Hack Days called Ways to Protect Money taking place in the Digital October Center these days, where leading experts from Russia and other countries speak about the issues of the banking security.

For the $natch competition, we have developed our own remote banking system containing common vulnerabilities detected by the experts of Positive Technologies in the course of such systems analysis.

Participants of the $natch contest were to demonstrate their knowledge and skills in exploiting typical vulnerabilities of the remote banking servers. There was a certain amount of money in our “protected” I-bank (conditions were near to the actual).

CTF - The Challenges Continue

AR.Drone

According to the Day Two legend, the teams taking part in the PHDays CTF contest were required to obtain transportation means. Specially for this task we prepared a couple of AR.Drones - flying devices operated through mobile phones using insecure wireless connections. The goal was for the CTF teams to take control over one or both the drones.

At first, we planned to launch the AR.Drones outside the building, but since the weather in Moscow wasn’t navigable, the competition was moved to the lobby of the Digital October technocentre that hosts the PHDays 2012 forum.

Circuli Vitae. The Future

The Future (Summary of the Previous Episode)

By the middle of the XXIII century the once-powerful humankind regressed into a pitiful pinch of exhausted people. Affected by the genetic disaster and devastating war, the Earth was no longer a home but a battle for survival.

Those who were lucky enough to cover under airproof domes were engaged in ongoing battle for survival against the aggressive environment. They lived off “clean” food produced at several automated farms; and all of the people’s last efforts went to protect the farms.

Day One of the PHDays Forum is Over

On May, 30th, information security experts, hackers, and Internet community members from all over the world gathered in the technocentre Digital October. Their goal was to fervently discuss and find answers to the most important IS questions and, of course, to have a good time :) Read about the first day of the PHDays 2012 forum under the cut.

Hacked in 137 seconds. Results

As you already know, PHDays is literary everywhere from Tokio to Vladivostok and from India to Tunisia. Dozens of hackspaces with best hackers join our online broadcast. It was specifically for the hackspace members supporting our PHDays Everywhere initiative that the Hacked in 137 Seconds competition was orginized.

Participants had six hours to get unauthorized access to a specified Cisco network device and consecutively increase the privileges up to level 15. With every new level gained, the participant obtained a flag in MD5 format, which was then entered into a special form on the PHDays website.

CTF - New Challenges

CTF contest has started at the Positive Hack Days forum. The teams received envelopes with the CTF legend and entered the fight. The winner will be annonced tomorrow, while today the teams can find bonus flags and raise the score. However, it's not all that simple: the flags are hidden in a specially prepared conainer with garbage, which makes the task pretty challenging.

In the CFT area, the draw was conducted to define in what order the teams will dive into the container.

Circuli Vitae. The Present

The XXI century is the Era of Biotechnologies. Mass production of genetically-modified products was supposed to deal with hunger, diseases and give the humanity the power over the Nature.

However by the middle of the century genetically-modified organisms were everywhere: from tundra to rainforests. In response to the intervention Flora struck back to survive. Gigantic weed-trees and tiny bugs flooded forests and fields of the Earth.

People also suffered from the genetic chaos. Numerous epidemics spread over the planet, some of them were artificially induced.

That was when World War IV broke out to become the fastest and most devastating war of all.

Hacker Soccer Moves on!

Tomorrow is going to be a big day – international information security forum Positive Hack Days 2012 opens tomorrow. Most reporters (for example, Bruce Schneier and Nikhil Mittal) and teams participating in CTF (PPP, Shell Storm) are already in Moscow. And it seems a good reason to meet prior to the forum’s start at a football match! Information security experts (both reporters and CTF participants) have taken white hats off for a while and put soccer uniform on to prove they’re the best not only in hacking. Photos of the match are under the cut.

Registration to PHDays 2012 Online Competitions Is Open

The competitions playing invitation cards to Positive Hack Days 2012 are over. The winners have received their tickets, and we will meet them in the Digital October Center in Moscow very soon. If you have failed to participate in these contests or to win, you still have an opportunity to obtain lots of prizes in the course of online battles, registration to which starts on PHDays website simultaneously with the forum. Competitions description and terms of participation are under the cut.

Hacking Elite Come Together at Positive Hack Days 2012

PHDays 2012 is getting closer. A detailed program has already been published. Registration to the forum opened on May 14, but there were so many people willing to visit the event that all the places were occupied in 8 minutes, and thus we had to stop it. The buzz around the event was so great that we decided to carry out one more round of registration. It had barely begun, when we had to close it for the same reason.

Battle for Invitation Cards is Over

Less than a week is left until the information security forum Positive Hack Days 2012, and until today everybody who wanted to visit this event had a chance to win an invitation card in such contests as Blow Up the Town and Hackers vs. Forensics.

Maximum of practice, minimum of formality: PHDays 2012 program is published

Positive Hack Days 2012, an international forum, is coming soon in the Digital October center in Moscow. We’ve been preparing this event for the whole year, have gathered the most topical and interesting information security issues taking into account community’s preferences so that anyone from a programmer to a CIO can be involved in the forum.

Today we’re introducing the final program of PHDays 2012. There are two big units combining theory and practices, they are conferences and competitions.

PHDays CTF: President’s address to participants of the CTF (Change The Final) Mission

I salute you, soldier!

Dwellers of our City are proud to have the luck to be familiar with you, one of those, who were selected to change the destiny of the entire humanity. Very little time is left before the start of your Mission, so you will have to go to a lot of trouble to prepare well. A lot of obstacles will be lying in wait for you: a sleepless night, endless attacks of enemies, time travelling, aircraftshijacking, and even dumpster diving. But they shouldn’t stop you on your way to your major aim – prevention of the world catastrophe, the price of which you know well. Numerous temptations, which you will be faced with, shouldn’t stop you as well: you will have to get over your desires to sleep, to stare at girls, or to drink all alcohol supplies. Remember, you main goal is to Change The Final!

Hands-On Lab of PHDays 2012: from Wi-Fi Networks Protection to SAP and Web 2.0 Security

Is it possible to hack a computer via a mouse, keypad or printer? How secure is Android? What an ethical hacker should know? Is it difficult to catch a cybercriminal? Is HTML 5 secure? You may keep wondering, but it’s much wiser to partake in Hands-on Lab at Positive Hack Days 2012 and get answers to all these questions.

dvCTF 2012 in Vladivostok as Part of PHDays Everywhere

We have recently reported that  Vladivostok,Yekaterinburg, Kaliningrad, Kiev, Samara, Taganrog, Khabarovsk, as well as Tunis (Tunisia) and Kollam (India) already joined PHDays Everywhere.

The latest big news: as part of PHDays Everywhere, Far Eastern Federal University (Vladivostok) is organizing dvCTF 2012, a student team competition in the CTF task based format. Anybodycan partake in the competition! Build a team, complete the tasks, outpace competitors and obtain valuable prizes!

Rules of the Hack2Own Competition at PHDays 2012

There’s little time left before Positive Hack Days 2012. Online competitions, which raffle off invitations to the forum, are in full swing. Yet, the most interesting events will happen at the forum’s platform in the Digital October Center. A legendary competition Hack2Own will be one of the highlights of the program.

In 2011 the of Hack2Own winners were Nikita Tarakanov and Alexander Bazhanyuk, representatives of the CISSRT team, who demonstrated 0day vulnerability (CVE-2011-0222) in the latest version of Safari (Internet browser) for Windows and took the first prize, namely, a laptop and 50,000 rubles. This year the budget of the competition has been significantly increased up to 20,000 $. The winners will have enough money to fill the new cases with :)

This competition is divided into three categories: exploitation of web browser vulnerabilities, exploitation of kernel vulnerabilities, and exploitation of vulnerabilities in mobile devices. Detailed rules of participation are under the cut.

DIY Hackspace

Interested in information security? Want to know more about cybercrime, protection against DDoS, security of very important applications, SCADA and ERP systems? There are no interesting conferences in your city in the nearest future and you can’t make it to Positive Hack Days 2012 for some reason?

Don’t get frustrated! First of all there must be a place in your city where hackers usually hang about. A videoconference may be organized there so that all willing people can remotely participate in the forum, hang out with so-called colleagues and warm up their brains fighting with other hackers. The list of such spots in different cities is available on the official site of PHDays 2012

Vladivostok, Yekaterinburg, Kaliningrad, Kiev, Samara, Taganrog, Khabarovsk, as well as Tunis (Tunisia) and Kollam (India) have already joined us. For those who will be in Moscow during PHDays, Neuron Hackspace will be open 24 hours a day.

If your city is not the list, welcome under the cut!

Hackers vs. Forensics — 1:0 for the Black Hats?

We have already written that two competitions taking place at the moment enable contestants to gain invitations to the Positive Hack Days 2012 forum — Blow up the Town and Hackers vs. Forensics. The winners of the competitions will get tickets to PHDays (1st place — 5 tickets, 2nd place — 3 tickets, 3rd place — 2 tickets).

The forum enjoys great popularity — the registration that took place on May 14 was closed in 8 minutes when the maximum number of participants was achieved. That means that extra invitations will certainly be of use.

Online Battling at PHDays 2012

If by any reason you do not get into the participant list of Positive Hack Days 2012 or cannot visit Digital October Center, the forum’s platform, on May 30 and 31, you still have an opportunity to participate in this event. Join the online battle with competitors from all over the world at Positive Hack Days 2012! Description and participation terms are under the cut.

What to Take Along to PHDays? Competitions on the Forum Platform

You will have a possibility to listen to reports of famous information security experts and young researches, participate in workshops and master classes, watch CTF hackers’ epic battle on May 30—31 in Moscow at the Positive Hack Days forum. But that’s not the half of it! You will be able to challenge the heroes of hack battles and prove to be a member of the hacking elite. The list of competitions that will take place in the Digital October Center during Positive Hack Days 2012 is under the cut.

PHDays Registration Starts This Noon

Please note, that the number of participants is strictly limited. The registration will close when the maximum number of participants is reached — presumably, in a couple of minutes after the registration start, so not everyone will be able to gain invitations for PHDays. 

The sooner you register, the more likely you are to get an invitation. You can do it today, on May 14, from 12 a.m. on the forum’s website.

Moscow will host the Positive Hack Days 2012 information security forum on May 30 and 31. The event features reports of international information security superstars (Bruce Schneier alone counts for a lot!), hacking competitions for all comers, and a sea of tequila! Don’t miss it!

Why it is impossible to comply with Russian private data protection law?

Mikhail Emelyannikov's report announcement

The law of the Russian Federation on personal data has been applied for five years already and it is obvious that the law’s current wording cannot help to gain its primary objective – to protect the rights and freedoms of citizens when their personal data is processed, including the right to privacy, to personal and family secrets.

The law defines formalities for all operators and along with the Administrative Violations Code provides for equal responsibility both for a company disclosed personal data of million people and for a company avoiding such incidents but ignoring any obligatory formality – either of public policy or of the use of certified information security tools. The law is not applicable to digital world or ecommerce, in everyday life or when performing almost any action for the benefit of third parties (for example, when buying an aircraft ticket for family members or friends, or calling a doctor by phone).

The reporter will analyze the law’s system problems and offer ways of its radical change.

Hack for Ticket or How to Get at PHDays

As we reported, registration for the information security forum Positive Hack Days 2012 starts at noon on May 14th. It’s a good piece of news for those who are willing to visit the event, but there is a question: how long will the registration last? We suppose it will be closed in a few minutes after the start when the maximum number of participants is gathered. If you’re sure you’ll be among those lucky persons, then you are welcome. And for those who want to secure themselves, there are two methods to ensure an invitation under the cut.

Our contribution to the cyber security of Japan

NHK (Japan broadcasting corporation), one of the largest TV companies in the world, has published an explicit article about the Positive Hack Days forum opening on May 30, 2012.

The author of the article points out the lack of information security specialists and necessity of ethical hackers in Japan. Participation of local students in such contests as PHDays 2012 Capture the Flag is specified as a way out of Japanese cyber security crisis.

The Show Won’t Go On

Among the most amusing competitions of the last year’s Positive Hack Days 2011, there was Safecracker, which offered the participants a course on lock picking and a chance to try their newly acquired skills. The winners got keepsakes and gained universal recognition. As for the tools, we used those from our home collections.

Last year (RUS )the competition had a tremendous success. The prizes went to (RUS) Gleb Shepelov, Vitaliy Glinsky and Kirill Tyurin. Working on the program for Positive Hack Days 2012, we were quite positive about what competition would blow the forum. However, this time everything turned out to be different: the Laws of the Russian Federation made some adjustments to our plans... The details are under the cut.

PHDays Young School Finalists Decided

Got tired of waiting for new Brins and Kasperskys in Russia? Frankly speaking, we did. To find out the state of academic IT-security science in Russia, we announced a competition for young scientists who make researches in this field. The competition started a couple of months before the PHDays. This week, the finalists have been decided.

The program committee of the competition, which was composed of representatives of leading IT companies (Microsoft, Yandex, etc.), educational and scientific institutions (MSU, MEPI, SPIIRAS) and core publications (Hacker Magazine), considered 19 applications and selected 7 most interesting reports. The finals of PHDays Young School will host youngsters from educational institutions of Moscow, Krasnoyarsk, Novosibirsk, Saint Petersburg and Taganrog, who will compete for the main prize on May 31.

Registration for PHDays starts May 14, at midday

Please, note: the number of places is limited. Set your reminders for May's second Tuesday, 12:00 am. The faster you get registered, the higher are your chances to be among the invitees.

PHDays will give you an opportunity to hack anything you see, chat with Bruce Schneier, and wash down failures with free tequila. The registration procedure will be published soon. Stay tuned!

P.S. A note for late-risers: don't oversleep ;)

The Author of John the Ripper Will Speak at PHDays 2012

In 1996, Alexander Peslyak (aka Solar Designer) created a program called John the Ripper. This cross-platform utility designed to analyze password strength has become one of the top 10 popular software in the field of information security, while the program's site has been visited by 15 million people.

Besides, Alexander is a founder of the Openwall project and a leading developer of Openwall GNU/Linux (Owl) a highly secured operating system.

In 2009, Alexander was awarded with the Lifetime Achievement Award at Black Hat, a highly recognized conference on information security.

At PHDays 2012, the master of bruteforce will present his report titled Password security: past, present, future. In his presentation, he will discuss issues of password protection and speak of history and near-term prospects of the authentication technolog.

The Call for Papers Is Finished!

The applications for report presentation at PHDays 2012 have been successfully collected. In a week, we will post a draft program of presentations.

The best IS experts will join us to present very serious topics. At present, we are processing the last applications. The waiting is almost over!