What to Take Along to PHDays? Competitions on the Forum Platform

You will have a possibility to listen to reports of famous information security experts and young researches, participate in workshops and master classes, watch CTF hackers’ epic battle on May 30—31 in Moscow at the Positive Hack Days forum. But that’s not the half of it! You will be able to challenge the heroes of hack battles and prove to be a member of the hacking elite. The list of competitions that will take place in the Digital October Center during Positive Hack Days 2012 is under the cut.


Attention! Please take along a laptop to participate in the following competitions.

Hack2own

The participants of the competition should demonstrate their exploits (each participant gets three attempts to attack). The competition is divided into three categories: exploitation of vulnerabilities in a browser, in mobile devices, and exploitation of kernel vulnerabilities.

All the preregistered specialists can participate in the competition. Please send your applications to phdcontests@ptsecurity.ru (the last day of registration is May 28, 2012).

If a competitor cannot attend the forum in person, the organizers of the forum may demonstrate the exploit on behalf of the author by pervious agreement.

In 2011, the winners of the Hack2own competition were Nikita Tarakanov and Alexander Bazhanyuk, representatives of the CISSRT team, who demonstrated 0day vulnerability (CVE-2011-0222) in the latest version of Safari (Internet browser) for Windows and took the first prize, namely a laptop and 50,000 rubles. Description of the detected vulnerability was forwarded to Apple. A few days later the manufacturer acknowledged the problem.

The copyright on the programs and techniques used at the forum belong fully to their author and are not transferred to the forum organizer.

Too Drunk to Hack NG

The competitors should successfully hack a web application protected by a Web Application Firewall (WAF). The web application, in turn, contains a limited number of vulnerabilities, consecutive exploitation of which allows executing OS commands.

The whole competition takes 30 minutes. Every 5 minutes the competitors whose actions caused a more frequent WAF reaction are offered 50 g of a strong drink to proceed with the competition.

The winner is the first who manages to capture the principal game flag on the stage of executing OS commands on the server. Vladimir Vorontsov, an expert of onsec.ru security (after six attempts he managed to find all necessary vulnerabilities), won this competition last year.

Fox Hunting NG

The participants should detect 802.11 a/b/g/n wireless access point with a pre-defined ESSID or crack the WPA-PSK encrypted password used for access to the wireless network. The access point location will change with time.

To become a winner a participant must accomplish at least one of the tasks:

• to become the first who detects the exact coordinates of the current wireless access point location and to inform the organizers about it;
• to become the first who cracks the password of the access point and to inform the organizers about it.

You’ll need creative skills and will to win in addition to laptops (or instead of them) to partake in this competition :)

Don’t copy that floppy

The participant will have to find information media (floppy disks of various types) hidden by the organizers. Moreover, they will have to find a way to read the data stored on the floppies. The floppies can be anywhere: on a wall or behind a column, under a table or on a chair back, or just lying somewhere on the floor in the corner.

The collected media and the read information (in any form that allows identifying the stored data) must be submitted to the organizers in the contest area. A participant who will manage to find and read the largest number of floppies wins. The winner will be decided on the second day of the forum.

2600

The participants will be asked to first call a predefined number from an authentic soviet telephone using tokens as the means of payment and then extract the used token and give it back to the jury. The contest results will be announced on the second day of the forum. The winner will be selected basing on how fancy the used extraction method was.

Competitors are prohibited from performing any actions that may damage the competition telephone!

$natch

The competition allows the participants to check their knowledge and skills in exploiting typical vulnerabilities in online banking system web services. The competition tasks will include actual vulnerabilities of Internet banking applications detected by Positive Technologies specialists while analyzing security of such systems.

The contest is held in two stages. At first the participants are provided with copies of virtual machines containing vulnerable web services of an online banking system (an analogue of an actual Internet banking system). The participants should detect vulnerabilities in the system within a specified period of time. At the second stage the participants are to exploit these vulnerabilities for unauthorized money withdrawal within a limited time.

Following the results of the contest each participant gets a monetary reward equaling to the amount of money stolen from the game Internet bank service.

Big Shot

A participant is given a photo of a person and a number of statements that characterize this person. (The person is one of the attendees of the forum). The participant’s goal is to identify the person and make certain actions according to the task, for example, to get the person's business card or to take a photo of the both from a specified angle. The winner is a participant who will cope with the largest number of tasks for the shortest period of time. The results will be summed up on the second day of the forum.

The participation requires such qualities as determination, excellent social skills and charisma. Neuro-linguistic programming skills at level 137 are an advantage :)

Hack the RFID

The participants will be provided with two stationary boxes under locks controlled by RFID readers. The corresponding RFID tags will be attached at a distance from the readers so that it is impossible to unlock the boxes directly with these tags. The participants will be invited to open one or both boxes and take the prizes from within.

Hack-T-Shirts

Every forum attendee has an opportunity to stand out of competitors and colleagues putting on his or her own ‘hack-t-shirt’ which he or she considers the most interesting or funny, stylish or amusing. Special agents on the part of the PHDays organizers will take photos of all participants wishing to partake in this competition. The winner will be declared on the second forum day.

Positive Technologies (the PHDays organizers) and the sponsors of the forum provide prizes and gifts for the competition. The full list of competitions is available on the official web site of Positive Hack Days 2012.

As you can see all participants will have a chance to prove themselves. See you at Positive Hack Days 2012!