How much does it take to hack a mobile network?
Is electronic government secure
in the era of WikiLeaks and Anonymous?

Is SCADA hacking a Hollywood fiction
or the nowadays reality?
Internet banking: is there any chance to win
over the fraudsters?

Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?


Wednesday, June 27, 2012

Show Me the Money! The $natch Competition at PHDays 2012

The visitors of the Positive Hack Days 2012, which took place in the Digital October Center, not only had a chance to listen to reports by information security professionals or watch the epic CTF battle, but take part in discussions over important industry issues at specialized sections.

Among such discussion platforms, there was a section called How to Protect Money, moderated by Artem Sychev (Head of Information Security Department, Rosselkhoznamk). Along with theory – discussions over the security challenges of the banking sector, – the section offered a practical task: the $natch competition. The competition tried out participants’ skills of exploitation of typical remote banking vulnerabilities, rather logic than web ones.

Friday, June 22, 2012

For those who missed the PHDays CTF 2012 legend...

Presentations from Positive Hack Days 2012 Published

It's finally happened! When videos of reports and hands-on-labs from Positive Hack Days were published, we decided to move on. So now you have an opportunity to view presentations of the forum’s reports.
For your convenience we provide links not only to the slides but to the videos of the reports as well (if they were made).

Thursday, June 21, 2012

PHDays Online HackQuest 2012 Is Over

Twenty days have passed since Positive Hack Days 2012, an international forum on practical security, wished goodbye to the visitors, but the echo of the words is still heard around. In particular, it tells about the Online HackQuest competition, which was on throughout the forum days on May 30 and 31 and carried on for two more weeks.

Any Internet user could take part in HackQuest. The participants were granted an access to a VPN gateway. Once connected, they were to find target systems and detect vulnerabilities in them. By exploiting the vulnerabilities, participants obtained access to a key (flag) in the MD5 format, which they were to send to the jury via a special form on their personal profiles. For each correct flag participants scored a corresponding number of points. A participant who totaled 100 points earlier than others won the competition.

Thursday, June 14, 2012

Positive Hack Days CTF 2012 – The Way It Was

The battle between hackers based on the Capture The Flag model has become the star turn of the PHDays 2012 program: for two days and a night non-stop 12 teams from 10 countries were breaking rival networks and protecting theirs.

PHDays CTF conditions, unlike those of other contests of this kind, were as real as possible: the vulnerabilities used for the competition are common for modern information systems. Besides, the participants were allowed to take blind actions when solving the tasks. In other words, they could attack systems that they had no access to. The most curious feature of PHDays CTF 2012 was the King-of-the-Hill scheme used at the heart of the contest. According to the logic of this scheme, a team scored not only for having captured a system, but for having held it down as well.

Friday, June 8, 2012

Available Video of Positive Hack Days 2012

On May 30-31 the Digital October Center threw its doors open for the international forum on practical security PHDays 2012. With a thousand and a half of people, the forum saw dozens of reports, hands-on-labs, large-scale CTF competitions, and a full contest schedule.

Now it can be officially declared that we managed to mix Internet community representatives, IS experts and hackers from different countries which made the whole event even more interesting.

As we have earlier promised, videos of the reports and hands-on-labs from PHDays 2012 are publicly available now. Among dozens of videos related to information security there is a report that can be compared with the world classics – the report of Bruce Schneier, a legendary cryptographer. Enjoy it!