How much does it take to hack a mobile network?
Is electronic government secure
in the era of WikiLeaks and Anonymous?

Is SCADA hacking a Hollywood fiction
or the nowadays reality?
Internet banking: is there any chance to win
over the fraudsters?

Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?

Pages

Thursday, June 14, 2012

Positive Hack Days CTF 2012 – The Way It Was


The battle between hackers based on the Capture The Flag model has become the star turn of the PHDays 2012 program: for two days and a night non-stop 12 teams from 10 countries were breaking rival networks and protecting theirs.

PHDays CTF conditions, unlike those of other contests of this kind, were as real as possible: the vulnerabilities used for the competition are common for modern information systems. Besides, the participants were allowed to take blind actions when solving the tasks. In other words, they could attack systems that they had no access to. The most curious feature of PHDays CTF 2012 was the King-of-the-Hill scheme used at the heart of the contest. According to the logic of this scheme, a team scored not only for having captured a system, but for having held it down as well.

For the conditions to be as real as possible, the King-of-the-Hill scheme copied a typical arrangement of enterprise networks: the external perimeter was made of web applications, DBMS servers, and various catalogs (LDAP) and, if penetrated, gave access to the internal perimeter – Microsoft Active Directory. Everything was the way it is in real life.

The Show

To add a special flavor to the competitions, we prepared a game infrastructure and were modifying it throughout the CTF according to a single plot line. So, the participants were not only to complete tasks faster than their competitors, but to save the world! (For the legends of Day 1 and Day 2, visit the forum’s blog).

Besides, this time the show was spiced with an element of a reality show: random visitors were given cards with bonus keys that they could present to their favorite team at the end of the second day.

Challenges

The competitions were not only about “pure” hacking. In the lobby of Digital October, the organizers mounted an enormous container with “litter”. The CTF contest required the teams to dive into the container (dumpster) and find bonus keys (flags). Each team had 30 minutes to do the Dumpster Diving.


The second day of Positive Hack Days prepared new surprises for the CTF participants. First, they had to take over an aircraft AR.Drone operated with a mobile phone via an insecure wireless connection. The contestants had 30 minutes to win the competition.

The weather on the 31st day of May was not quite warm and sunny, so the Drones were launched indoors, right next to the dumpster.


Not only did the winner score extra points to their team, but took the drone home as a prize. The quadrocopters went to Sergey Azovskov from HackerDom (Russia) and Matt Dickoff from PPP (the USA).

Yet, there was even more to come. The Way To Protect Money section offered the $natch competition composed of three parts. The first one required participants to take out money from a remote banking system specially developed for this occasion. The second part was meant for the CTF teams, who had four hours to enhance the security of the banking system. Finally, contestants of the online HackQuest joined the game to attack the system and steal the money from bank accounts of the CTF teams (for details, read our blog entry).


The CTF contestants managed to win the battle and save almost all their money.

Results

The best team of Positive Hack Days CTF 2012 proved to be LeetMore (Russia). Last year they were second, but this time they gave no chances to their rivals and took the main prize – 150,000 rubles. The second place was taken by a Swiss team, 0daysober (100,000 rubles), followed by Int3pids from Spain (50,000 rubles). Last year’s favorite PPP (the USA) became the fourth. The final results are provided in the table below:



Tachikoma from Japan deserves a special mentioning. The team was comprised of students of four Japanese universities who participated in such a contest for the first time. The whole country was cheering for the guys, and they did a good job for novices.

0-day

The CTF wars helped to reveal a few quite interesting vulnerabilities. For example, the LeetMore contestants detected a 0-day in the FreeBSD 8.3 release (a local vulnerability that allows bypassing security restrictions). By exploiting this vulnerability, anyone could have broken the security mechanism and deleted the flags of other participants. However, everyone played fair :)

Another vulnerability was found by Eindbazen (the Netherlands). They discovered a vector of XSS attack on the King of the Hill. Since this web attack had not been foreseen by the CTF authors, this vulnerability can be considered as a 0-day.

Defcon: Greetings from Moscow

Unfortunately, Defcon refused to put off its CTF qualifications. It’s quite understandable that, having fought in PHDays for two days non-stop, 12 best teams were physically incapable of taking part in the qualifications: some of them were on their way back home; others were literally exhausted.
The teams, inspired by PPP (who have a really good sense of humor), took quite a suggestive photo as their response to Defcon:


Anyway, everything was great! We’ll do our best to make PHDays CTF even more exciting in future!

P. S. For those who are interested, the full version of the CTF legend (text+video) and links to feedbacks on the forum can be found in a personal blog of one of the organizers.

47 comments:

  1. Some information on how to write good book report you can find at this site. I think that you should check it out as soon as possible

    ReplyDelete
  2. Thanks for sharing.I found a lot of interesting information here. A really good post, very thankful and hopeful that you will write many more posts like this one.
    https://notepad.software/
    https://vidmate.onl/download/
    https://filezilla.software/

    ReplyDelete
  3. Are you tired of paying a lot of money for research papers help? We offer the Write My Research Papers and other custom writing services, certified to be top-notch quality for the best results.

    ReplyDelete
  4. ketika pria sudah tidak bisa lagi memberi kepuasan maka yang dikhawatirkan wanita akan merasakan kebosanan jika kejadian seperti itu tidak segera diatasi, oleh karena itu levitra asli 100 mg cod bandung bisa menjadi solusi pasutri yang ingin mencapai kepuasan dalam bercinta. levitra asli 100 mg cod di jakarta barat adalah tablet mungil yang berasal dari bayer sangat bermanfaat bagi pria yang ingin memperbaiki ereksi agar bisa mencapai klimaks baca disini . wanita butuh hubungan yang lama agar libidonya bisa terangsang sampai puncak klimaks. procomil spray sangat cocok untuk mengatasi ejakulasi dini pria ketika sedang berhubungan badan. vitamale adalah obat kuat bpom yang dibuat diindonesia berguna untuk memelihara stamina pria agar tetap kuat saat diranjang klik web . banyak pria yang mencari vimax spray untuk memuaskan pasangan mereka supaya tidak cepat keluar sperma waktu sedang berhubungan.

    ReplyDelete
  5. Very useful content for match. I also share with you
    King Cinema For PC

    ReplyDelete
  6. It is important for theology & religion writing service students to seek Religion & Theology Research Writing Services from a reputable theology & religion research paper service provider for their custom theology & religion assignment writing services.

    ReplyDelete
  7. Magix PC Check & Tuning Download Free Crack: It lets you scan your hard drive for unwanted duplicate files such as photos or music and video files.
    It provides a clear definition of your computer system and allows you to extract stupid data quickly and easily.
    Download it free from here:
    https://softserialskey.com/magix-pc-check-tuning-crack/

    ReplyDelete
  8. We absolutely love your blog and find nearly all of your post's to be exactly what I'm looking for. Would you offer guest writers to write content available for you? I wouldn't mind composing a post or elaborating on a few of the subjects you write regarding here. Again, awesome web log!2021 diary singapore

    ReplyDelete
  9. Hi there, simply become aware of your weblog thru Google, and found that it's really informative. I’m going to watch out for brussels. I will appreciate for those who continue this in future. Lots of folks can be benefited from your writing. Cheers!LEW

    ReplyDelete
  10. Hey there! This is my first comment here so I just wanted to give a quick shout out and tell you I genuinely enjoy reading through your blog posts. Can you suggest any other blogs/websites/forums that cover the same subjects? Appreciate it!authorised money lender Singapore

    ReplyDelete
    Replies
    1. When my grandfather and grandmother died, they left me an inheritance, a lot of money and a house, it is difficult to divide it if there is no good lawyer, ignorance of the law and not only, but we found a certain office, about which I heard many good reviews, but I would like to recommend it to you because they work very quickly and efficiently.

      Delete
  11. Positive site, where did u think of the data on this posting? I'm satisfied I found it however, sick be inquiring soon to figure out what extra posts you incorporate. 스포츠토토

    ReplyDelete
  12. Thanks for your post. I’ve been thinking about writing a very comparable post over the last couple of weeks, I’ll probably keep it short and sweet and link to this instead if thats cool. Thanks. 카지노사이트

    ReplyDelete
  13. Excellent article. Very interesting to read. I really love to read such a nice article. Thanks! keep rocking. 파워볼

    ReplyDelete
  14. I’m truly enjoying the design and layout of your website. It’s a very easy on the eyes which makes it much more enjoyable for me to come here and visit more often. Did you hire out a developer to create your theme? Fantastic work! 온라인카지노

    ReplyDelete
  15. Toward the finish of the McAlister’s Deli Survey, you will get an energizing chance to get a Free Coupon Code to reclaim the offers like Free Tea, Free Nacho Basket, BOGO Offer, Free Meal. Talktomcalisters

    ReplyDelete
  16. 토토 Thank you so much for ding the impressive job here, everyone will surely like your post.

    ReplyDelete
  17. 섯다 Keep up the good writing. please visit our beautiful website, spread the love, thankyou!

    ReplyDelete
  18. My partner and I stumbled over here coming from a different website and thought I may as well
    check things out. I like what I see so now i'm following
    you. Look forward to exploring your web page again. 출장안마



    ReplyDelete
  19. Usually I never comment on blogs but your article is so convincing that I never stop myself to say something about it. 카지노사이트 You’re doing a great job Man, Keep it up

    ReplyDelete
  20. 카지노사이트 It's awesome designed for me to have a web site, which is helpful designed for my knowledge. thanks admin

    ReplyDelete
  21. 토토 It’s actually a nice and useful piece of information.
    I am glad that you simply shared this helpful information with us.
    Please stay us up to date like this. Thanks for sharing.

    ReplyDelete
  22. It is really a great and helpful piece of information. I?¦m happy that you just shared this helpful information with us. 파워볼게임

    ReplyDelete
  23. Incredible points. Outstanding arguments. Keep up the
    great spirit. 경마

    ReplyDelete
  24. I really like and appreciate your article.Really thank you! Keep writing. 슬롯머신

    ReplyDelete
  25. Good post, thanks for sharing.. very useful for me, I will bookmark this for my future needs. 스포츠토토

    ReplyDelete
  26. It’s so good and so awesome. I am just amazed. I 온라인카지노hope that you continue to do your work like this in the future also.

    ReplyDelete
  27. Great blog article. Really looking카지노사이트 forward to read more.

    ReplyDelete
  28. Its an amazing website, I really enjoy 토토reading your articles.

    ReplyDelete
  29. it’s awesome and I found this바카라사이트 one informative

    ReplyDelete
  30. Thanks for great information. I have learn several good stuff here. 카지노사이트

    ReplyDelete
  31. Definitely worth bookmarking for revisiting.더킹카지노

    ReplyDelete
  32. Thanks for sharing such a good opinion, post is nice,
    thats why i have read it completely. オンラインパチンコ


    ReplyDelete
  33. Thanks to my father who shared with me concerning this website, this web site is truly amazing.

    Here is my web site - 부산오피


    ReplyDelete
  34. Nice and very unique post…help for me…. Thank you very much… 카지노사이트

    ReplyDelete
  35. The ability to work from anywhere with an internet connection provides me with greater flexibility while traveling, whether it be to visit family, travel to watch my favorite sports on TV. I’m looking for this kind of flexibilty. 바카라사이트

    ReplyDelete
  36. 스포츠토토 I like this website very much, Its a rattling nice position to read and get information.

    ReplyDelete
  37. Say, you got a nice article .Really thank you! Fantastic. 스포츠토토

    ReplyDelete
  38. I saw your article well. You seem to enjoy 토토사이트추천 for some reason. We can help you enjoy more fun. Welcome anytime :-)

    ReplyDelete
  39. Hello to all, how is everything, I think every one is
    getting more from this site, and your views are good for new visitors.강남오피


    ReplyDelete
  40. Wow, I believe the viewers are extremely touched by your writing. I am extremely touched by your writing. I am extremely interested as well as envious of exactly how you compose such an excellent writing. Your handwriting resembles a renowned author, as well as I believed I would certainly attempt to compose like you. Many thanks. 바카라사이트

    ReplyDelete
  41. It's too bad to check your article late. I wonder what it would be if we met a little faster. I want to exchange a little more, but please visit my site 메이저토토사이트 and leave a message!!

    ReplyDelete
  42. That's an excellent publishing. You compose based upon different subjects. I'm working with creating numerous type of composing like you. I obtained an ideas from your writing. Thanks to you, my issue has actually been solved. Thanks. I will certainly connect my websites and also wait on your see. 카지노사이트

    ReplyDelete
  43. I was impressed by your writing. Your writing is impressive. I want to write like you.스포츠토토사이트 I hope you can read my post and let me know what to modify. My writing is in I would like you to visit my blog.

    ReplyDelete
  44. Fabulous post, you have denoted out some fantastic points, I likewise think this s a very wonderful website. I will visit again for more quality contents and also, recommend this site to all. Thanks. 토토사이트추천

    ReplyDelete
  45. I think this is a really good article. You make this information interesting and
    engaging. You give readers a lot to think about and I appreciate that kind of writing.사설토토검증

    ReplyDelete