How much does it take to hack a mobile network?
Is electronic government secure
in the era of WikiLeaks and Anonymous?

Is SCADA hacking a Hollywood fiction
or the nowadays reality?
Internet banking: is there any chance to win
over the fraudsters?

Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?

Pages

Monday, August 20, 2012

Positive Hack Days CTF vol.2

During the Capture The Flag hacking contest at PHDays 2012 twelve teams from ten countries have been attacking the networks of other teams and protecting their own networks for two days and one night non-stop. The conditions were as close to real life as possible – no invented vulnerabilities, only those that occur in real contemporary information systems.

The infrastructure for the hacking battle was organized according to the principle of the King of the Hill game: the points were given not only for successful attacks against the systems, but also for keeping control over the systems, which made the contest more intriguing.

The contest became the highlight of the forum program, that is why an idea came to our minds… Why not to repeat the ‘royal battle’ separately for the Internet community, let us say, in the second half of August? The details are under the cut.

When?

Everybody is welcome to try on the crown during the King of the Hill contest from the 20 August to 2 of September.
The cause for organizing the online battle is two hacking forums — in India and in Kaliningrad. From August 16 to 19 the experts of the Positive Technologies company at the SecurIT 2012 hacking forum in India remotely carried out a workshop about the $natch contest. Also, from August 24 to 27 BaltCTF [ru] in Kaliningrad will welcome its guests. Participating in King of the Hill will give members of the of Internet community an opportunity to challenge professional hacker teams from France, Germany, Tunisia, Netherlands, and Russia.

How to Take Part?

To try to repeat the feats of the CTF battle participants and fight for the prizes provided by Positive Technologies, please register at the official web site.
The detail of the King of the Hill contest is available at the http://phdays.com/ctf/rules.

What is King of the Hill?

Following the principle maximum authenticity, the contest infrastructure imitates typical infrastructure of enterprise networks: its external perimeter includes web applications, DBMS servers and various directories (LDAP), taking control of which allows reaching the internal perimeter – Microsoft Active Directory. Everything is like in real life.


The task of the participants of King of the Hill is to detect vulnerabilities of the systems, exploit them and, the most important of all, keep control over the systems as long as it is possible. The trick is in regeneration of the sets of vulnerabilities in the systems. The participants face a dilemma — whether to try to attack the neighboring systems or to proceed with vulnerability detection on the systems which are under control already

As in real life, the largest number of points is given for keeping control over Active Directory, since attacking AD requires keeping control over first level systems.

The King of the Hill contest was developed by the Positive Technologies experts and was presented for the first time at PHDays CTF 2012 as part of the hacking contest.

No comments:

Post a Comment