You know how to search vulnerabilities and want to participate, don't you?
Make your own team, submit an application, and go ahead!
The plot is the key point
There are several reasons why it is interesting to partake in PHDays CTF. A new script is devised for each competition. Hackers do not only hunt flags but become participants of a reality show reminding of an involving computer game. It was required to protect a SCADA system controlling an alternative energy source named Monolith at the first PHDays CTF. The second PHDays was aimed at protecting the Earth suffered from genetic experiments (for the legends of the first and the second days see the forum's blog). The participants of PHDays III CTF will find themselves in new surroundings, where they will have to use their specific knowledge so important in emergency.
The conditions of PHDays CTF Quals, as opposed to many other competitions of the kind, are as close to real life as possible: all the vulnerabilities are not fictional, but indeed occur on present-day information systems. Contest topics cover all urgent issues and spheres of information security.
The CTF participants will try their hands at security assessment, vulnerabilities detection/exploitation, and fulfilling reverse engineering tasks.
The organizers try to include all current tendencies, which are of interest to the hacking and IS community: web security, operating systems, SCADA, ERP, mobile applications.
Constant changes are a peculiar feature of this CTF. For example, PHDays CTF 2012 provided the participants with an opportunity to attack and hold control over services as part of the competition King of the Hill for the first time. The longer you hold control, the larger your score.
Internet support is always up to date — it is evident that not everyone can visit a forum. When PHDays CTF 2012 was over, the Internet participants were provided with access to the King of the Hill infrastructure. The online contest was held from August 20 to September 3, 2012. 200 participants were registered, and only seven of them managed to earn points.
The $natch competition held on the second day of PHDays 2012 exemplified actual IS problems in a game. The organizers had developed a test remote banking system and included typical errors of such products in it. The CTF teams were required to protect the I-bank systems having only four hours to search and fix vulnerabilities. Internet users partaking in Online HackQuest were the hackers in this competition.
Entertainment is a weak point of the competitions based on the CTF principle. However, PHDays was boring neither for children nor for journalists. Bonus entertaining contests were the secret. First of all, it was a huge paper dumpster containing additional flags. Second, taking control over a quadcopter AR.Drone.
Money prize is not the least competitive factor. All the participants of PHDays CTF receives valuable prizes by tradition, and the winners of CTF 2012 shared 300,000 rubles.
CTF is also a major part of PHDays, and PHDays is good music, tasty food, and free alcohol ;)
Сontestants about PHD CTF 2012
CTF 2012 brought together specialists from 11 countries. General opinion: none of the participants remained indifferent.
PHDays is a well organized conference with a large number of events held simultaneously including such a famous contest as "Too drunk to hack", in which a member of our team took the second place.
CTF is cool. We had a great time.
Good job. An example for other conferences to follow.
Recipe to win
There is no universal method to win PHDays CTF, but we, having assessed PHDays CTF 2012 very thoroughly, detected some mechanisms used by the leading teams to succeed.
For instance, the PPP participants (USA) were not only the first to find a vulnerability in the competitive services but to write a code automating its exploitation. Log analysis showed that they followed this tactics during the whole CTF — the flags were entered into the system with difference of no more than 2 seconds. The same tactics was used by C.o.P. and Leet More.
The Leet More team from Russia became the winner, they were awarded with 150,000 rubles, the second prize (100,000 rubles) was taken by 0daysober from Switzerland, and the third prize (50,000 rubles) went to the Spanish team Int3pids. The rules for point calculation were developed in such a way so that the teams unable to solve the tasks of the same type could compensate the gap and keep winning chances by solving other tasks. The teams needed to be active dealing with all the infrastructures not to lose the lead and win the competition. Everything as in real life — outsiders should not get into despair, and leaders should not get above themselves.
PHDays CTF 2012 was well balanced to make it as entertaining as possible and keep up the interest not only of its participants but of the audience as well throughout two days and a night.
The CTF winner, the Leet More team, lost to PPP by the points scored in classic CTF and to Int3pids in the contest of the shared infrastructure, but the points earned in the tasks of the King of the Hill infrastructure brought the team to the leading position in the overall rating. At the same time C.o.P. and Eindbazen were in the top three on the basis of the score for the shared infrastructure tasks, but couldn't enter the overall top list at the end of the competition.
The King of the Hill infrastructure, which played a lead role in the determination of the winner, was the climax of the competition. One more crucial point of the competition was a task in which the teams had to protect their bank accounts. This contest allowed the Internet participants from all over the world to affect the CTF results.
A large-scale analytical report on PHDays CTF 2012 is available here.
How to join PHDays CTF III?
The registration for the quals starts on the 28th of November and finishes on the 17th of December, 2012. PHDays CTF Quals will take place from 10 a.m. of the 15th of December till 10 a.m. of the 17th of December, 2012 (Moscow time).
The main contest will take place on May 22-23, 2013 in Moscow during the third international information security forum Positive Hack Days.
You can learn more about PHDays CTF Quals and register by following the link: http://quals.phdays.com.