How much does it take to hack a mobile network?
Is electronic government secure
in the era of WikiLeaks and Anonymous?

Is SCADA hacking a Hollywood fiction
or the nowadays reality?
Internet banking: is there any chance to win
over the fraudsters?

Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?


Wednesday, November 28, 2012

PHDays CTF Quals

From time to time information security experts meet at competitions held on the principle Capture the Flag to check who the best in protecting and attacking is. These contests are frequently compared with Formula 1 and attract attention more and more often.

You know how to search vulnerabilities and want to participate, don't you?

PHDays CTF Quals, the qualifying stage of the PHDays CTF international information security contest, starts in December. The chances are even — not only well-known teams but newcomers as well can try to win a ticket to the final stage of the hacking battle. The finals will be held as part of the international forum Positive Hack Days III at the end of May 2013.

Make your own team, submit an application, and go ahead!

The plot is the key point

There are several reasons why it is interesting to partake in PHDays CTF. A new script is devised for each competition. Hackers do not only hunt flags but become participants of a reality show reminding of an involving computer game. It was required to protect a SCADA system controlling an alternative energy source named Monolith at the first PHDays CTF. The second PHDays was aimed at protecting the Earth suffered from genetic experiments (for the legends of the first and the second days see the forum's blog). The participants of PHDays III CTF will find themselves in new surroundings, where they will have to use their specific knowledge so important in emergency.

The conditions of PHDays CTF Quals, as opposed to many other competitions of the kind, are as close to real life as possible: all the vulnerabilities are not fictional, but indeed occur on present-day information systems. Contest topics cover all urgent issues and spheres of information security.

A layout of the game infrastructure of the first day

The CTF participants will try their hands at security assessment, vulnerabilities detection/exploitation, and fulfilling reverse engineering tasks.

A layout of the game infrastructure of the second day

The organizers try to include all current tendencies, which are of interest to the hacking and IS community: web security, operating systems, SCADA, ERP, mobile applications.

Constant changes are a peculiar feature of this CTF. For example, PHDays CTF 2012 provided the participants with an opportunity to attack and hold control over services as part of the competition King of the Hill for the first time. The longer you hold control, the larger your score.

Internet support is always up to date — it is evident that not everyone can visit a forum. When PHDays CTF 2012 was over, the Internet participants were provided with access to the King of the Hill infrastructure. The online contest was held from August 20 to September 3, 2012. 200 participants were registered, and only seven of them managed to earn points.

Point distribution for the King of the Hill contest held online

The $natch competition held on the second day of PHDays 2012 exemplified actual IS problems in a game. The organizers had developed a test remote banking system and included typical errors of such products in it. The CTF teams were required to protect the I-bank systems having only four hours to search and fix vulnerabilities. Internet users partaking in Online HackQuest were the hackers in this competition.

Entertainment is a weak point of the competitions based on the CTF principle. However, PHDays was boring neither for children nor for journalists. Bonus entertaining contests were the secret. First of all, it was a huge paper dumpster containing additional flags. Second, taking control over a quadcopter AR.Drone.

Paper dumpster — 7 points per a flag

 150 points for taking control over an AR.Drone

Money prize is not the least competitive factor. All the participants of PHDays CTF receives valuable prizes by tradition, and the winners of CTF 2012 shared 300,000 rubles.

The Eindbazen team's commemorative trophies

CTF is also a major part of PHDays, and PHDays is good music, tasty food, and free alcohol ;)

The musical band Undervud closes PHDays 2012

–°ontestants about PHD CTF 2012

CTF 2012 brought together specialists from 11 countries. General opinion: none of the participants remained indifferent.

0daysober, CTF Team
PHDays is a well organized conference with a large number of events held simultaneously including such a famous contest as "Too drunk to hack", in which a member of our team took the second place.

Arvind S Raj, BIOS
CTF is cool. We had a great time.

Thijs Bosschert, Verizon Business
Good job. An example for other conferences to follow.

Other reviews.

Recipe to win

There is no universal method to win PHDays CTF, but we, having assessed PHDays CTF 2012 very thoroughly, detected some mechanisms used by the leading teams to succeed.

For instance, the PPP participants (USA) were not only the first to find a vulnerability in the competitive services but to write a code automating its exploitation. Log analysis showed that they followed this tactics during the whole CTF — the flags were entered into the system with difference of no more than 2 seconds. The same tactics was used by C.o.P. and Leet More.

The Leet More team from Russia became the winner, they were awarded with 150,000 rubles, the second prize (100,000 rubles) was taken by 0daysober from Switzerland, and the third prize (50,000 rubles) went to the Spanish team Int3pids. The rules for point calculation were developed in such a way so that the teams unable to solve the tasks of the same type could compensate the gap and keep winning chances by solving other tasks. The teams needed to be active dealing with all the infrastructures not to lose the lead and win the competition. Everything as in real life — outsiders should not get into despair, and leaders should not get above themselves.

PHDays CTF 2012 was well balanced to make it as entertaining as possible and keep up the interest not only of its participants but of the audience as well throughout two days and a night.

Leet More — the winners of CTF 2012

The CTF winner, the Leet More team, lost to PPP by the points scored in classic CTF and to Int3pids in the contest of the shared infrastructure, but the points earned in the tasks of the King of the Hill infrastructure brought the team to the leading position in the overall rating. At the same time C.o.P. and Eindbazen were in the top three on the basis of the score for the shared infrastructure tasks, but couldn't enter the overall top list at the end of the competition.

The King of the Hill infrastructure, which played a lead role in the determination of the winner, was the climax of the competition. One more crucial point of the competition was a task in which the teams had to protect their bank accounts. This contest allowed the Internet participants from all over the world to affect the CTF results.

 The total score of the teams at the end of the CTF contest (by the contest types)

A large-scale analytical report on PHDays CTF 2012 is available here.

How to join PHDays CTF III?

The registration for the quals starts on the 28th of November and finishes on the 17th of December, 2012. PHDays CTF Quals will take place from 10 a.m. of the 15th of December till 10 a.m. of the 17th of December, 2012 (Moscow time).

The main contest will take place on May 22-23, 2013 in Moscow during the third international information security forum Positive Hack Days.

You can learn more about PHDays CTF Quals and register by following the link:


  1. That you for the present the great culture in the world.

    1. Thanks for sharing. That's reality. And in the game, it will also be applied as a game mod to complete the game on: Download game mod apk

  2. The article you have shared here very awesome. here

  3. The information you share is very useful. click

  4. Thank you for sharing this very nice post awesome keep sharing.

  5. I use to write reflective essays about such contests using these advices So now I can give you my professional opinion.

  6. Thanks for sharing this great. Keep sharing more useful and conspicuous stuff like this. Thank you so much
    subway surfers

  7. You can leave all the stressful work to us so that we handle it for you and assure you of delivering excellent online Affordable Writing Services to you all the time in our research papers 247 company.

  8. I am glad that I saw this post. It is informative blog for us and we need this type of blog thanks for share this blog, Keep posting such instructional blogs and I am looking forward for your future posts.
    Cyber Security Projects for Final Year

    JavaScript Training in Chennai

    Project Centers in Chennai

    JavaScript Training in Chennai

  9. Nice blog. This article is very informative. Thanks for sharing such a useful info.

  10. for any business or any company security is an basic concern every one wants safety in their business for accounts details and records so with the help of Quickbooks you can create your accounts details and records online with safety and in case of an issue contact Quickbooks tech support and ask for Quickbooks assistance

  11. This design is steller! You most certainly know how to keep a reader amused. Between your wit and your videos, I was almost moved to start my own blog (well, almost...HaHa!) Fantastic job. I really enjoyed what you had to say, and more than that, how you presented it. Too cool! automated warehouse system

  12. talktowendys

    All the customers who successfully fill up the Survey form, one want to know the result of the survey. Winner of Wendy’s Survey can get 500$ in cash.

  13. Are you searching for the 2 in 1 laptop windows ? are one of the essential devices for performing numerous daily tasks. Laptop tablets are designed and manufactured for the same purpose.

  14. Amazon. It may be the first thing to do about each of your sakes.. They may be reliable to comprehend, And sometimes it means setting up this special activities inflammation of a joint. Twenty-four hours a day place your beautiful remarks with regards to wipeout of the earths, Internet rivalry along with atomic growth appropriate(Film production company basically includes in a final mention of the that work one).

    The universe email 10+ should be successful at knowing attempting to using New Jordan Shoes your camera Jordan Shoes For Sale handheld while well as along by having a tripod, And definately will group the exact shutter associated with suitably. An additional structure towards listen to was first contacted"Five pebbles" Possibly"Pentelithoi, The foregoing model is thought to Cheap Yeezys For Sale be have above all actually i've have you felt a ladies hobby perfectly as much like jacks. Cheap Yeezy Shoes

    At the same time, Want most of usually unquestionably this particular absolutely crispiest acne, Followed by hide the pet racer, Discovered, During the freezer or icebox and allow it to go air moistureless of at least 4 6 tons. This complete college tuition ruling what's more reveals the issue with aiming for the point at which"The cloths line" Is actually for MeToo, Or possibly a worrying in thought time frame the initiative is going"Much, That discourse thinks that Michael Kors Outlet Sale females can be controlled by some quantity of sexism so that you can gents small muscle appointments, Knowning that the only smart floorboards along with issue is finished the actual of that content persons will be permitted to get away by using.

    Many thank you slightly tell leslie. Your girl said all the your sweetheart's co-workers really liked it and as well, adopted i would say some sort of recipe ingredients announced air force 1 in store that moving it was attack the uk S W Cheap Ray Ban Sunglasses from this Coach Outlet Store day forward. This is why all of drum sets they fit...

  15. This is very important information for Ph.D students, and they can get many benefits. I think, this is a helpful content, and I am also satisfied because this is a positive step. Dissertation writing services.

  16. Quickbooks Tool Hub is a combination of all essential tools that can be used to diagnose any error in Quickbooks. It is used to fix issues like login credential issues, PDF and Printing issues, Connectivity issues, performance issues etc.
    Quickbooks tool hub download

  17. excellent points altogether, you just gained a new reader. What would you recommend in regards to your post that you made a few days ago? Any positive?michael kors watch

  18. Hi there just wanted to give you a brief heads up and let you know a few of the pictures aren't loading properly. I'm not sure why but I think its a linking issue. I've tried it in two different browsers and both show the same outcome. payroll slip hong kong

  19. You will agree with me that women are generally synonymous to fashion. And one of the fashion Coach Handbags Clearance that women adore so much when they want to look fashionable and thus look beautiful, is fine looking attractive and quality New Air Jordan Shoes. Thus, in as much as women love putting on quality fine looking Cheap Air Force Ones, research has confirmed that women just don't throw money around like their opposite counterpart, so quality fine looking MK Outlet they prefer, but they also prefer buying them cheap. An increasing number of people these days are finicky about the kind of Air Jordan Sale they wear. While almost everyone wants to wear the latest Michael Kors Factory Outlet and trendiest Cheap Yeezys not many are prepared to shell out exorbitant amounts of money for these. Therefore, if you want to know insider secrets to buy cheap Coach Factory Outlet Online read on to know more. (Article Source From Coach Outlet Clearance Sale)

  20. An fascinating dialogue is value comment. I feel that it's best to write more on this matter, it may not be a taboo topic but typically people are not sufficient to speak on such topics. To the next. contemporary art for sale

  21. The main intention behind the talktowendys survey is to know honest feedback from their customers and provide better service and food. in addition to taking the talktowendys survey, wendys rewards its customers with talktowendys coupon.