How much does it take to hack a mobile network?
Is electronic government secure
in the era of WikiLeaks and Anonymous?

Is SCADA hacking a Hollywood fiction
or the nowadays reality?
Internet banking: is there any chance to win
over the fraudsters?

Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?


Saturday, December 29, 2012

Labyrinth, Noise Elimination, Circuit Engineering... Review of the Most Interesting Tasks of PHDays CTF Quals

PHDays CTF Quals, information security competition, ended last week. 493 teams from 30 countries competed in information hacking and protection. All the tasks were divided into five categories from Reverse Engineering to the tasks typical of the real world (the details and results of the competition are available in our previous post). Each category included five tasks of different challenge levels (from 100 to 500 points).

The majority of the tasks were solved by the teams, some of them caused troubles, and some were left unsolved. Moreover, for a part of the tasks the teams used such solutions, which were not even considered by the organizers. This time we want to review the most interesting (in our opinion) and difficult tasks of PHDays CTF Quals.

Thursday, December 27, 2012

PHDays CTF Quals – BINARY 500 or Hiding Flag Six Feet Under (MBR Bootkit + Intel VT-x)

PHDays CTF Quals took place on December 15-17, 2012. More than 300 teams participated in this event and fought to become a part of PHDays III CTF, which is going to be held in May 2013. Our team had been developing the tasks for this competition for two months. And this article is devoted to the secrets of one of them – Binary 500. This task is very unusual and hard-to-solve, so nobody could find its flag.

This executable file is an MBR bootkit, which uses hardware virtualization (Intel VT-x). Due to the program’s specific features, we decided to warn users that this program should be executed on a virtual machine or an emulator only.

 Warning and license agreement

Tuesday, December 18, 2012

Cyberwarriors from All Over the World Fought to Partake in PHDays III CTF

PHDays CTF Quals, interactive information security competition, took place from 10 a.m. on December 15 to 10 a.m. on December 17 and lasted for the whole 48 hours. PPP (Plaid Parliament of Pwning), a team from the USA, became the winner. They had to resist to 493 teams from more than 30 countries in the course of the battle.

The competition went in a more active way comparing to the previous year — 681 teams applied for participation, 154 of them solved at least one task, and more than 100 people discussed the battle on IRC.

Friday, December 14, 2012

Intro: PHDays CTF Quals 2012

Attention! For solving one of the tasks you will need Bochs emulator with installed Windows XP SP3 or higher!

1. Download Bochs from official site (version 2.4.6 or 2.6)
2. Download disk image and config files
3. Extract image and config to Bochs directory
4. Open config file with bochs and specify path to Windows ISO image in cdrom options (Disk & Boot | ATA channel 0 | first HD/CD on channel 0) (don't forget to check 'inserted')
5. Boot from cd drive and install OS (It can take a long time!!!)

Wednesday, December 12, 2012

Three Days Left Before PHDays CTF Quals Starts

Let us remind you that PHDays CTF Quals starts on the 15th of December and will last for three days. 300 teams from more than 30 different countries of the world have already registered. You still can join!

Registration for Quals: till 17th of December, 2012.

Time when Quals will be held: From 10 a.m. of the 15th of December till 10 a.m. of the 17th of December, 2012 (Moscow time). The contestants will try their hands at security assessment, vulnerabilities detection and exploitation, as well as fulfilling reverse engineering tasks.