How much does it take to hack a mobile network?
Is electronic government secure
in the era of WikiLeaks and Anonymous?

Is SCADA hacking a Hollywood fiction
or the nowadays reality?
Internet banking: is there any chance to win
over the fraudsters?

Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?

Pages

Monday, December 16, 2013

Want to Join PHDays IV CTF? Take Part in CTF Quals!


PHDays IV is coming! Tickets for the forum are available, Call for Papers is in progress, acceptance of reports for the Young School competition has started.

Thursday, December 12, 2013

Ticket Sales: Positive Hack Days IV

Tickets for PHDays IV are now available. To buy your ticket and sign up for the forum, visit our Registration page.

Until February 28, Early Bird discounts are available, with tickets priced at just 9,770 rubles for two days and 7,470 rubles for one day.

After March 1, ticket prices are 13,870 rubles for two days and 9,770 rubles for one day.

Monday, December 9, 2013

PHDays IV Young School Begins

The third PHDays Young School competition of research from emerging scientists in information security will be held at Positive Hack Days IV in 2014. Winners will have the unique opportunity to present their research results in front of a wide audience of leading Russian and world information security experts.


In addition, young scientists will be able to participate in hacking and security contests, and they will have the best seats at the CTF contest. And, of course, they will be warmly welcomed as members of the PHDays community. The most outstanding research will be singled out for a special prize.

Tuesday, November 26, 2013

How to Survive in the Cyberspace? PHDays IV: Searching for a New Formula

The international forum on practical security Positive Hack Days IV will take place on May 21 and 22, 2014 in the Digital October Center. We have already started preparing for the forum that held leading positions in ratings, received rewards and heard many encouraging words from information security professionals.


A lot of reports and hands-on labs from leading IS experts, as well as professional discussion, realistic contests are in store for the guests and participants of PHDays. The concept hasn't changed: maximum experience, minimum ceremonies, no advertising materials or promotion.

Monday, June 17, 2013

"Best Reverser" at PHDays III — Developer's Overview

When we put hand to the contest, we wanted to make it interesting, difficult and feasible at the same time.

We believe that a good reverser should be able to read computer code, convert it to a clear algorithm, find mistakes and flaws of this algorithm, and, if possible, to exploit them. Besides the code provided for analysis should be close to true software code.

The 64-bit Windows version was chosen as a platform, because Hex-Rays Decompiler for x86 makes everything easier and there are no decompilers for x64. And 64-bit applications have become common anyway.

So a small program with Qt (and static libraries) was developed. And the executable file was almost 10 MB. But is it unbearable for a talented reverser? Though, according to feedback, the file size scared some participants. On the other hand, Qt leaves a lot of useful information, and a reverser must know how to separate the wheat from the chaff...

17 Hackspaces From 7 Countries Joined PHDays III

To take part in the PHDays forum, local information security specialists gathered together in Abu Dhabi  (United Arab Emirates), Birzeit (Palestine), Cairo (Egypt), Kollam (India), Tunis (Tunisia), Kiev and Lviv (Ukraine), and Vladivostok, Voronezh, Kaliningrad, Novosibirsk, Omsk, St. Petersburg, Saratov and Ufa (Russia).

Tuesday, June 11, 2013

A Researcher from Tomsk Wins PHDays III Young School

The results of PHDays III Young School, a national information security competition of young scientists, are known. The program committee considered a great number of applications and selected four best works, the authors of which spoke at PHDays in front of leading IS specialists from all over the world.

The ideas of the PHDays Young School participants find practical application very quickly. At the final stage of the competition, Andrey Iskhakov's "Two-Factor Authentication System Based on QR Code" (Tomsk State University of Control Systems and Radioelectronics) was voted the most interesting and promising work. It is already decided that the premises of Tomsk special economic zone will be equipped with Andrey's security system in 2014 — security badges will be substituted by a special identification program for employees' mobile devices.

Thursday, June 6, 2013

PHDays III CTF: Levart D’Errorim

The Positive Hack Days forum, which was held on May 23 and 24, traditionally hosted a CTF contest. During two days, ten teams from six countries beat back attacks and hacked rivals' networks.

Tuesday, June 4, 2013

The NetHack Challenge Detailed Review

During the Positive Hack Days III forum, the NetHack competition for experts in network security was held. The participants were to obtain access to five network devices and capture flags stored in the devices during 50 minutes. The game network included typical network infrastructure vulnerabilities discovered by the Positive Technologies experts during security analysis and penetration tests. Today we would like to bring to you attention a detailed review of the contest tasks.

Thursday, May 30, 2013

ATM Hacked at PHDays III

Foreign experts in physical information security discovered and demonstrated vulnerabilities in bank equipment at the Positive Hack Days III forum, which was held on May 23 and 24 in Moscow. The contest's ATM contained vulnerabilities, one of which gave access to servicing area without a key. The other vulnerability allowed switching the machine into service mode using a common paper clip.

Later on, a related contest was held at the venue. During a limited period of time the participants were to exploit detected vulnerabilities and reproduce the steps that allowed switching the ATM into service mode.


Mikhail Elizarov, a first-year student from the North Caucasian Federal University (Nevinnomyssk, Stavropol Krai, Russia) was the first to solve the tasks and so he won the contest.

Tuesday, May 28, 2013

Students Found SCADA Vulnerabilities at PHDays

Mikhail Elizarov, a first year student of the North-Caucasus Federal University (Nevinnomyssk, Stavropol Territory), and Arseny Levshin, a student from Minsk, won the contest related to SCADA security assessment, which took place as part of the international forum Positive Hack Days III.


SCADA is used to control important objects in such sectors as energy, transportation, etc. For instance, such systems are employed in nuclear power plants and electric trains. Any SCADA failure can lead to a disaster and extensive damage, however, the developers of such systems still pay little attention to their software security. This was proved by the contest results.

Monday, May 27, 2013

A Specialist from Perm Wins the Network Infrastructure Security Analysis Contest at PHDays

The security of network infrastructure is the most important task in business. Companies often suffer significant losses and sometimes go bankrupt when intruders manage to access a company's internal network and steal sensitive information. A key role in providing high security level usually belongs to an equipment on the basis of which a network is built.

Stanislav Mironov (Perm, Russia) cracked network infrastructure during the NetHack contest. Stanislav is an expert in network administration and security and currently works for a commercial bank in Moscow.

The contest's participants needed to obtain access to the game network during a limited period of time, then get to the unrouted segment that contains a certain automated system. The game network developed for the contest included typical vulnerabilities discovered by the Positive Technologies experts during security analysis and penetration tests.

Friday, May 24, 2013

A Student Hacks a Remote Banking System at PHDays

The security of banking systems became one of the key topics at Positive Hack Days III. Discussions, contests and hands-on labs on banking systems were held during the forum.


Anatoly "heartless" Katyushin, a student from the Samara State Aerospace University (Samara, Russia), hacked a remote banking system during the $natch competition and "stole" 4,995 rubles. The contest consisted of two rounds. at first, virtual machine copies with vulnerable web services of the remote banking system (a real I-banking system analog) were provided to the participants. In the second round, the hackers needed to exploit the discovered vulnerabilities and steal as much money as it was possible.

Thursday, May 23, 2013

The First Day of PHDays Comes to an End

Positive Hack Days III, an international forum on practical information security, has started today, on May 23 in the WTC Moscow. Among the participants are IS experts, hackers, politicians and representatives of the Internet community from every corner of the world. During the reports, hands-on labs and various discussions, the forum’s attendees took a close look at practical security and discussed the perspectives of the industry.

Wednesday, May 22, 2013

Ask Questions to the PHDays Speakers via Twitter

A great number of reports and hands-on labs from leading IS experts will be presented at Positive Hack Days III. If you are not able to attend the forum held on May 23 and 24 in the WTC Moscow, you still have the opportunity to participate in PHDays: specially for you the event will be broadcasting and you will be also able to communicate with the speakers and guests via Twitter.

Tuesday, May 21, 2013

Positive Hack Days III Online Competitions

If, for some reason, you will not be able to visit the venue of Positive Hack Days on May 23 and 24, this doesn’t mean you should miss the opportunity to participate. Thanks to the competition program of the forum, anyone will have a chance to compete with contestants from all over the world during exciting online Positive Hack Days III challenges.

WAF Bypass at PHDays III

During the Positive Hack Days a competition for enthusiasts and experts of web application security will take place. The challenge organized by forum's technological partner ICL-KME CS company provides an opportunity to test oneself in exploiting vulnerable web applications protected by a Web Application Firewall.

Theory, Practice, and Minimum Ceremonies — PHDays III Program Published

The international forum on information security Positive Hack Days III will start in two days! Today you have a possibility to learn the final event program, which consists, as it was last year, of two parts — the conference and hacking contests.

Take Part in Positive Hack Days in Any Part of the World

As part of PHDays Everywhere, any visitor of hackspaces in different parts of the planet will be able to partake in the international forum Positive Hack Days.

17 hackspaces in 7 countries will throw their doors open on May 23 and 24. Abu Dhabi (United Arab Emirates), Cairo (Egypt), Birzeit (Palestine), Kollam (India), Tunis (Tunisia), as well as Kiev, Lviv, Vladivostok, St. Petersburg, Novosibirsk, Kaliningrad, Omsk, Ufa, Voronezh, Saratov, and Krasnodar have already joined the initiative.

Monday, May 20, 2013

The NetHack Qualifying Round Ends

For a week, from May 7 to 15, hackers from all over the world were engaged in a fierce struggle during the NetHack competition. The participants needed to demonstrate their skills in obtaining control over network infrastructure via exploiting misconfiguration of the equipment.

One hundred and twenty-six solutions for the competition task were offered: the Positive Technologies experts in network security received 14 letters a day on average and evaluated the solutions. Eight finalists who showed the best results have been defined:

Wednesday, May 15, 2013

HackQuest is Completed. Best Reverser is Ready to Start

The epic hacking competition PHDays HackQuest has come to an end. The competition was organized by ONsec_Lab. It lasted from May 1 to 13 and drew 1441 participants, 112 of them solved at least one task.

Results
The racing continued right to the last minute. The top three was stable until the end of the contest: JustRelаx, MERRON, Bo0om. However, the sly tactics of capturing flags two minutes before the ending allowed one of the participants, namely karim, to win the contest. Bo0om also captured another flag at the last moment and left MERRON on the fourth place, from which he was overtaken by Yngwie.

So karim, who was the fourth not long before the end of the contest, won by 50 points. JustRelax being the leader throughout the contest took second place. Bo0om came in third.

We’ll keep our promise: 10 participants who showed the best results will get invitations to Positive Hack Days and special T-shirts (1 place — 5 tickets, 2 place — 4 tickets, 3 place — 3 tickets, from 4 to 10 place — 1 ticket per participant). Moreover, the top three participants will get diplomas.

Scoreboard in the Norton Commander style (http://hackquest.phdays.com/results.php):

Tuesday, May 14, 2013

New Reports at PHDays III: From ICS Security, to the Analysis of Java 0-day Exploits

How to build your own Stuxnet? Are security systems safe? Is it easy to watch the people and why physical security is the basis of any kind of security? Today we would like to bring to you attention some of more than 30 reports of the main technical program of Positive Hack Days III.

Monday, May 13, 2013

Author of Hydra, Amap and SuSEFirewall Speaks at PHDays


Marc "van Hauser" Heuse, a well-known information security researcher, will be one of the key speakers at Positive Hack Days III.

Marc has performed security research since 1993, found vulnerabilities in numerous products. Moreover, he is the author of various famous security tools, such as Hydra, Amap, THC-IPV6, THC-Scan and SuSEFirewall.

Tuesday, May 7, 2013

NetHack: Win Invitation to PHDays!

The Positive Hack Days III program promises to be quite rich: reports, hands-on labs of the world leading experts, the CTF hacking battle, the Young School finalists’ presentations and a great number of competitions (held both online and at the venue).

This time, to partake in the forum you can buy a ticket. But, anyway, is it the right path of a real hacker? It is much more interesting to get the ticket by fighting other specialists in information security. In case you think the same way, the NetHack contest is held for you.

Tuesday, April 30, 2013

PHDays III Contests Program: Hacking ATM and SCADA, Passing the Labyrinth

The participants of Positive Hack Days, which will be held in Moscow on May 23-24, will hear the reports of well-known experts in information security, partake in hands-on labs, support a CTF team — and this is not all there is to it. The forum guests will have the opportunity to try themselves in fascinating competitions. We would like to bring to you attention the list of contests that will take place during Positive Hack Days III at the WTC Moscow.

Monday, April 29, 2013

PHDays III Young School Finalists are Known

For the second year in a row, we hold the competition in order to find young and talented specialists in information security who will be able to raise the science level of the country of the famous Russian hackers.

The competition of young scientists is held as a part of the Positive Education program. The initiative is to expand the knowledge that young scientists got at the university and to introduce the unique experience of practical security gained by the Positive Technologies experts.

Students, postgraduates and independent young researchers can partake in the competition. The applications accepting lasted for 3 month. This week the finalists have been defined.

Wednesday, April 24, 2013

PHDays III First Hands-on Labs: Cyber Forensics, Attacks Against SAP and Windows Kernel

ThePositive Hack Days III guests will enjoy not only interesting reports, CTF contests and competitions, but also numerous hands-on labs. The PHDays hands-on labs are practical tasks that are held under the slogan 'Deeds, not Words'. Under the guidance of the world's experts in information security, the audience will go deep into the topic and solve practical tasks on information security issues. To take part in the hands-on labs, you just need to have a basic grounding, thirst for knowledge and all the necessary equipment (laptop, RFID reader).

Tuesday, April 9, 2013

PHDays III — Ticket Sale Has Started

Ticket sale for the international forum on practical security PHDays III started on Monday, April 8. Registration and tickets are available here. A ticket bought until May 1 will cost 9,600 rubles per two days and 7,100 rubles per a day.

After May 1 the price of a ticket will increase up to 13,700 rubles per two days and 9,600 rubles per a day.It is worth reminding that there are other ways to join the forum beside the ticket purchase — just prove yourself in any of the contests (keep up with the news on the official website) or become a speaker registering via Call for Papers until April 14.

Friday, April 5, 2013

Description of PHDays CTF Finals

The third international forum on practical security Positive Hack Days will take place on May 23-24. Today we publish rules of PHDays CTF Finals.

Wednesday, March 27, 2013

How to Join PHDays III?

A list of available ways to get to Positive Hack Days forum.

Friday, March 22, 2013

PHDays Call For Papers Initiates Its Second Stage

With only two months and a half left, the information security forum Positive Hack Days will throw its doors open in World Trade Center Moscow. This year the forum will host 2,000 information security experts from all over the world. If you want to share the results of your research or you have something to tell the community about, then we are looking forward to seeing you as a speaker at PHDays.

You have a chance to apply for participation in PHDays III till the end of the second stage of Call For Papers, which will be closed on April 14, 2013. The first stage has made it clear who will definitely speak at the forum.

Monday, March 18, 2013

PHDays III Will Take Place in World Trade Center Moscow

The third international forum on practical security Positive Hack Days will take place on May 23-24 in the Moscow World Trade Center, one of the main platforms of the country.


All the participants' requests and the new level of the event have been considered by the organizers to choose the right place. This year the forum will host at least 2,000 experts comparing with 1,500 experts last year. The number of various reports, contests, and hands-on labs will increase significantly as well.

Monday, March 4, 2013

PHDays III Call For Papers: the Latest Intelligence Data From the Both Sides of the Barricades

The first wave of the Call for Papers has already yielded its results: specialists from different countries are ready to be loaded onto the plane to the PHDays III. Both reports and hands-on-labs (where the audience is able to participate) will be presented at the forum. Today we are ringing up the curtain to tell you about several reports taking place at the forum.

Thursday, February 28, 2013

Last Two Weeks to Take Part in PHDays Young School!


By popular demand, we increase the time frame for young scientists in information security to send in the reports and take part in the contest. Now you can apply for participation in PHDays Young School until March 15, 2013 (24:00 UTC).

We have already received applications for participation that are based on such current tendencies as information warfare, mobile platforms vulnerabilities, anonymity, and mobile devices.