How much does it take to hack a mobile network?
Is electronic government secure
in the era of WikiLeaks and Anonymous?

Is SCADA hacking a Hollywood fiction
or the nowadays reality?
Internet banking: is there any chance to win
over the fraudsters?

Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?

Pages

Thursday, May 30, 2013

ATM Hacked at PHDays III

Foreign experts in physical information security discovered and demonstrated vulnerabilities in bank equipment at the Positive Hack Days III forum, which was held on May 23 and 24 in Moscow. The contest's ATM contained vulnerabilities, one of which gave access to servicing area without a key. The other vulnerability allowed switching the machine into service mode using a common paper clip.

Later on, a related contest was held at the venue. During a limited period of time the participants were to exploit detected vulnerabilities and reproduce the steps that allowed switching the ATM into service mode.


Mikhail Elizarov, a first-year student from the North Caucasian Federal University (Nevinnomyssk, Stavropol Krai, Russia) was the first to solve the tasks and so he won the contest.

Tuesday, May 28, 2013

Students Found SCADA Vulnerabilities at PHDays

Mikhail Elizarov, a first year student of the North-Caucasus Federal University (Nevinnomyssk, Stavropol Territory), and Arseny Levshin, a student from Minsk, won the contest related to SCADA security assessment, which took place as part of the international forum Positive Hack Days III.


SCADA is used to control important objects in such sectors as energy, transportation, etc. For instance, such systems are employed in nuclear power plants and electric trains. Any SCADA failure can lead to a disaster and extensive damage, however, the developers of such systems still pay little attention to their software security. This was proved by the contest results.

Monday, May 27, 2013

A Specialist from Perm Wins the Network Infrastructure Security Analysis Contest at PHDays

The security of network infrastructure is the most important task in business. Companies often suffer significant losses and sometimes go bankrupt when intruders manage to access a company's internal network and steal sensitive information. A key role in providing high security level usually belongs to an equipment on the basis of which a network is built.

Stanislav Mironov (Perm, Russia) cracked network infrastructure during the NetHack contest. Stanislav is an expert in network administration and security and currently works for a commercial bank in Moscow.

The contest's participants needed to obtain access to the game network during a limited period of time, then get to the unrouted segment that contains a certain automated system. The game network developed for the contest included typical vulnerabilities discovered by the Positive Technologies experts during security analysis and penetration tests.

Friday, May 24, 2013

A Student Hacks a Remote Banking System at PHDays

The security of banking systems became one of the key topics at Positive Hack Days III. Discussions, contests and hands-on labs on banking systems were held during the forum.


Anatoly "heartless" Katyushin, a student from the Samara State Aerospace University (Samara, Russia), hacked a remote banking system during the $natch competition and "stole" 4,995 rubles. The contest consisted of two rounds. at first, virtual machine copies with vulnerable web services of the remote banking system (a real I-banking system analog) were provided to the participants. In the second round, the hackers needed to exploit the discovered vulnerabilities and steal as much money as it was possible.

Thursday, May 23, 2013

The First Day of PHDays Comes to an End

Positive Hack Days III, an international forum on practical information security, has started today, on May 23 in the WTC Moscow. Among the participants are IS experts, hackers, politicians and representatives of the Internet community from every corner of the world. During the reports, hands-on labs and various discussions, the forum’s attendees took a close look at practical security and discussed the perspectives of the industry.

Wednesday, May 22, 2013

Ask Questions to the PHDays Speakers via Twitter

A great number of reports and hands-on labs from leading IS experts will be presented at Positive Hack Days III. If you are not able to attend the forum held on May 23 and 24 in the WTC Moscow, you still have the opportunity to participate in PHDays: specially for you the event will be broadcasting and you will be also able to communicate with the speakers and guests via Twitter.

Tuesday, May 21, 2013

Positive Hack Days III Online Competitions

If, for some reason, you will not be able to visit the venue of Positive Hack Days on May 23 and 24, this doesn’t mean you should miss the opportunity to participate. Thanks to the competition program of the forum, anyone will have a chance to compete with contestants from all over the world during exciting online Positive Hack Days III challenges.

WAF Bypass at PHDays III

During the Positive Hack Days a competition for enthusiasts and experts of web application security will take place. The challenge organized by forum's technological partner ICL-KME CS company provides an opportunity to test oneself in exploiting vulnerable web applications protected by a Web Application Firewall.

Theory, Practice, and Minimum Ceremonies — PHDays III Program Published

The international forum on information security Positive Hack Days III will start in two days! Today you have a possibility to learn the final event program, which consists, as it was last year, of two parts — the conference and hacking contests.

Take Part in Positive Hack Days in Any Part of the World

As part of PHDays Everywhere, any visitor of hackspaces in different parts of the planet will be able to partake in the international forum Positive Hack Days.

17 hackspaces in 7 countries will throw their doors open on May 23 and 24. Abu Dhabi (United Arab Emirates), Cairo (Egypt), Birzeit (Palestine), Kollam (India), Tunis (Tunisia), as well as Kiev, Lviv, Vladivostok, St. Petersburg, Novosibirsk, Kaliningrad, Omsk, Ufa, Voronezh, Saratov, and Krasnodar have already joined the initiative.

Monday, May 20, 2013

The NetHack Qualifying Round Ends

For a week, from May 7 to 15, hackers from all over the world were engaged in a fierce struggle during the NetHack competition. The participants needed to demonstrate their skills in obtaining control over network infrastructure via exploiting misconfiguration of the equipment.

One hundred and twenty-six solutions for the competition task were offered: the Positive Technologies experts in network security received 14 letters a day on average and evaluated the solutions. Eight finalists who showed the best results have been defined:

Wednesday, May 15, 2013

HackQuest is Completed. Best Reverser is Ready to Start

The epic hacking competition PHDays HackQuest has come to an end. The competition was organized by ONsec_Lab. It lasted from May 1 to 13 and drew 1441 participants, 112 of them solved at least one task.

Results
The racing continued right to the last minute. The top three was stable until the end of the contest: JustRelаx, MERRON, Bo0om. However, the sly tactics of capturing flags two minutes before the ending allowed one of the participants, namely karim, to win the contest. Bo0om also captured another flag at the last moment and left MERRON on the fourth place, from which he was overtaken by Yngwie.

So karim, who was the fourth not long before the end of the contest, won by 50 points. JustRelax being the leader throughout the contest took second place. Bo0om came in third.

We’ll keep our promise: 10 participants who showed the best results will get invitations to Positive Hack Days and special T-shirts (1 place — 5 tickets, 2 place — 4 tickets, 3 place — 3 tickets, from 4 to 10 place — 1 ticket per participant). Moreover, the top three participants will get diplomas.

Scoreboard in the Norton Commander style (http://hackquest.phdays.com/results.php):

Tuesday, May 14, 2013

New Reports at PHDays III: From ICS Security, to the Analysis of Java 0-day Exploits

How to build your own Stuxnet? Are security systems safe? Is it easy to watch the people and why physical security is the basis of any kind of security? Today we would like to bring to you attention some of more than 30 reports of the main technical program of Positive Hack Days III.

Monday, May 13, 2013

Author of Hydra, Amap and SuSEFirewall Speaks at PHDays


Marc "van Hauser" Heuse, a well-known information security researcher, will be one of the key speakers at Positive Hack Days III.

Marc has performed security research since 1993, found vulnerabilities in numerous products. Moreover, he is the author of various famous security tools, such as Hydra, Amap, THC-IPV6, THC-Scan and SuSEFirewall.

Tuesday, May 7, 2013

NetHack: Win Invitation to PHDays!

The Positive Hack Days III program promises to be quite rich: reports, hands-on labs of the world leading experts, the CTF hacking battle, the Young School finalists’ presentations and a great number of competitions (held both online and at the venue).

This time, to partake in the forum you can buy a ticket. But, anyway, is it the right path of a real hacker? It is much more interesting to get the ticket by fighting other specialists in information security. In case you think the same way, the NetHack contest is held for you.