There is little time left before the beginning of PHDays. The CTF finalists are already determined, we develop the conference program (see part 1 and 2) and prepare PHDaуs Everywhere activities. Surely, not only exciting talks and hands-on labs, but also awesome contests are waiting for the visitors!
A bit of history
Traditionally, at Positive Hack Days the main focus is on practical contests, which allow attendees to demonstrate their skills in hacking and protection.
Last time the PHDays contestants tried to protect the industrial control system of a miniature railroad model, practiced lockpicking, searched for breaches in a specially crafted Internet banking system and “stole” money right from an ATM. The hit of the show was the hacking labyrinth, full of laser motion sensors, imitators of covert listening devices and other cool stuff. Only at PHDays can you experience these and other adventures (such as analyzing network security or reverse engineering). Check out the contests below, prepared this time for white hats from all over the world.
Check out the contests below, prepared this time for white hats from all over the world.
Challenges at the Venue
Please note that you will need a laptop to participate in the majority of the contests.
Critical Infrastructure Attacks (CIА)
The challenge of analyzing security of real ICS systems controlling a railway model (Choo Choo Pwn) was a real specialty of PHDays III. Afterwards, its organizers had a real rock-star experience touring from one security conference to another around the world (see reports on Seoul and Hamburg).
This time the contestants will be provided with access to the ICS network and (during a limited period of time) will try whether to disrupt the operation of some components of the toy world or to obtain controlled access to the targets. Check out how it looked last year.
The winners will be awarded with prizes by the forum organizers.
$natch
This challenge allows any PHDays attendee to try what it’s like to be hacker stealing money from bank accounts — without any risk of law problems at all.
The contestants will test their knowledge and skills in exploiting common vulnerabilities of remote banking web services. The tasks are based on the vulnerabilities that Positive Technologies experts commonly find during real-life remote banking pentests.
The contest is held in to stages. First, the participants will receive copies of virtual machines with vulnerable web services (an analogue of a real remote banking system with common vulnerabilities). The aim is to detect specially planted vulnerabilities during a set period of time. The next step is to exploit the vulnerabilities to withdraw money from a special account.
The winner receives the “stolen” money as a prize!
Survive Hacking
This is onу more contest of a Hollywood blockbuster type. The contestants had to go through a labyrinth full of obstacles: to pass laser motion sensors, solve puzzles, outwit artificial intelligence and deactivate a bomb. To pass the PHDays III labyrinth quicker than others one had to try really hard!
This year the challenge promises to be even more exciting – bugs and lasers will be complemented with new hi-tech tasks. The winners and successful participants will receive excellent prizes from the forum organizers.
WAF Bypass
The organizers provide an archive with a web application source code, containing multiple vulnerabilities specially planted in it. The vulnerability scanning report by Application Inspector will also be available. The task is to bypass a new system of protection — Positive Technologies Application Firewall, that will be guarding the web application. With the source code provided, the participants will be able to verify the existence of the detected vulnerabilities and try to find other ones.
The winners will receive prizes from the organizers of the forum.
Leave ATM Alone
Last year PHDays contestants were probing ATM physical security, this time it was decided to change the approach. The contest Leave ATM Alone will challenge the skills of exploiting ATM software vulnerabilities.
The access to the physical control level of some modules will be provided. Contestants will try to analyze and leverage it to obtain full control on the device. The winners will be awarded with presents.
2600
The aim is to make a call from an old coin telephone using a special phone number. The coin has to be returned to the organizers. The results will be announced on the second day of the forum. The jury will take into account the originality of applied methods. Last year the contest quite popular with the attendees.
Apart from prizes, the winner will be able to keep unique PHDays coins that can substitute usual telephone tokens.
2drunk2hack
This is already a Positive Hack Days’ classic. At the end of the second day of the forum, when all the battles are over, the CTF winner is named and everyone wants to relax and have a nice time in an informal setting, this utterly atmospheric contest starts. The contestants should successfully attack a web application, protected by a security filter. The application contains a number of vulnerabilities, a successive exploitation of which allows, among other things, OS commands execution.
The contest time is limited to 30 minutes. After every 5 minutes the contestants whose attacks were registered oftener than others’ drink a 50 ml shot of a strong drink and go on hacking. The winner is the first who manages to capture the main flag via executing server-side commands.
2drunk2hack was such fun that during the last year’s competition even geohot himself, after finishing his CTF competition as a member of PPP, couldn’t resist the temptation to join the participants. By the way, he managed to win the contest!
The winners will receive souvenirs and keepsakes from the organizers of the forum.
Online Contests
Those of you who, for some reasons, cannot come to Moscow on May 21 and 22, are welcome to join the contest participants online.
Hash Runner
This contest challenges the attendees’ knowledge in crypto algorithms hashing and skills in cracking hash passwords. The contestants will receive a list of hash functions generated by various algorithms (MD5, SHA-1, Blowfish, GOST3411, etc.). To become a winner, a participant should score the highest number of points during a limited time, leaving all rivals behind.
Any Internet user can participate. The registration via phdays.com will open on May 8 and will be available until the beginning of the forum.
The organizers promise excellent prizes for the winners.
PHDays Online HackQuest
The contest is organized by PentestIT. The tasks will be develo9ped by PentestIT, Ares (the developer of Intercepter-NG), Yury Khvil (malware analysis at CSIS) and Ivan Novikov (d0znpp, OnSec).
The attendees of PHDays Everywhere hackspaces can also take part in this contest, they will have a separate team scoring. The game infrastructure, crafted to be as close to real one as possible, will be represented by a distributed network including a several branches of a target enterprise. Each successfully solved task brings a flag. The winner is the person with the highest number of flags.
The winners of the contest will be awarded with cool prizes from the PHDays organizers and PentestIT.
Competitive Intelligence
The contest challenges the attendee’s skills in quickly and thoroughly searching and analyzing data on the Internet, in using technical tools and methods of competitive intelligence.
Not long before the start of the forum the organizers will publish some questions concerning n organization, information on which is available on the Internet. The aim is to find as many right answers as possible with minimum time.
Any Internet user is welcome to participate. You can register via phdays.com starting from May 9. (Check out the report on the last year’s contest.)
Successful participants will receive free invitations to PHDays IV, and the winner will additionally get presents from the organizers.
Tweeting and Blogging Contest
You can become a contest winner at PHDays not only by hacking, but also by demonstrating your writing and reporting skills.
First of all, Twitter users get a wonderful opportunity to win nice prizes and free invitations to Positive Hack Days in 2015. Last year Artyom Ageev won the contest and has a right to get a free invitation to PHDays IV.
To participate, subscribe to our account on Twitter @phdays and during the two days of the forum tweet with the hashtag #PHDays, telling your followers about what’s going on at the venue: commenting contests, noting interesting talks, hands-on labs, etc. After the forum the organizers will evaluate the “broadcast”, count the number of deserved retweets and announce the winner.
However, if you are not a master of miniatures and prefer traditional blog posts to 140 characters, don’t get upset. Post an exciting story with your feedback on attending PHDays, participating in the contests and labs, then send us the link via Twitter, Facebook or VK. The winner will receive a prize and an invitation to PHDays in 2015.
Don’t forget that we prepared additional exclusive contests for the attendees of PHDays Everywhere hackspaces.
Join the battles of information security specialists from all over the world as part of Positive Hack Days!
SHAREit
ReplyDeleteUC Browser
MX Player Thanks for sharing.I found a lot of interesting information here. A really good post, very thankful and hopeful that you will write many more posts like this one.
I think that here you can get more advices on thesis. It will help you for sure and I know what I am talking about امیر تتلو
DeleteI think that here you can get more advices on thesis. It will help you for sure and I know what I am talking about
مهدی جهانی
I think that here you can get more advices on thesis. It will help you for sure and I know what I am talking about
ReplyDeleteHave you any other information about IV Competitive Program because I have read it completely but want to get complete information because my friend are going to add this on their in ireland cipd assignments project so, if you have more information about it so please share with me. I am searching to get more details about it from internet.
ReplyDeleteThere are more than 7 jobs offered at the Regional Blood Center Peshawar - RBC. You can find all Regional Blood Center Peshawar - RBC Jobs 2019 on this page with the complete information, including last date to apply, qualification requirement for Regional Blood Center Peshawar - RBC jobs. Check the eligibility criteria for the vacancies, form to apply, phone number, email, address and website to apply for jobs. source
ReplyDeleteThe following article is a Zenith Labs Probiotic T 50 review, a product that has been widely acclaimed and used. We are going to get into the supplement and test out its genuineness.
ReplyDeleteNice Post thanks!
ReplyDeleteemily compagno pics
neha kakkar height
Our nursing writing services services are very affordable as we provide you with work that is at a golden equilibrium, try our custom assignment writing services today.
ReplyDeleteI am glad that I saw this post. It is informative blog for us and we need this type of blog thanks for share this blog, Keep posting such instructional blogs and I am looking forward for your future posts.
ReplyDeleteCyber Security Projects for Final Year
JavaScript Training in Chennai
Project Centers in Chennai
JavaScript Training in Chennai
Call Girls In Gurgaon
ReplyDeleteIndependent Call girls in MG Road are available at MG Road Metro station located in Gurgaon, Haryana.
The Escorts service in MG Road is located on the Yellow Line of the Delhi Metro.
The station has two beautiful sides for
escorts in MG Road – DLF City Center and MGF Metropolitan MG Road call girls- on either side of it.
It is also in the vicinity of residential complexes such as Beverly Park, Essel Towers and Heritage City.
https://shipranoida.in/category/haryana/gurgaon/
https://shipranoida.in/escort-gurgaon-sector-28/
https://shipranoida.in/girls-in-sector-39-gurgaon/
https://shipranoida.in/girls-in-mg-road/
https://shipranoida.in/escort-service-in-dlf-gurgaon/
https://shipranoida.in/girls-are-available-in-palam-vihar/
https://shipranoida.in/golf-course-extension-road/
https://shipranoida.in/call-girls-in-gurgaon-sector-26/
https://shipranoida.in/girls-in-gurgaon-sector-27/
https://shipranoida.in/beautiful-girl-in-gurugram/
آصف آریا آتیش
ReplyDeleteپدرام پالیز اخبار بین الملل
ماکان بند خدانگهدار
سینا پارسیان رگ
Thanks for sharing such a nice piece of information to us. This is very knowledgeable for me. I am an assignment expert and I am offering nursing assignment help to students of Australia and all over the world.
ReplyDeleteinspirational quotes for addicts
ReplyDeletedrug addiction recovery quotes
I can tell you have put a lot of work into it. Posts are all wonderful.
ReplyDeleteFamily Lawyers
DiskDrill Pro Crack
ReplyDeleteDiskDrill Pro Crack
ReplyDeleteNeed Academic Writing Help Online or looking for Academic Writing Services UK? Hire Professional Academic Writers for the Best Academic Help.
ReplyDeleteThis is the great blog by the way there is a great opportunity for those who need to avail the service of writing the blog or essay writing as well as assignment writing please contact the six dollar essay for urgent geniune work and in the cheap rates
ReplyDelete