How much does it take to hack a mobile network?
Is electronic government secure
in the era of WikiLeaks and Anonymous?

Is SCADA hacking a Hollywood fiction
or the nowadays reality?
Internet banking: is there any chance to win
over the fraudsters?

Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?


Tuesday, April 15, 2014

PHDays IV Competitive Program

There is little time left before the beginning of PHDays. The CTF finalists are already determined, we develop the conference program (see part 1 and 2) and prepare PHDaуs Everywhere activities. Surely, not only exciting talks and hands-on labs, but also awesome contests are waiting for the visitors!

A bit of history

Traditionally, at Positive Hack Days the main focus is on practical contests, which allow attendees to demonstrate their skills in hacking and protection.

Last time the PHDays contestants tried to protect the industrial control system of a miniature railroad model, practiced lockpicking, searched for breaches in a specially crafted Internet banking system and “stole” money right from an ATM. The hit of the show was the hacking labyrinth, full of laser motion sensors, imitators of covert listening devices and other cool stuff. Only at PHDays can you experience these and other adventures (such as analyzing network security or reverse engineering). Check out the contests below, prepared this time for white hats from all over the world.

Check out the contests below, prepared this time for white hats from all over the world.

Challenges at the Venue

Please note that you will need a laptop to participate in the majority of the contests.

Critical Infrastructure Attacks (CIА)

The challenge of analyzing security of real ICS systems controlling a railway model (Choo Choo Pwn) was a real specialty of PHDays III. Afterwards, its organizers had a real rock-star experience touring from one security conference to another around the world (see reports on Seoul and Hamburg).

This time the contestants will be provided with access to the ICS network and (during a limited period of time) will try whether to disrupt the operation of some components of the toy world or to obtain controlled access to the targets. Check out how it looked last year.

The winners will be awarded with prizes by the forum organizers.


This challenge allows any PHDays attendee to try what it’s like to be hacker stealing money from bank accounts — without any risk of law problems at all.

The contestants will test their knowledge and skills in exploiting common vulnerabilities of remote banking web services. The tasks are based on the vulnerabilities that Positive Technologies experts commonly find during real-life remote banking pentests.

The contest is held in to stages. First, the participants will receive copies of virtual machines with vulnerable web services (an analogue of a real remote banking system with common vulnerabilities). The aim is to detect specially planted vulnerabilities during a set period of time. The next step is to exploit the vulnerabilities to withdraw money from a special account.

The winner receives the “stolen” money as a prize!

Survive Hacking

This is onу more contest of a Hollywood blockbuster type. The contestants had to go through a labyrinth full of obstacles: to pass laser motion sensors, solve puzzles, outwit artificial intelligence and deactivate a bomb. To pass the PHDays III labyrinth quicker than others one had to try really hard!

This year the challenge promises to be even more exciting – bugs and lasers will be complemented with new hi-tech tasks. The winners and successful participants will receive excellent prizes from the forum organizers.

WAF Bypass

The organizers provide an archive with a web application source code, containing multiple vulnerabilities specially planted in it. The vulnerability scanning report by Application Inspector will also be available. The task is to bypass a new system of protection — Positive Technologies Application Firewall, that will be guarding the web application. With the source code provided, the participants will be able to verify the existence of the detected vulnerabilities and try to find other ones.

The winners will receive prizes from the organizers of the forum.

Leave ATM Alone

Last year PHDays contestants were probing ATM physical security, this time it was decided to change the approach. The contest Leave ATM Alone will challenge the skills of exploiting ATM software vulnerabilities.

The access to the physical control level of some modules will be provided. Contestants will try to analyze and leverage it to obtain full control on the device. The winners will be awarded with presents.


The aim is to make a call from an old coin telephone using a special phone number. The coin has to be returned to the organizers. The results will be announced on the second day of the forum. The jury will take into account the originality of applied methods. Last year the contest quite popular with the attendees.

Apart from prizes, the winner will be able to keep unique PHDays coins that can substitute usual telephone tokens.


This is already a Positive Hack Days’ classic. At the end of the second day of the forum, when all the battles are over, the CTF winner is named and everyone wants to relax and have a nice time in an informal setting, this utterly atmospheric contest starts. The contestants should successfully attack a web application, protected by a security filter. The application contains a number of vulnerabilities, a successive exploitation of which allows, among other things, OS commands execution.

The contest time is limited to 30 minutes. After every 5 minutes the contestants whose attacks were registered oftener than others’ drink a 50 ml shot of a strong drink and go on hacking. The winner is the first who manages to capture the main flag via executing server-side commands.

2drunk2hack was such fun that during the last year’s competition even geohot himself, after finishing his CTF competition as a member of PPP, couldn’t resist the temptation to join the participants. By the way, he managed to win the contest!

The winners will receive souvenirs and keepsakes from the organizers of the forum.

Online Contests

Those of you who, for some reasons, cannot come to Moscow on May 21 and 22, are welcome to join the contest participants online.

Hash Runner

This contest challenges the attendees’ knowledge in crypto algorithms hashing and skills in cracking hash passwords. The contestants will receive a list of hash functions generated by various algorithms (MD5, SHA-1, Blowfish, GOST3411, etc.). To become a winner, a participant should score the highest number of points during a limited time, leaving all rivals behind.

Any Internet user can participate. The registration via will open on May 8 and will be available until the beginning of the forum.

The organizers promise excellent prizes for the winners.

PHDays Online HackQuest

The contest is organized by PentestIT. The tasks will be develo9ped by PentestIT, Ares (the developer of Intercepter-NG), Yury Khvil (malware analysis at CSIS) and Ivan Novikov (d0znpp, OnSec).

The attendees of PHDays Everywhere hackspaces can also take part in this contest, they will have a separate team scoring. The game infrastructure, crafted to be as close to real one as possible, will be represented by a distributed network including a several branches of a target enterprise. Each successfully solved task brings a flag. The winner is the person with the highest number of flags.

The winners of the contest will be awarded with cool prizes from the PHDays organizers and PentestIT.

Competitive Intelligence

The contest challenges the attendee’s skills in quickly and thoroughly searching and analyzing data on the Internet, in using technical tools and methods of competitive intelligence.

Not long before the start of the forum the organizers will publish some questions concerning n organization, information on which is available on the Internet. The aim is to find as many right answers as possible with minimum time.

Any Internet user is welcome to participate. You can register via starting from May 9. (Check out the report on the last year’s contest.)

Successful participants will receive free invitations to PHDays IV, and the winner will additionally get presents from the organizers.

Tweeting and Blogging Contest

You can become a contest winner at PHDays not only by hacking, but also by demonstrating your writing and reporting skills.

First of all, Twitter users get a wonderful opportunity to win nice prizes and free invitations to Positive Hack Days in 2015. Last year Artyom Ageev won the contest and has a right to get a free invitation to PHDays IV.

To participate, subscribe to our account on Twitter @phdays and during the two days of the forum tweet with the hashtag #PHDays, telling your followers about what’s going on at the venue: commenting contests, noting interesting talks, hands-on labs, etc. After the forum the organizers will evaluate the “broadcast”, count the number of deserved retweets and announce the winner.

However, if you are not a master of miniatures and prefer traditional blog posts to 140 characters, don’t get upset. Post an exciting story with your feedback on attending PHDays, participating in the contests and labs, then send us the link via Twitter, Facebook or VK. The winner will receive a prize and an invitation to PHDays in 2015.

Don’t forget that we prepared additional exclusive contests for the attendees of PHDays Everywhere hackspaces.

Join the battles of information security specialists from all over the world as part of Positive Hack Days!


  1. SHAREit
    UC Browser
    MX Player Thanks for sharing.I found a lot of interesting information here. A really good post, very thankful and hopeful that you will write many more posts like this one.

    1. I think that here you can get more advices on thesis. It will help you for sure and I know what I am talking about امیر تتلو
      I think that here you can get more advices on thesis. It will help you for sure and I know what I am talking about
      مهدی جهانی

  2. I think that here you can get more advices on thesis. It will help you for sure and I know what I am talking about

  3. Have you any other information about IV Competitive Program because I have read it completely but want to get complete information because my friend are going to add this on their in ireland cipd assignments project so, if you have more information about it so please share with me. I am searching to get more details about it from internet.

  4. Prudencia SolísMay 19, 2019 at 9:38 AM

    There are more than 7 jobs offered at the Regional Blood Center Peshawar - RBC. You can find all Regional Blood Center Peshawar - RBC Jobs 2019 on this page with the complete information, including last date to apply, qualification requirement for Regional Blood Center Peshawar - RBC jobs. Check the eligibility criteria for the vacancies, form to apply, phone number, email, address and website to apply for jobs. source

  5. The following article is a Zenith Labs Probiotic T 50 review, a product that has been widely acclaimed and used. We are going to get into the supplement and test out its genuineness.

  6. Our nursing writing services services are very affordable as we provide you with work that is at a golden equilibrium, try our custom assignment writing services today.

  7. I am glad that I saw this post. It is informative blog for us and we need this type of blog thanks for share this blog, Keep posting such instructional blogs and I am looking forward for your future posts.
    Cyber Security Projects for Final Year

    JavaScript Training in Chennai

    Project Centers in Chennai

    JavaScript Training in Chennai

  8. Call Girls In Gurgaon
    Independent Call girls in MG Road are available at MG Road Metro station located in Gurgaon, Haryana.
    The Escorts service in MG Road is located on the Yellow Line of the Delhi Metro.
    The station has two beautiful sides for
    escorts in MG Road – DLF City Center and MGF Metropolitan MG Road call girls- on either side of it.
    It is also in the vicinity of residential complexes such as Beverly Park, Essel Towers and Heritage City.

  9. Thanks for sharing such a nice piece of information to us. This is very knowledgeable for me. I am an assignment expert and I am offering nursing assignment help to students of Australia and all over the world.

  10. I can tell you have put a lot of work into it. Posts are all wonderful.

    Family Lawyers

  11. Need Academic Writing Help Online or looking for Academic Writing Services UK? Hire Professional Academic Writers for the Best Academic Help.

  12. This is the great blog by the way there is a great opportunity for those who need to avail the service of writing the blog or essay writing as well as assignment writing please contact the six dollar essay for urgent geniune work and in the cheap rates

  13. Sims 4 cheats-the ultimate resource for cheats, codes, guides and more for The Sims 4 on the PS3, Xbox 360, PS4, Xbox One and PC!

  14. This seems fun. While I was reading this, I was wishing I had chosen MCS instead of an MBA. I will share it with a friend who is a computer science student, he would love to participate in PHDays. He once helped me find a cheap Mba Dissertation Help UK service that ended up saving my dissertation. Hence it would be unfair if I don't share this post with him. He should know about PHDays.

  15. HIRE essay typer TO WRITE AN EXCELLENT ESSAY FOR YOU? How good it will be if someone will complete your challenging Economics essay on Market Structures?

  16. IOBIT Driver Booster Pro Key is a great software that helps you to find old drivers and update to the latest version. With nearly 1 million driver databases you can easily find outdated software and update instantly without any problems. With just one click you have the ability to identify all the software that needs to be updated.
    IOBIT Driver Booster Pro Key provides detailed information about devices, game components, vendors, providers and versions to give you the best performance.

  17. FL Studio Crack is a very powerful software for music production. You can also create or produce very extraordinary and remarkable music. If you use interface software for music production, which is very simple and effective to use, then your work gets organized very well. It provides a unified developed environment for you. Also, this software is digital music. The software provides users with more advanced and original ideas for music production. Both newcomers and professionals are comfortable using this software. A user can easily mix, arrange and compose a variety of songs. You can record and edit music as you like. The music master gadget in the software can also produce high quality music. FL Studio 12 Crack

  18. 4K Stogram Crack is a professional Instagram downloader. The program also allows you to download and backup Instagram photos and videos from a personal account. 4K Stogram License Key Just enter your Instagram username or photo link and press the "Follow User" button. Open new horizons and new horizons from the desktop.