How much does it take to hack a mobile network?
Is electronic government secure
in the era of WikiLeaks and Anonymous?

Is SCADA hacking a Hollywood fiction
or the nowadays reality?
Internet banking: is there any chance to win
over the fraudsters?

Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?

Pages

Thursday, June 19, 2014

PHDays IV CTF: How It Was

Positive Hack Days IV, which was held on May 21 and 22, traditionally hosted a CTF contest. During two days, ten teams from six countries hacked rivals' networks and beat back attacks.

Positive Hack Days CTF's game infrastructure and tasks are usually designed according to a legend that adds special appeal to the contest. During the last year's CTF, participants became the saviors of the fictional world D’Errorim. As the task was solved, they realized that they were fighting on the wrong side, and now their own home is in danger. So the plotline of PHDays III CTF and PHDays IV CTF are related.

The text of the legend is available on the forum's website.

The game principle

There are usually two types of CTF contests. First, task-based contests, where the goal is to solve tasks. Second, attack & defense contests, during which teams need to protect their systems and attack other teams. Positive Hack Days CTF combines these concepts and add original game mechanics. For instance, in addition to standard tasks and services that contains vulnerabilities, PHDays CTF organizers developed unique quests with limited lifetime, bonus for which depends on how many teams solved these tasks.



Moreover, organizers provides an opportunity to earn additional points by taking part in the basic program's contests. In 2012, teams tried to get flags by dumpster diving. During PHDays III, participants received additional points if they managed to pass through a special labyrinth.

This time, participants could try themselves in discovering vulnerabilities in industrial systems and protocols during the Critical Infrastructure Attack contest. RDot, one of the teams, gained additional points during this contest.

The main task of the second day was security assessment of a real QIWI terminal that was set at the venue. Before the contest began, CTF teams were provided with copies of software installed on the terminal. Then they had full physical access to the terminal (including connection of other devices). Participants needed to transfer money (313,370 rubles) to a special digital wallet. More Smoked Leet Chicken was the closest team to win.

Visualization

To make the competition more entertaining, the organizers developed a special visualizing system in the fantasy style last year. This year organizers renewed the system. The special application for iOS and Android allowed anyone to watch the game on his or her phone display (the application is still available).


Visitors of the forum could watch the game on big screens.

Winners

The contest was really fierce. During two days of the forum, different teams enjoyed the leading place at various times. Several teams were in the top-3 during the contest: ntr3pids, More Smoked Leet Chicken, Dragon Sector, SecurityFirst, Reallynonamesfor, BalalaikaCr3w and Ufologists.

The Polish team Dragon Sector became the winner. int3pids from Spain took second place, and the Russian team Balalaika Cr3w came third.


Teams from all over the world — from the USA to Japan — participate in PHDays CTF every year. More than 600 teams from all over the world have registered to take part in this year’s PHDays CTF.

This year PHDays CTF took place for the fourth time. The contest was launched during the Positive Hack Days forum in 2011. Back then, the team PPP from the US was the winner. The following year in 2012 Leet More from Russia took first place. In 2013 at PHDays III, Eindbazen from the Netherlands took the top prize. Now we can say that a tradition has been established: every year a new team from a new country wins the contest.

No comments:

Post a Comment