How much does it take to hack a mobile network?
Is electronic government secure
in the era of WikiLeaks and Anonymous?

Is SCADA hacking a Hollywood fiction
or the nowadays reality?
Internet banking: is there any chance to win
over the fraudsters?

Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?

Pages

Thursday, May 22, 2014

The $natch Contest Is Over

The $natch contest took place during Positive Hack Days IV. Contestants needed to detect vulnerabilities in remote banking systems.


The contest was held in two stages. At first, the participants were provided with copies of virtual machines containing vulnerable web services of an online banking system (an analogue of an actual Internet banking system). The participants should detect vulnerabilities in the system within a specified period of time. In the second stage the participants were to exploit the vulnerabilities for unauthorized money withdrawal.

Wednesday, May 21, 2014

Any Participant Can Speak at PHDays


For the first time at Positive Hack Days an open-mic session will be held. Any participant will be able to share details about his or her work and research with world’s leading experts.

Tuesday, May 20, 2014

$natch at PHDays — E-banking System to Be Hacked is Available for Download



Do you want to try what it’s like to be a hacker stealing money from bank accounts? Take part in the $natch contest at Positive Hack Days IV!

You will test your knowledge and skills in exploiting common vulnerabilities of remote banking web services. The task is based on the vulnerabilities that Positive Technologies' experts commonly find during real-life remote banking pentests.

Monday, May 19, 2014

Critical Infrastructure Attack. How to Hack a Whole City

We've heard a lot about industrial control systems that help reduce traffic congestions, save electricity and water, make production processes more efficient.... But what if just one hacker disrupts the whole infrastructure of a city? You think it's just a creepy idea for a sci-fi film? Let's check it!

During the Critical Infrastructure Attack contest participants will be able to analyze the security of ICSs that are commonly used for factories and water power plants, transport infrastructure, illumination systems, oil and gas industry. To win, a participant should detect vulnerabilities and demonstrate their exploitation on the contest city model.

Friday, May 16, 2014

Government and Business Resistance to New Cyberthreats: The PHDays IV Business Program

The security of critical infrastructures, prospects for investment in information security, the expediency of increasing control over the Internet, recent trends of the area of telecommunications, the security of web applications and remote banking systems, new products of the IS market—these are the main topics of the Positive Hack Days IV forum that will be held on May 21 and 22 this year.

PHDays is an unprecedentedly large event that brings together specialists from both sides of the barricade, theory and practice, professional discussion and fascinating competitions. More than 2,000 specialists from 700 organizations in 18 countries will participate in the forum. The organizer is Positive Technologies.

The largest technological companies will join PHDays as partners of the event: Cisco, EMC, ICL-КME CS, Intel Security, Kaspersky Lab and Mail.Ru are among them. The forum is organized with the informational support of 27 leading business and specialized media companies. Main media partners are the Expert magazine, BFM.ru (a business information portal), the Hacker magazine, the Internet portals SecurityLab.ru and Anti-Malware.ru, and the Bankir.Ru news agency.

Thursday, May 15, 2014

PHDays Cyberpunk Devourers Night

Many occupations are described in literature and cinemas. There are songs about pilots and scientists, films about sailors and doctors, novels about killers and bankers. However, millions of coders and other computer specialists get undeservedly little attention in the mass culture. You will hardly find a really worthwhile book or film about hackers.


But that’s unfair! Just think about admins —no company can do without them. People run computer programs on their smartphones even more often than they talk to their family members. Where in the world are inspiring stories about people who create and hack digital universes?

Wednesday, May 14, 2014

Hackspaces from Four Different Countries Join PHDays Everywhere

Specialists in information security, scientists, politicians and businessmen will soon meet up in Moscow at the international forum Positive Hack Days. And this year, for the third time straight, people from other counties will be able to join the forum thanks to the PHDays Everywhere program (find more about last year's activities in the forum's blog).

On May 21 and 22, hackspaces of different countries will open their doors to all comers. Hackspaces from Abu Dhabi (UAE), Birzeit (Palestine), Kiev and Lviv (Ukraine), and from such Russian cities as Krasnodar, Moscow, Murmansk, Novosibirsk, Omsk, Samara, Saratov, Ufa, Vladivostok, Vologda have already joined the initiative.

Thursday, May 8, 2014

Competitive Intelligence Contest at PHDays III Writeup

Many things changed since the contest Competitive Intelligence was held last time. Snowden exposed NSA, it turned out that not only gossip-hungry housewives interfere in people’s lives on the Internet, but also serious specialists with the help of MIT mathematicians. The security of both proprietary and open-source protocol implementations proved to be far lower than expected. Algorithms for processing big data in cloud solutions nowadays allow tracking correlations of bitcoin transactions, which previously were considered safe and anonymous….

Three winners — those, who solves the task quicker than others, will receive free tickets to PHDays IV, where they will be generously awarded. The prize for being the first is iPad. The contest will be held one week before the forum and will last for two days — May 15 and 16.

You are welcome to register at http://www.phdays.com/registration/.

If you have any questions email them to ci@ptsecurity.com.

This year's contest sponsor is Zecurion.



Writeup Cometitive Intelligence PHDays III

The main idea for the "Competitive Intelligence" competition was to employ real-world methods for data collection and analysis, penetration testing, search mechanisms and deductive reasoning as well as to access audience’s awareness level of information security.

Unlike in 2012, since the tasks proved more difficult, this year no one managed to solve all of the challenges. Winners collected 12 correct answers and were ranked based on how much time they spent completing the activities.

Now, let’s estimate the results, provide correct answers for those that failed and review the amended list of winners.

The company to work with was Godzilla Nursery Laboratory - as international company breeding and selling companion godzillas. Godzillas were chosen deliberately as they "guarded" a railway in the Choo Choo Pwn competition.


Google directly hints that the official site of this company with a nice logo is www.godzillanurserylab.com, and most employees have LinkedIn profiles. Well, come on!

Wednesday, May 7, 2014

PHDays CTF Quals: Tasks Analysis

Positive Hack Days CTF is an international information protection contest based on the CTF (capture the flag) principles. Several teams are to defend their own networks and attack the networks of the other teams for a specified period of time. The contestants need to detect vulnerabilities in other teams' systems and to obtain sensitive information (flags) while detecting and fixing vulnerabilities of their own systems.

Today we would like to analyze certain interesting tasks that were offered to participants of the past contests.

History and Geography

This year PHDays CTF takes place for the fourth time. The contest was launched during the Positive Hack Days forum in 2011. Back then, the team PPP from the US was the winner. The following year in 2012 Leet More from Russia took first place. In 2013 at PHDays III, Eindbazen from the Netherlands took the top prize. Teams from all over the world — from the USA to Japan — participate in PHDays CTF every year.


More than 600 teams from all over the world have registered to take part in this year’s PHDays CTF.


Tasks and the Atmosphere

Traditionally, tasks and infrastructure are prepared based on a legend of the contest, which would turn a set of tasks into a fascinating competition. Last year, PHDays CTF participants tried to save the fictional world D’Errorim. The upcoming contest will continue the plot.