If you are brave, clever, skillful

How many tasks need to be solved in order to receive an invitation to the forum, where the information security elite will gather from all over the world? Is the number of successful attacks on web applications equal to the number of tequila glasses drunk? How to fight with hackers all over the planet, without getting up from the couch?

Under the cut a story about the competitive program of the Information Security Forum Positive Hack Days 2012.

Battle for invites

Registration of participants of the forum will begin at noon on May 14. We assume that it will be closed upon reaching the maximum number of applicants - just a couple of minutes after the start, and not everyone will be able to get to the event. Therefore, we decided to hold two competitions in which we will play 20 invitation cards at PHDays 2012.
')

Competition number 1

10 invitations will be played out during the competition called “Blow up the town”, which will be held from May 7 to 25. We will offer participants to solve various tasks and receive special keys (flags); They must be sent to the jury using the form on the personal page of the participant. If the flag is correct, the corresponding points will be awarded for it.

Assignments are divided into the categories "Web", "Crypto", "Reverse" and "Sotsinzheneriya."

Competition number 2

Another 10 invitations will be raffled off during the competition called “Hackers against forsensiki”. Participants will be able to try themselves in the investigation of incidents and the search for malware ("forensic") and in the implementation of sophisticated hacker attacks ("hackers"). Who will be stronger - show the results of the competition.

Hackers embed a trojan in the image of the operating system. The task of the Trojan is to hide, defend and in any way provide the hacker with access to the virtual machine via the Internet. Images will be posted on the resources of the organizers.

The task of the “criminologist” is to investigate the system for the presence of a backdoor laid by the “hacker” and ensure its neutralization.

Contests on the site

Chance to repeatedly fight with each other will be for everyone who can be on May 30 and 31 to be at the Digital October techno center. Do not forget to bring your laptop with you: you will need it to participate in most contests!

NG filling

Bidders need to conduct a successful attack on a web application protected by a security filter (Web Application Firewall, WAF). The web application, in turn, contains a finite number of vulnerabilities, the sequential operation of which allows, among other things, the execution of OS commands.



The total duration of the competition is 30 minutes. Every 5 minutes, the participants, to whose actions WAF most often reacted, are invited to drink 50 ml of strong hot drink - and continue the struggle in the competition.

The winner is the one who will be able to first get the main game flag during the execution of commands on the server. Last year, Vladimir Vorontsov , security expert at ONsec, became the winner in this competition.

Hack2own

As part of the competition, the participants conduct a demonstration of the exploit (each has three opportunities for conducting an attack).

The competition is divided into three categories: exploitation of browser vulnerabilities, exploitation of mobile device vulnerabilities and exploitation of kernel-level vulnerabilities. Pre-registered specialists are allowed to participate. Applications are accepted at phdcontests@ptsecurity.ru until May 28, 2012.

If a participant cannot be personally present at the site on the days of PHDays 2012, the organizers of the forum can arrange a demonstration of the exploit on his behalf.

In 2011, the winners of the Hack2own contest were: Nikita Tarakanov and Alexander Bazhanyuk, representatives of CISSRT, who demonstrated the zero-day vulnerability (CVE-2011-0222) in the latest version of the Internet browser Safari for Windows at that time and won the main prize - a laptop and 50 thousand roubles. The description of the found vulnerabilities were sent to Apple, and a few days later the manufacturer confirmed that there was a problem.

Competition Lock Picking this year will not take place :(

Online contests

In addition to contests on the site, a large number of online contests will take place within the forum, in which any Internet user can take part. If you cannot be in Moscow on the days of PHDays 2012, this will not prevent you from testing your strength in a battle with hackers from around the world.

Hash runner

This competition will test participants' knowledge of cryptographic hashing algorithms, as well as their hacking password hashing skills. Participants will be provided with a list of hash functions generated by various algorithms (MD5, SHA-1, BlowFish, GOST3411, etc.). Points for each decrypted password will be charged depending on the complexity of the algorithm. To become a winner, you need to score as many points as possible in a limited time, overtaking all competitors.

Important! I place winner will receive a special prize - AMD Radeon HD 7970 graphics card.

PHDays Online HackQuest 2012

Participants in this competition will be able to try their hand at solving various tasks on information security. On the second day of the forum, Online HackQuest participants will be able to influence the results of the PHDays CTF 2012 face-to-face competition.

During the competition, participants will be given access to the VPN gateway. After connecting to this gateway, they will have to independently find the target systems and detect vulnerabilities in them. If the vulnerability is successfully exploited, the participant gets access to the key (flag), which must be sent to the jury using the form on the participant’s personal page. If the flag is correct, the corresponding points will be awarded for it.

All flags are in MD5 format. The winner of the competition is the participant who before the others will score 100 points (the maximum possible number). Participants who score more than 100 points will traditionally receive a separate prize :)

In addition, Online HackQuest will be available for participation outside the standings within 14 days after the completion of the PHDays 2012 forum.



All winners and prize-winners of the competitions will receive commemorative prizes and gifts from the organizers of the PHDays forum, the company Positive Technologies, and from the sponsors of the event.

PS The full list of contests is presented on the official website of the Forum Positive Hack Days 2012.