Hack4Fun on PHDays

The forum Positive Hack Days not only discussed current topics of the information security industry and the battles of hackers, but it was also very fun and positive. Today, completing a series of publications about the competitive program of the forum, we will talk about two funny contests that absolutely everyone liked, “The Best Hacker T-shirt” and “ Filling NG ”.

Best hacker t-shirt

What is the easiest way to demonstrate your individuality and positive attitude? Of course, using clothes! To show their creative abilities and add to the forum entertainment could anyone. The competition lasted for two days. The T-shirt necessary for participation in the contest, each participant had to purchase, decorate and wear on their own :)


')
The winner of this original contest was Alexey Sintsov from DsecRG .

It is noteworthy that last year at ZeroNights 2011, a similar T-shirt (with XSS vulnerability on the conference site) presented Denis Baranov from Positive Research during a presentation to the public. So the score is 1: 1;)



But a great raitap with a story about the forum on Alexey’s blog.

NG filling

The final chord of the competition program. At the end of the second day of the forum, participants of the competition, tired of various reports, workshops and hacker battles, could test their skills in hacking web applications protected by a security filter (WAF) and demonstrate their ability to think soberly in any situation. The hype was serious.



To participate in the competition allowed visitors to the forum, over 18 years. The necessary software and hardware needed to be brought along.

The attacked application contained a finite number of vulnerabilities, sequential operation of which allowed to execute commands of the operating system. The contest lasted 30 minutes, and every 5 minutes the participants, to whose actions WAF most often reacted, had to drink 50 ml of tequila - and continue the fight.



The winner was to be the participant who was the first to get the main game flag during the execution of commands on the server, and if nobody could get him, then the maximum number of flags was taken into account. As a year earlier , Vladimir Vorontsov from ONsec won the contest.

By the way, Vladimir in his blog wrote an excellent report on the PHDays 2012 forum, where he spoke about his victory in Nalivayk.

All winners received memorable prizes and gifts [ video ]. Congratulations again!