PHDays CTF Quals
From time to time, information security experts meet at Capture the Flag competitions to see who is better able to defend or attack. Such contests attract more and more spectators.
Are you familiar with finding vulnerabilities and want to participate?
PHDays CTF Quals, the qualifying stage of the PHDays CTF international data protection competition, starts in December. Chances are equal for everyone: not only well-known teams, but also beginning researchers can try to win a ticket to the final stage of the hacker battle. The tournament will be held at the end of May 2013 at the international forum Positive Hack Days III.
')
Form your team, apply - and go!
Participating in PHDays CTF competitions is interesting for several reasons. Each time the tournament is held in a new original scenario. Hackers do not just hunt for flags, but become heroes of a reality show resembling a computer game. On the first PHDays CTF, it was necessary to protect the SCADA system that controls the Monolith alternative energy source from attacks. The second PHDays CTF is the defense of planet Earth, which has suffered from genetic experiments (the legends of the first and second day of the competition are published on the forum blog). On PHDays III, CTF members will again be in the story, and they will need all their specific skills and abilities, so important in critical circumstances.
The conditions of PHDays CTF Quals, unlike many other similar competitions, are as close as possible to the “combat” ones: the vulnerabilities used are not invented, but do occur in modern IT systems. Task topics cover all relevant issues and areas of information security.
Gaming infrastructure of the first day of the competition
CTF participants will test their strengths in assessing security, searching and exploiting vulnerabilities, as well as performing tasks related to reverse engineering.
Scheme of the gaming infrastructure of the second day of competition
The organizers are trying to “beat” all relevant areas of interest to the hacker and information security community: web security, operating systems, SCADA, ERP, mobile applications.
Constant innovations are a feature of this CTF. At PHDays CTF 2012, for example, for the first time, participants were given the opportunity to compete in the attack and retention of the service system as part of the “King of the Hill” mission: the longer you hold, the more points you get.
Broad online support for competitions is always relevant, because it is clear that not everyone can get on the forum. After the completion of PHDays CTF 2012, participants from the Internet were given access to the infrastructure of the “King of the Hill”. Online competitions were held from August 20 to September 3, 2012. More than 200 participants were registered, among whom only seven were able to score points.
One of the examples of reflecting real IS problems in a playful way was the “ Big $ Kuh ” contest on the second day of the PHDays 2012 forum. The organizers developed a RBS test system in advance, incorporating typical errors of similar products into it. The teams participating in CTF were supposed to protect Internet banking systems, and they had only four hours to find and eliminate vulnerabilities. The hackers in this competition were Internet users participating in the Online HackQuest competition.
Entertainment is the Achilles heel of the CTF competition. However, PHDays was not boring to anyone. The secret was in bonus entertainment tasks.
First of all, it was a huge container with paper waste, which contained additional flags. For each flag found, 7 points were awarded:
Secondly, the interception control quadrocopter AR.Drone. The team that can do this gets 150 points:
The prize fund is not the last of the deciding factors of any competition. All participants of PHDays CTF traditionally receive valuable gifts, and the winners of CTF 2012 shared 300 thousand rubles among themselves.
There is no universal way to win CTF, but we conducted a detailed analysis of PHDays CTF 2012 and found some patterns used by leading teams to achieve success.
For example, members of the PPP team from the USA managed not only to find the vulnerability in the rival services before anyone else, but also to write code that automates the process of its operation. The analysis of the journals showed that they adhered to this tactic throughout the entire CTF: the difference in time between flag inputs into the system often did not exceed two seconds. CoP and Leet More also followed similar tactics.
The victory in the CTF was won by the Russian team Leet More, which received 150,000 rubles, the second were representatives of Switzerland from 0daysober (100,000 rubles), and the bronze and the sum of 50,000 rubles. Spaniards conquered from int3pids. The rules for calculating points for PHDays 2012 are designed in such a way that teams unable to cope with tasks of the same type can compensate for the backlog by solving other tasks - and preserve the chances of winning. To win, the teams needed to be active in all gaming infrastructures in order not to miss the advantage.
Properly chosen balance allowed to make PHDays CTF 2012 truly spectacular, maintaining interest not only of its participants, but also of the audience for two days and one night.
The CTF winner, the Leet More team, lost in the “classic CTF” PPP team for points and Int3pids as part of the overall infrastructure, but at the expense of the points earned in the “King of the Mountain” infrastructure tasks, it came out on top in the ranking. At the same time, the CoP and Eindbazen teams, which held positions in the top three in the overall infrastructure test, could not enter the top three winners in the competition.
The culmination of the competition was the new infrastructure "King of the Hill", which played a key role in determining the winner. Another turning point was the task of protecting your bank account, which was a surprise for teams and allowed Internet participants from around the world to influence the results of the in-person confrontation of the CTF.
And here is a large-scale analytical report on PHDays CTF 2012 .
Registration for the qualifying competition will open on November 28 and will end on December 17, 2012. PHDays CTF Quals will be held from 10:00 on December 15 to 10:00 on December 17, 2012 (Moscow time).
The main PHDays CTF competition will take place on May 22–23, 2013 in Moscow during the third international information security forum Positive Hack Days.
You can learn more about PHDays CTF Quals and register for the competition at: http://quals.phdays.ru .
Are you familiar with finding vulnerabilities and want to participate?
PHDays CTF Quals, the qualifying stage of the PHDays CTF international data protection competition, starts in December. Chances are equal for everyone: not only well-known teams, but also beginning researchers can try to win a ticket to the final stage of the hacker battle. The tournament will be held at the end of May 2013 at the international forum Positive Hack Days III.')
Form your team, apply - and go!
Plot
Participating in PHDays CTF competitions is interesting for several reasons. Each time the tournament is held in a new original scenario. Hackers do not just hunt for flags, but become heroes of a reality show resembling a computer game. On the first PHDays CTF, it was necessary to protect the SCADA system that controls the Monolith alternative energy source from attacks. The second PHDays CTF is the defense of planet Earth, which has suffered from genetic experiments (the legends of the first and second day of the competition are published on the forum blog). On PHDays III, CTF members will again be in the story, and they will need all their specific skills and abilities, so important in critical circumstances.
The conditions of PHDays CTF Quals, unlike many other similar competitions, are as close as possible to the “combat” ones: the vulnerabilities used are not invented, but do occur in modern IT systems. Task topics cover all relevant issues and areas of information security.
Gaming infrastructure of the first day of the competition
CTF participants will test their strengths in assessing security, searching and exploiting vulnerabilities, as well as performing tasks related to reverse engineering.
Scheme of the gaming infrastructure of the second day of competition
The organizers are trying to “beat” all relevant areas of interest to the hacker and information security community: web security, operating systems, SCADA, ERP, mobile applications.
Constant innovations are a feature of this CTF. At PHDays CTF 2012, for example, for the first time, participants were given the opportunity to compete in the attack and retention of the service system as part of the “King of the Hill” mission: the longer you hold, the more points you get.
Broad online support for competitions is always relevant, because it is clear that not everyone can get on the forum. After the completion of PHDays CTF 2012, participants from the Internet were given access to the infrastructure of the “King of the Hill”. Online competitions were held from August 20 to September 3, 2012. More than 200 participants were registered, among whom only seven were able to score points.
One of the examples of reflecting real IS problems in a playful way was the “ Big $ Kuh ” contest on the second day of the PHDays 2012 forum. The organizers developed a RBS test system in advance, incorporating typical errors of similar products into it. The teams participating in CTF were supposed to protect Internet banking systems, and they had only four hours to find and eliminate vulnerabilities. The hackers in this competition were Internet users participating in the Online HackQuest competition.
Entertainment is the Achilles heel of the CTF competition. However, PHDays was not boring to anyone. The secret was in bonus entertainment tasks.
First of all, it was a huge container with paper waste, which contained additional flags. For each flag found, 7 points were awarded:
Secondly, the interception control quadrocopter AR.Drone. The team that can do this gets 150 points:
The prize fund is not the last of the deciding factors of any competition. All participants of PHDays CTF traditionally receive valuable gifts, and the winners of CTF 2012 shared 300 thousand rubles among themselves.
Victory recipe
There is no universal way to win CTF, but we conducted a detailed analysis of PHDays CTF 2012 and found some patterns used by leading teams to achieve success.
For example, members of the PPP team from the USA managed not only to find the vulnerability in the rival services before anyone else, but also to write code that automates the process of its operation. The analysis of the journals showed that they adhered to this tactic throughout the entire CTF: the difference in time between flag inputs into the system often did not exceed two seconds. CoP and Leet More also followed similar tactics.
The victory in the CTF was won by the Russian team Leet More, which received 150,000 rubles, the second were representatives of Switzerland from 0daysober (100,000 rubles), and the bronze and the sum of 50,000 rubles. Spaniards conquered from int3pids. The rules for calculating points for PHDays 2012 are designed in such a way that teams unable to cope with tasks of the same type can compensate for the backlog by solving other tasks - and preserve the chances of winning. To win, the teams needed to be active in all gaming infrastructures in order not to miss the advantage.
Properly chosen balance allowed to make PHDays CTF 2012 truly spectacular, maintaining interest not only of its participants, but also of the audience for two days and one night.
The CTF winner, the Leet More team, lost in the “classic CTF” PPP team for points and Int3pids as part of the overall infrastructure, but at the expense of the points earned in the “King of the Mountain” infrastructure tasks, it came out on top in the ranking. At the same time, the CoP and Eindbazen teams, which held positions in the top three in the overall infrastructure test, could not enter the top three winners in the competition.
The culmination of the competition was the new infrastructure "King of the Hill", which played a key role in determining the winner. Another turning point was the task of protecting your bank account, which was a surprise for teams and allowed Internet participants from around the world to influence the results of the in-person confrontation of the CTF.
And here is a large-scale analytical report on PHDays CTF 2012 .
How to join PHDays III CTF?
Registration for the qualifying competition will open on November 28 and will end on December 17, 2012. PHDays CTF Quals will be held from 10:00 on December 15 to 10:00 on December 17, 2012 (Moscow time).
The main PHDays CTF competition will take place on May 22–23, 2013 in Moscow during the third international information security forum Positive Hack Days.
You can learn more about PHDays CTF Quals and register for the competition at: http://quals.phdays.ru .
Source: https://habr.com/ru/post/160541/
All Articles