Forward to victory: PHDays V competition program published

The fifth in a row forum Positive Hack Days will take place on May 26 and 27 at the ITC . Preparation for the event is in full swing: a program of reports and master classes is being formed (you can vote for a particular presentation on the site), the first sites from different countries have joined the PHDays Everywhere initiative, but that's not all.

Traditionally, the forum held many contests. Today we will talk about what competitions PHDays guests and Internet users will be able to take part in, as well as what prizes await the winners.

Competitions on the site

Attention! To participate in most contests you need to bring a laptop.
')

Leave ATM Alone

Physical attacks on ATMs are gradually giving way to intelligent attacks on software. At this competition, anyone can try their hand at finding vulnerabilities in ATMs.



Preparing for the Leave ATM Alone Competition on PHDays IV

The organizers prepared an ATM, the software of which contains vulnerabilities typical for such devices. Participants will be provided access to the interfaces of the ATM modules (dispenser, card reader, pinpad): by capturing them, you can try to withdraw some money from the ATM.

Prizes:

• 1st place - FaceDancer21 , backpack, 3d ATM, souvenirs from organizers
• 2nd and 3rd places - FaceDancer21, 3d ATM, souvenirs

WAF bypass

The task of the contest participants is to bypass the PT Application Firewall - the application-level firewall of the company Positive Technologies. This year, vulnerabilities are embedded in a specially prepared website.



A successful bypass will be counted when passing special flags. Not only forum members, but also all Internet users will be able to try their hand.

Prizes:

• 1st place - iPad Air 2, souvenirs from the organizers
• 2nd place - Sony Xperia Z3, souvenirs
• 3rd place - Burp Suite (annual license), souvenirs

Big ku $ h

This is a veteran contest (read past ratipy: one and second ). Participants should analyze the source codes of the RBS system (it was created specifically for the contest and contains typical vulnerabilities of Internet banking applications), prepare exploits and try to get ahead of other hackers and steal money.

The winner will be the one who cleans the “bank”, its “clients” and other players faster than anyone. The money in our online bank is the most real.



Competition "Big ky $ h" on PHDays III

The image of the RBS system for the preliminary study will be issued the day before the event, and the final competition will be held on the second day at the site.

Players take all the money “taken away” from the system (the prize fund is 40,000 rubles).

Note: The RB System was developed at Positive Technologies for the PHDays forum. It is not a system that actually works in any of the existing banks; while it is as close as possible to such systems and contains their characteristic vulnerabilities.

Choo choo pwn

Critical Systems Security Analysis Competition. This year, the layout of the transport system, built using real industrial controllers and software, has undergone significant changes.



To the detriment of the "plausibility" of industrial equipment, automation of transport security was implemented. Now, as in the real world, we cannot send a command that will lead to an accident: the logic that ensures traffic safety will not allow this to happen. The aim of the competition will be hacking of a complex of means to ensure the safety of vehicles (which can later lead to accidents on the layout).

Prizes:

• 1st place - JTAGulator , backpack, souvenirs
• 2nd and 3rd places - souvenirs

"Pour"

By tradition, crowns the competition program, and indeed the Positive Hack Days forum itself, the atmospheric competition “Filling”. To take part in it, first of all you need to sign a document on the removal of responsibility from the organizers of the competition for what will happen in the next 30 minutes. Allowed everyone who has reached alcohol maturity.

Participants will have to test their hacking skills in web applications protected by WAF (Web Application Firewall), as well as demonstrate the ability to think soberly in any situation. Every 5 minutes, the participants, to whose actions WAF most often reacted, are invited to drink 50 ml of strong hot drink - and continue the fight.



In 2013, the winner of the contest was the famous hacker Geohot.

The winner is the one who is able to first get the main game flag. If no one has received the main flag, then the winner is the participant who scored the maximum number of flags at other stages during the exploitation of vulnerabilities.

Prizes:

• 1st place: samovar, souvenirs from the organizers
• 2nd and 3rd places - souvenirs

Online contests

Anyone who, for whatever reason, will not be able to be in Moscow on May 26 and 27 will be able to take part in special online contests.

Hackquiz

In 2014, three teams participated in the competition - the SESAME team from Tunisia, Brizz from Omsk and the team from the PHDays participants in Moscow. The guys demonstrated that they know what Geohot and Solar Designer look like, they know how to recognize coded messages and are aware of the main epic files for the hacker story. The team from Moscow performed particularly well, having scored the most points.

The first HackQuiz on PHDays was not without lining, but the main thing is that all participants gave each other a good mood, so at the 5th anniversary PHDays we are going to repeat the experiment and invite PHDays Everywhere platforms and participants of the forum in Moscow to join the quiz.

The winners will receive a set of information security security books ( 1 , 2 , 3 , 4 ) by Ryan Russell and souvenirs from the organizers.

Competitive intelligence

The competition clearly shows how easy it is to get various confidential information about people and companies in the modern world. The main skill of a competitive intelligence officer is the ability to find and analyze bits of information scattered in public networks. For three years ( 2012 , 2013 , 2014 ), the participants of the competition show how you can learn the most valuable secrets without breaking anything (or almost nothing).

Each year, the craft of a competitive intelligence officer on the one hand becomes easier because of the dissemination of information on the Internet, on the other - more difficult, since it is more and more difficult to process this data to a person. Therefore, in addition to search engines, participants will need to use special tools and techniques. In addition, the contestants will face traditional web vulnerabilities of various levels of complexity.

Prizes:

• 1st place - iPad Air and souvenirs from the organizers
• 2nd and 3rd places - souvenirs

Best reverser

Familiar to many competition for reverse engineering. Participants must demonstrate skills in analyzing executable files. Those who win prizes will receive FaceDancer21 and souvenirs from the organizers.

Join the battles of IB specialists from all over the world at Positive Hack Days ! See you in Moscow!