Standoff Positive Hack Days: Attackers Set to Rematch

Very soon the Positive Hack Days forum will start, and with it the most awaited part of it - the cyber battle between hackers and security guards Opposition. Last year, as we remember, hackers failed to capture the city completely , so one of the most pressing issues of this year, which worries not only participants, but also forum visitors - will they manage to take revenge? We talked with the attacking teams, got to know their attitude, plans for the game and, of course, predictions.

Characters

This year, the organizers revised their approach to attacking, leaning toward the professional teams. “Our main task in the framework of the PHDays hacker part is to show the hacker world to people as clearly as possible. Therefore, not only CTF regulars, but also pentesters with a rich arsenal of a hacking, systematic and at the same time very creative approach to the business, were invited to the role of attacking, ”said PHDays organizing committee member Mikhail Levin.
')
The lion's share of the participants - during the free from Positive Hack Days time :) - successfully works in the field of pentest, and some of them participate in the Confrontation as representatives of this or that company. So, on the side of the 9 teams attacking in the Opposition 2017 version:

• Antichat,
• Rdot.org,
• BIZone (BIZON),
• PwC Cyber ​​(PwC),
• Vulners (QIWI),
• KansasCityShuffle,
• True0xA3 (Information Protection),
• "CARKA" (Zarka, Kazakhstan),
• Hack.ERS (world team).

"Who does not know how to attack, he does not know how to defend"

Some teams are seriously preparing for the confrontation and, of course, have Napoleon's plans for the game. The Antichat team, for example, has renewed its composition and, like last year, goes to the Opposition for an absolute victory. For the Rdot.org team, participation in competitions is a kind of tradition. For the BIZone team, whose members are part of the BalaikaCr3w, EpicTeam CTF teams, it’s an opportunity to play once again. He is supported by his colleagues and the captain of the Antichat team, who considers PHDays to be an indispensable stage in the formation and development of any Russian CTF team. Although everyone has plans to enjoy the game, plunge into the atmosphere and feel the spirit of competition (and for good reason - these plans will surely be fulfilled and even be exceeded).

Although for most teams, participation in the Opposition is first and foremost a training, an opportunity to demonstrate and test your strength. Interest also plays a significant role: in real life, due to the specifics of the work, it is rarely possible to “touch” such an infrastructure, as recreated on PHDays. “We have been visiting PHDays for many years and mainly participated in small competitions. This year, we realized that we were ready for a standoff. It is important for us to see how the guys will interact with each other, to establish the correct process among the team members, to learn our weak and strong sides, ”shared a member of the CARK team Olzhas Satiev.

Pavel Sorokin (True0xA3) reports: “We have a lot of experience in conducting various penetration tests, which allow us to identify the key security flaws in our customers and offer them the most effective solutions to eliminate these flaws. PHDays is an excellent event that allows you to hone teamwork, unite employees, increase expertise in working out practical cases. This year we stand under the motto "Who does not know how to attack, he does not know how to defend."

Igor Bulattenko, a member of the Vulners team, agrees with him and also believes that a good security officer should know what methods and techniques the attackers will use to attack his infrastructure: “The confrontation will allow you to go into the shoes of the attacking side, try to find weak spots in a well-built protection system. This experience may help us to take a fresh look at protecting our servers and improving something. ”

We will attack everything

And participants will be trained on what. Familiar in the past PHDays city has grown significantly, both in size and in population. This time the organizers decided to give hackers and defenders not separate objects, but the whole city - with traffic lights, cars, houses, hundreds of residents. All objects are interconnected with each other and technically not much different from the real city.

What infrastructure objects will hackers attack? Of course, none of them is in a hurry to reveal all the secrets, but we still managed to find out something. Most teams are guided by their own real experience. The Antichat team plans to attack objects with a web interface, since they have the most specialists in this area, and maybe they even implement several social attack scenarios. According to Nikita Vdovushkina, a member of the BIZone team, they would gladly try to immediately get into the banking or office infrastructure, since in real life their company BIZon specializes in the banking sector.

The teams also shared their thoughts on perceived vulnerabilities. The Vulners team expects classic misconfiguration errors, standard uchetok, forgotten services and classic web vulnerabilities. One of the members of the BIZone team suggested that there would be many interesting and complex binary vulnerabilities for exploitation. Pavel Sorokin: “We are interested in how the organizers will beat the ShadowBrokers plum. Will there be vulnerabilities under these exploits on the Confrontation? And I wonder how the defenders will defend against them. "

In general, participants have positive expectations from the game. They rely on complex and interesting vectors, hardcore, clear rules and a transparent scoring system for both attackers and defenders. And of course, they hope for the right balance of power. Igor Bulatenko: “Last year, it seems to me, the forces were not on the side of the attackers. I hope that this year the organizers will be able to solve this problem and bring more realism to the life of the city. ”

Hacker Arsenal

Last year, hackers rushed into battle almost with bare hands. Participants decided not to repeat past mistakes and prepared an entire arsenal. This time, the standard security analysis tools will be used - a gentleman’s set of pentester and reverseserver, as well as tools accumulated during real pentest and participation in the CTF.

Antichat team promises to use widely known Linux distributions specially designed for penetration testing: BlackArch, Kali. And if we talk about specific software, then Burpsuite, Metasploit Framework, and also Radare2 are indispensable tools, according to the team.

Most impressed by the Rdot.org team. Here is an incomplete (!) List of their tools: sabotage software for infecting automated process control systems, 0day exploits for browsers and web applications, femtocells and frameworks for OTA operation, radars and radio signal amplifiers, skimmers and RFID programmers for falsifying smart cards and bank cards, atomic force microscopes and a chemical laboratory for analyzing chips, IoT botnets for organizing DDoS attacks, night vision devices and telescopes for observing rivals monitors, certified forensic equipment for DMA attacks, bitwise copying of hard disks and data formation, EFI backdoors for infecting rivals' devices and infrastructure, equipment for detecting and decoding side electromagnetic radiation and removing information via acoustic channels, ASIC and GPU farms for brute-force attacks, cluster of machines on Amazon for organizing source and source fuzzing for mass scanning, resistors and multimeters for attacks of the class of differential power analysis, as well as various trojans and software and hardware for their delivery, such as bundles of exploits, malicious USB and PCI-E devices .

Chances are 50 to 50

In general, in the camp of attacking moods are more than decisive. And there is some competition between the attackers themselves. Old men Antichat, for example, are confident that “all hackers have chances,” however, they note that only LC↯BC can compete with them, and they do not plan to participate in this competition.

Olzhas Satiev: “Some teams are not involved for the first time, therefore, they have more experience. Yes, we are new, but with a fresh look :) - and we will do our best to achieve our goals. ”

But about attacking opponents in most cases, speak out with restraint. Nikita Vdovushkin (briskly) believes that “in the real world it is quite difficult for defenders to quickly respond to attacks and close vulnerabilities while maintaining the availability of services, since services can reach huge sizes of several thousand lines of code. “We believe,” he says, “that the success of the defenders depends largely on how the organizers manage to reflect this aspect of the real world in the competition.”

Pavel Sorokin relies on experience and well-executed training: “We will strive for victory! We are preparing for the Confrontation and we hope that our preparations will help us achieve the goal. " Well, Antichat and does not leave the defenders any chance.

***

How will protection respond to this challenge? The answer to this question in our next article. Follow the news!

We remind you that the forum will take place on May 23-24, 2017 in the Moscow International Trade Center. Tickets for Positive Hack Days can be bought here .