News

5/30/2025

Technological cooperation as the basis of digital sovereignty: over 40 countries discussed the idea of cybersecurity collaboration at PHDays Fest

The international cybersecurity festival Positive Hack Days, hosted by Positive Technologies, a leader in result-driven cybersecurity, took place in Moscow's Luzhniki sports complex on May 22–24. The event was supported by the Ministry of Digital Development of Russia. The Moscow Government acted as a strategic partner: this year's cyberfestival received support from the Social Development Complex, the Department of Information Technology, and the Department of Entrepreneurship and Innovative Development. How can we ensure a secure digital future for everyone and build sovereign cybersecurity in every country? How can we achieve technological independence and professional readiness to autonomously maintain cyber resilience under any circumstances, using only our own cybersecurity specialists? Is it possible for a country to train skilled personnel independently, without interacting with experts from other countries and global industry leaders? These were just a few of the questions that delegations from over 40 countries, including Latin America, Africa, Asia, and the Middle East, discussed at the largest cybersecurity forum. Among the participants were representatives of government bodies and cybersecurity agencies, business leaders, renowned tech experts, software developers, and ethical hackers. This PHDays Fest has been the largest in its history since 2011. Over 150,000 people visited the three-day event, with more than 180,000 viewers tuning in online. The technical sessions were grouped in 26 tracks and featured 270 talks covering key cybersecurity issues. More than 500 speakers participated in the festival, ranging from budding tech enthusiasts to top specialists, CIOs, and CISOs of major IT companies. Geopolitical confrontations have exposed the problem of the world's digital architecture: dominant control by large vendors and the infringement of individual countries' interests through restricted access to technology and equipment. Global tech giants wield enormous influence; dependence on them can paralyze a national economy and undermine technological sovereignty. It was previously believed that there were hardly any worthy alternatives to their solutions in the global market. However, Russia managed to maintain digital sovereignty by combining the efforts of government agencies and strong domestic vendors: since 2022, it has been rapidly developing its own technologies, solutions, and services with a focus on security. Having successfully mastered these challenges, Russia can share its unique experience in achieving digital autonomy with friendly countries and partners. An innovative idea on how to achieve digital sovereignty was proposed at PHDays Fest by Positive Technologies. The concept is based on the idea that strategic cooperation and mutual exchange of expertise can become a source of strength. For example, when developing technologies or products, partners depend on each other only in terms of sharing knowledge and practical experience. Such synergy can be achieved by moving away from the traditional schemes of importing IT and cybersecurity solutions, which plunge countries into complete dependence on suppliers. Instead, cooperative partners, whether countries or commercial enterprises, can progress together by complementing each other. The concept was positively received by Russian experts and supported by delegates from other countries. Positive Technologies declared its willingness not only to launch this initiative, but also to take a leading role in its implementation. The company's experts are ready to openly share their unique experience in the field of cybersecurity, accumulated over more than two decades, with friendly countries. They offer practical expertise in protecting individual facilities and entire economic sectors, as well as methods for developing effective cybersecurity systems. To foster the growth of local professional talent, the company will act as a mentor and allocate resources to train and upskill cybersecurity specialists and ethical hackers. Positive Technologies also intends to develop local expert communities. This way, the vendor will help partners establish the necessary technological foundation and properly build a sovereign cybersecurity industry, which the partners will be able to maintain and improve independently, relying on their own well-trained and highly qualified specialists. The company took its first steps in this direction in 2024, specifically by launching an international training program for cybersecurity professionals. In addition, Positive Technologies helps to enhance the competencies of cybersecurity leaders in financial institutions of the Gulf countries to better protect the local financial sector. The idea of co-developing new digital architectures that would be based on security principles and prevent situations where a few large vendors have unlimited power, as well as the idea of working together to fill the gaps in cybersecurity education through expertise transfer were consistent themes throughout the forum sessions during the festival. The business program included over a dozen discussions and plenary sessions. International participants particularly noted the relevance and global significance of the issues raised. Digital sovereignty: eliminating dependency through international cooperation The subject of the plenary session opening the forum was digital sovereignty—the ability of a country to ensure its technological independence and security. As emphasized by Maksut Shadayev, the Russian Minister of Digital Development, this primarily means protecting the interests of users and national security, regardless of external pressure. In his opinion, special attention should be given to the uninterrupted operation of services and maintaining citizens' access to advanced technologies. Eduardo Villegas Megías, the Ambassador Extraordinary and Plenipotentiary of Mexico to Russia, confirmed that the issue of technological dependency is global in nature. As the diplomat noted, technological lag is embedded at a fundamental level. Even when working with popular programming languages like Python, strong English skills are required. This creates a sense of dependency and additional barriers to technological development. The energy sector is facing especially serious challenges in the current geopolitical situation, according to Russian Energy Minister Sergey Tsivilev. The far-reaching digitalization of the industry, on the one hand, opens up new opportunities, but on the other, makes it a target for cyberattacks. However, if a country isolates itself within its national borders, it will be left behind in the face of rapid technological advancement. To ensure the industry's competitive position, the Ministry of Energy has developed a 2050 strategy that aims to create world-leading technologies. However, no single country can ensure full technological security on its own. International exchange of experience and collaborative development of solutions are essential, according to Ahmed Mustafa Al-Issawi, Director of the Personal Office of H.E. Sheikh Suheim bin Ahmed Al Thani and Investment Director of Al Adid Business. Qatar is actively developing as an international hub for technological innovation, bringing together leading companies in the fields of cybersecurity and big data. Special attention is given to educational programs: scholarship initiatives enable students to study cybersecurity at universities in various countries, including Russia. Having originated from a community of hacking enthusiasts, the cybersecurity industry has maintained a spirit of cooperation: fundamental interests of different companies often align despite the competitive environment. The annual PHDays Fest shows that even competing companies can work together effectively to address common challenges related to digital sovereignty. In the modern world, technological sovereignty requires a new approach: a shift from isolationism to strategic cooperation. Attempts by individual countries to independently develop complete analogues of all foreign technologies from scratch are destined to fail, resulting in a futile race. Yury Maksimov, co-founder of Cyberus, noted that the solution lies in jointly building a new digital architecture where collaboration becomes a strategic advantage, not dependency. Between innovation and risk: how to manage technology The panel discussion "Humanless technology: liberation from routine or path to digital slavery?" delved into how to control digitalization without stifling innovation. Journalist and TV host Vladimir Pozner, who moderated the session, emphasized that the rapid development of technology is a global challenge and has the potential to change people. According to Sergey Kravtsov, the Minister of Education of the Russian Federation, digital products are primarily commercial products that people, especially children, can become addicted to. Therefore, these products should be consumed in moderation. At the same time, the minister noted that the education system needs technology, but it must be safe. According to Andrey Belevtsev, Senior Vice President and Head of Technology Development at Sberbank, developers should establish technology development guidelines from the early stages to ensure that their products remain safe as they mature. The speaker added that in the case of generative artificial intelligence, it is fundamentally important to integrate standards of expected behavior into the models, test the algorithms for compliance with these requirements, and monitor all development stages. According to Denis Baranov, CEO of Positive Technologies, when new technologies emerge in the world, they are immediately adopted by experts, ordinary citizens, and cybercriminals alike. Digital products have become widely accessible, and their development is unstoppable.

5/25/2025

Millions for bugs: total rewards for ethical hackers on Standoff Bug Bounty exceed 240 million rubles

To celebrate the platform's third anniversary, 17 organizations were awarded for their contributions to the advancement of the Russian bug bounty market During the international cyberfestival Positive Hack Days, the Standoff Bug Bounty platform summarized its progress over the past three years. Since its launch, Standoff Bug Bounty has attracted nearly 25,000 cybersecurity researchers from 60 countries worldwide. The total amount of rewards during this period was 242 million Russian rubles. Over 100 bug bounty programs have been published on the platform, each contributing to the enhancement of business and government security. An award ceremony for the best bug bounty program owners took place during the plenary session of PHDays Fest on Saturday, May 24. From May 2022 to May 2025, more than 25,000 bug hunters from 60 countries in Asia, the CIS, the Middle East, as well as Europe, Africa, and Latin America registered for Standoff Bug Bounty. Over the past year and a half, the number of ethical hackers on the platform has more than tripled, and the total number of vulnerability reports submitted has increased more than fivefold to 10,900. Other metrics are also growing rapidly: since November 2023, the number of unique vulnerability reports accepted by customers has more than tripled (4,772), as has the number of critical vulnerabilities found (520). According to these metrics, Standoff Bug Bounty is the leader among similar Russian platforms. The maximum reward amount offered on Standoff Bug Bounty is nearly 4 million rubles, which is an increase by 39% compared to 2023. This is the largest reward among Russian bug bounty platforms. The average payout for an accepted vulnerability reached 58,000 rubles. Over 100 bug bounty programs have been launched on Standoff Bug Bounty, and some of them aim to research scenarios of non-tolerable events. The platform has a wide range of customers: from small and medium-sized businesses to the largest Russian marketplaces, media holdings, government institutions, and regional governments. The largest number of vulnerability reports was received by IT companies in 2023 and by the retail sector in 2024.

5/16/2025

15 countries will clash at Standoff 15, a white hat hacker showdown with a $50,000 prize pool

The Standoff 15 international cyberbattle will take place at the Luzhniki sports complex during the Positive Hack Days cyberfestival on May 21–24. Over 40 teams of attackers and defenders from 15 countries across Europe, the CIS, Southeast Asia, and the Middle East will clash in a major cybersecurity showdown. The top red teams in this cyberbattle will split a $50,000 prize pool. Blue teams will investigate live hacker attacks and defend industries, putting their skills to the test in the real world. Russia's Ministry of Digital Development is backing the Positive Hack Days cybersecurity festival. The City of Moscow is our strategic partner. This year's festival is powered by the Social Development Complex, the Department of Information Technology, and the Department of Entrepreneurship and Innovative Development. Cyberbattle participants will attack and defend the infrastructure of a virtual state. It covers seven key industries: metals, energy, oil and gas, banking, urban environment, aviation, and logistics. Each segment will have its own physical mockups and a revamped visualization system, so visitors can witness firsthand the fallout of successful attacks: streetlights going dark, flight delays, fuel shortages from a refinery meltdown, banking app crashes, even a steam turbine grinding to a halt at a power plant. This year, we'll see locally customized Linux domains powering oil and energy infrastructure, while the banking sector will adopt domestic payment processing solutions, a versatile mobile authentication, and e-signature platform. Our digital government infrastructure includes over 600 software programs, hardware components, and devices. New techniques and monitoring of attacks During May's cyberbattle, white hat hacker teams can try out new attack techniques. For example, bypassing two-factor authentication (TOTP/2FA), sneaking past Content Security Policy (CSP), exploiting buffer overflows in user services, tricking DNS caching (DNS Cache Deception), and remotely running code through Python Pickle Deserialization. In total, the attackers will get the chance to trigger more than 120 critical events. Points will be awarded based on the complexity and success of the attacks. Blue teams (cybersecurity pros) will defend industries in investigation or response mode. In the first case, their mission is to log as many incidents as possible and investigate the attacks. In response mode, the teams will be able to prevent and counter attacks to protect their sectors. A global community of participants Teams from 15 countries, including France, Italy, Germany, Poland, Serbia, Russia, Kazakhstan, Uzbekistan, Armenia, Indonesia, Thailand, Vietnam, Tunisia, Oman, and the UAE, will clash at Standoff 15. Over 30 red teams (ethical hackers) will be on the offensive. Some of them joined us after rocking our April qualifier. Over 40 teams battled it out over five days for just five spots in the cyberbattle finals. Others snagged their invites thanks to their performance in previous Standoffs (13 and 14) and two seasons of the International Cybersecurity Games. Plus, 10 professional pentesting teams, including Southeast Asia's top talent, joined us through a special international program. There will be 13 blue teams participating in the event. Our judges, experts from both Standoff and ESC, will be keeping a close eye on the cyberbattle, making sure everyone plays fair and checking the reports from both the blue and red teams. The cyberbattle Standoff 15 is teaming up with top Russian tech companies. Digital Solutions, a leading Russian developer and manufacturer of network security hardware, provides the building blocks for a rock-solid IT and cybersecurity infrastructure for your entire digital kingdom. At the banking industry mockup, software solutions will be presented by eKassir, a developer of software for banks and financial institutions, and SafeTech, a developer of innovative solutions for securing remote banking systems and electronic document management. The NTI Center at MPEI, a developer of smart grid protection, automation, and digital twin solutions, will deploy its services on the energy sector model.

5/14/2025

Over 500 speakers, reverse engineering in Cybercity, and a concert by Uma2rman: get ready for this year's Positive Hack Days!

The international cyberfestival Positive Hack Days hits Luzhniki Olympic Complex on May 22–24, backed by the Russian Ministry of Digital Development. The City of Moscow is our strategic partner. This year's festival is powered by the Social Development Complex, the Department of Information Technology, the Department of Entrepreneurship and Innovative Development, and the Moscow Department of Finance. This event will uncover the secrets of technology and how it shapes our everyday lives. The event will have two tracks: a closed-door conference for tech experts and business leaders, and a public session open to everyone. Our program features 270 talks, 26 tracks, and over 500 speakers. In the free, open-access zone, explore the revamped Cybercity, packed with interactive installations. Visitors will playfully discover the secrets of smart devices and learn how to use them securely. Reverse engineers (a special breed of hacker) will help them with this, sharing their knowledge and showing what's under the hood of these technologies. At our popular science hack fest, you'll dive into a world of digital innovation and meet the entrepreneurs and innovators who are building it. The Kulibin Stage, named after the legendary inventor, will bring together leading tech experts and representatives from government agencies, including Russian Ministry of Finance, Central Bank of Russia, Moscow Department of Transport, and Moscow Department of Information Technology. Our speaker lineup includes tech influencer Wylsacom, along with IT experts from T-Bank, Yandex Cloud, PREMIER, and more. Seasoned experts will spill the tea on cybercriminal scams, IT career paths, AI, and tech startups, while our youngest speakers from the Movement of the First will share their first forays into the tech world. There's also the Safety in Motion School zone where you can learn the right way—and more importantly, the safe way—to use personal mobility devices. Plus, there will be sports training sessions, fun quests for kids, and workshops for young professionals. We'll also have an internship alley featuring the country's top universities, like Moscow State University, Higher School of Economics, Bauman Moscow State Technical University, ITMO University, and more. On the evening of May 24, get ready for an open-air concert featuring Uma2rman, Ksenia Minaeva, and GRUNGE.

3/18/2024

Tickets now on sale for Positive Hack Days 2

All the money collected will go to the Podari Zhizn charity foundation. Positive Hack Days cyberfestival will take place in Moscow's Luzhniki sports complex on May 23–26. Tickets are now on sale for the expert area where the business and technical programs will take place. Access to all other locations, including the Standoff cyberbattle, will be free for everyone. The festival will feature two main areas. In the public space, you'll find hands-on educational exhibits that are open for all to enjoy at no cost. These installations are designed to introduce you to the digital realm and improve your understanding of cybersecurity. For the first time, all guests will get to witness the Standoff cyberbattle—a face-off between ethical hackers and defenders battling for control over a virtual state. At the expert area, the best of the cybersecurity industry will gather, from beginners to renowned experts, as well as CIOs, and CISOs of major IT companies. Over 250 speakers will be hitting the stage to discuss the latest cybersecurity topics across both technical and business tracks. If you are wishing to visit the expert area, you'll need to buy an entry ticket. In 2024, there's a fresh new ticket sales scheme rolling out at the cyberfestival. Guests will have the freedom to choose their own price and instantly score two tickets to the festival. The minimum purchase amount is 1,000 rubles. All the proceeds from sales will go to the Podari Zhizn charity foundation. As always, speakers who are eager to showcase the results of their research at the cyberfestival will have free access to any area of the festival. Anyone can be a speaker: from beginners to established pros. Apply to speak by April 1ˢᵗ. This year, the cyberfestival is bringing back the PHDays Everywhere format. As part of Youth Day on May 25ᵗʰ, a teleconference will bring together venues in five cities across the country: Moscow, Saint Petersburg, Kazan, Nizhny Novgorod, and Tomsk. What's more, the cyberfestival is going global: we're excited to announce a new location in Bangkok, Thailand. Last year, the event was held open to the public: the large urban cyberfestival in Moscow's Gorky Park was attended by 55,000 visitors, with about 100,000 more following online.

2/1/2024

Become a speaker at the Positive Hack Days cyberfestival

The festival will take place at Moscow's Luzhniki sports complex on May 23–26. The call for papers is already open. APT attacks are rising in number, AI is helping hackers to innovate and adapt their attack schemes, and nearly all companies are at risk of data breaches, including the loss of sensitive customer data. These and other vital cybersecurity issues will be discussed by the participants of the international cyberfestival Positive Hack Days 2 that will be held at the Luzhniki sports complex in Moscow on May 23–26. The festival will bring together the best experts, representatives of ministries and agencies, and senior managers of various companies, as well as users of digital products who regularly face cybersecurity issues. The call for papers is open until March 15. For four days the Luzhniki sports complex will turn into a real cyberarena. In the open area of the festival—a true metropolis accessible to all visitors—interactive installations will educate the public about the digital world, increasing cybersecurity awareness in a fun way. Students, developers, hackers, CIOs, CISOs, and CEOs of major IT companies will gather to discuss the most compelling cybersecurity issues of the day. Over 250 speakers will discuss noteworthy cyberattacks and ways to prevent them. Papers addressing topics such as defensive and offensive security, development, use of machine learning in information security, blockchain technology, and other pertinent cybersecurity topics are welcome. The Positive Hack Days festival is open to both seasoned professionals and novice researchers just embarking on this journey. Previous merits and achievements are important, but our focus is on a fresh look at trending information security issues and offbeat solutions. The technical track traditionally includes the following topics: Countering hackers and responding to incidents New attack techniques and vectors, exploitation of vulnerabilities Application development and security Machine learning technologies and their security Our technical program will also host a community track where open source cybersecurity projects will be discussed. This year we also welcome speakers for our business track to discuss fundamental cybersecurity issues, such as enterprise information security architecture, result-driven cybersecurity, what a CISO must know to effectively get a point across to senior managers, how the cybersecurity market operates, the inner workings of the dark web, how to build an efficient cyberthreat prevention center, and many other important issues. Our goal is to make cybersecurity transparent and understandable to all stakeholders. Participants can submit their applications until midday on March 15. In addition, the festival will once again host the Standoff cyberbattle between red and blue teams. Visitors will see the consequences of cyberattacks on the infrastructure of the digital state: some sectors may even suffer from non-tolerable events. In 2023, PHDays Fest was held open to the public for the first time: the large urban cyberfestival in Moscow's Gorky Park was attended by 55,000 visitors, with about 100,000 more following online. See you at the international cyberfestival Positive Hack Days 2 at Luzhniki!

4/7/2023

PHDays 12: trusting the tech thanks to cybersecurity

Digital technology has made our lives brighter, more convenient, and more efficient. However, the rise of sophisticated cyberattacks is undermining people’s confidence in this brave new cyberworld. The Positive Hack Days 12 international festival on practical security, which will be held on May 19 and 20 in Moscow’s Gorky Park, will reinstall this confidence by opening its doors to people from outside the cybersecurity community for the first time. The new cyberfestival format will be of interest not only to cybersecurity specialists, government, and businesses, but also to ordinary people who will get to see how the digital world truly works and take a step towards trusting new technology. This year PHDays will no longer be a closed event, and the new venue was not chosen accidentally. Known for its festivals and events, Gorky Park is one of the most famous public spaces of the capital, visited by about 30 million people annually. For the two days in May, the park will be changed beyond recognition. The forum will be divided into two zones: the central part of the park will be turned into an open digital city where everyone will be able to learn the basics of cybersecurity, while on the Pushkin embankment, a cybervillage will be built where the usual forum program with reports, discussions, and competitions will take place. The open area of the forum will represent a modern metropolis hit by an onslaught of cyberattacks. Guests will take on the role of security researchers and join in a quest in which they will try to find and fix vulnerabilities in various infrastructure components of the digital city. For this, they will need to use a special ability—to see the city through the eyes of hackers. In the cybervillage, digital nomads will be spread out amongst the tents. The elite of the cybersecurity industry will also gather there, to discuss the most acute issues related to cybersecurity. This year, the forum will see more than 100 speakers, including developers, security experts, hackers, CIOs, and CISOs of large IT companies. The PHDays 12 technical agenda covers such issues as: Countering hackers** and responding to incidents New attack techniques and vectors, exploitation of vulnerabilities Application development* and security* ML technologies* and cybersecurity* The first speakers are already confirmed. They include Wildberries Information Security Director Anton Zhabolenko and Head of Infrastructure Security Pavel Parkhomets, who will share their experience in designing a privileged access management (PAM) system for a distributed Linux infrastructure; Oleg Skulkin, Head of Cyberthreat Intelligence at BI.ZONE, who will talk about how, why and by whom attacks are made on Linux-based infrastructure amidst import substitution; Alexander Korotin, Senior Application Security Specialist at Kaspersky, who will discuss the vulnerability of backup tools which can become an entry point for attackers striving to compromise the network; and Sergey Prilutsky, Chief Research Officer at MixBytes, who will break down common vulnerabilities of Ethereum smart contracts and explain how to protect your protocols from new attack vectors. Security researchers still have one last opportunity to apply for a speaker slot in the cybervillage: Call For Papers has been extended through April 7. The Standoff cyberrange is a model of a digital state with three dozen teams of attackers and defenders battling for control over its resources. This time, the cyberrange will be modernized and expanded. In addition to the energy, oil and steel sectors, the nuclear industry sector will be built. New facilities will appear in all sectors, such as a solar power plant and a dispatch control center in the power sector. The attackers will try to trigger more than 100 non-tolerable events. For two days, the PHDays 12’s live studio will cover the key events of the forum and the Standoff cyberbattle, and host discussions on the most burning cybersecurity issues with the most prominent speakers and guests. On the forum’s stage, information security specialists will explain the basics of cybersecurity to everyday people who don’t otherwise think much about it. Please note that those wishing to attend the closed part of the forum need to purchase a ticket. This can be done right now: up to midnight on April 7, the ticket to the cybervillage will cost only 14,700 rubles; from April 8, the price will be 21,300 rubles. The central part of the park with the digital city will be open and free to all visitors. See you on May 19 and 20 at PHDays in Gorky Park!

4/6/2023

PHDays 12: trusting the tech thanks to cybersecurity

Digital technology has made our lives brighter, more convenient, and more efficient. However, the rise of sophisticated cyberattacks is undermining people's confidence in this brave new cyberworld. The Positive Hack Days 12 international festival on practical security, which will be held on May 19 and 20 in Moscow's Gorky Park, will reinstall this confidence by opening its doors to people from outside the cybersecurity community for the first time. The new cyberfestival format will be of interest not only to cybersecurity specialists, government, and businesses, but also to ordinary people who will get to see how the digital world truly works and take a step towards trusting new technology. This year PHDays will no longer be a closed event, and the new venue was not chosen accidentally. Known for its festivals and events, Gorky Park is one of the most famous public spaces of the capital, visited by about 30 million people annually. For the two days in May, the park will be changed beyond recognition. The forum will be divided into two zones: the central part of the park will be turned into an open digital city where everyone will be able to learn the basics of cybersecurity, while on the Pushkin embankment, a cybervillage will be built where the usual forum program with reports, discussions, and competitions will take place. The open area of the forum will represent a modern metropolis hit by an onslaught of cyberattacks. Guests will take on the role of security researchers and join in a quest in which they will try to find and fix vulnerabilities in various infrastructure components of the digital city. For this, they will need to use a special ability—to see the city through the eyes of hackers. In the cybervillage, digital nomads will be spread out amongst the tents. The elite of the cybersecurity industry will also gather there, to discuss the most acute issues related to cybersecurity. This year, the forum will see more than 100 speakers, including developers, security experts, hackers, CIOs, and CISOs of large IT companies. The PHDays 12 technical agenda covers such issues as: Countering hackers and responding to incidents New attack techniques and vectors, exploitation of vulnerabilities Application development and security ML technologies and cybersecurity The first speakers are already confirmed. They include Wildberries Information Security Director Anton Zhabolenko and Head of Infrastructure Security Pavel Parkhomets, who will share their experience in designing a privileged access management (PAM) system for a distributed Linux infrastructure; Oleg Skulkin, Head of Cyberthreat Intelligence at BI.ZONE, who will talk about how, why and by whom attacks are made on Linux-based infrastructure amidst import substitution; Alexander Korotin, Senior Application Security Specialist at Kaspersky, who will discuss the vulnerability of backup tools which can become an entry point for attackers striving to compromise the network; and Sergey Prilutsky, Chief Research Officer at MixBytes, who will break down common vulnerabilities of Ethereum smart contracts and explain how to protect your protocols from new attack vectors. Security researchers still have one last opportunity to apply for a speaker slot in the cybervillage: Call For Papers has been extended through April 7. The Standoff cyberrange is a model of a digital state with three dozen teams of attackers and defenders battling for control over its resources. This time, the cyberrange will be modernized and expanded. In addition to the energy, oil and steel sectors, the nuclear industry sector will be built. New facilities will appear in all sectors, such as a solar power plant and a dispatch control center in the power sector. The attackers will try to trigger more than 100 non-tolerable events. For two days, the PHDays 12's live studio will cover the key events of the forum and the Standoff cyberbattle, and host discussions on the most burning cybersecurity issues with the most prominent speakers and guests. On the forum's stage, information security specialists will explain the basics of cybersecurity to everyday people who don't otherwise think much about it. Please note that those wishing to attend the closed part of the forum need to purchase a ticket. This can be done right now: up to midnight on April 7, the ticket to the cybervillage will cost only 14,700 rubles; from April 8, the price will be 21,300 rubles. The central part of the park with the digital city will be open and free to all visitors. See you on May 19 and 20 at PHDays in Gorky Park!

1/16/2023

Positive Hack Days 12 will be held in Gorky Park on May 19–20

Call for speakers is now open. Following last year's cyberattacks, even previously laid-back people are now concerned about cybersecurity. That's why we decided to make the twelfth Positive Hack Days information security forum even more open and large-scale: it will be held at Gorky Park in Moscow on May 19 and 20, 2023. We've already started preparing for the event and are accepting applications from speakers. You can submit a talk topic until March 25. In 2022, PHDays set another attendance record: 10,000 visitors came in person and over 130,000 viewers watched online. In 2023, the forum's audience will expand even further thanks to the city festival format and the open-air venue in one of the capital’s most popular parks. If you still think that cybercriminals can't be interested in you or your company, this is a delusion with potentially disastrous consequences. Information security concerns absolutely everyone and should be common public knowledge. That's why this year's forum will have a more open format, with a range of activities for everyone to get involved in. At the same time, all the traditional events and tracks, including cybersecurity competitions, will remain. PHDays will once again host the Standoff cyberbattle in which attackers and defenders will test the infrastructural security of a digital state and uncover possible chains of non-tolerable events in various industries. If you want to share your own valuable discoveries and developments, talk about bug bounty, participating in Standoff, or what it's like to be a red or blue team expert, become a speaker! The forum is open to all researchers: the program committee will consider applications from both established infosec experts and newcomers. More than anything, we'd love to hear original perspectives on current problems in information security. At PHDays 12, we're looking forward to hearing expert talks on both defensive and offensive security. We are also looking for speakers on the topics of development, blockchain, and machine learning in information security. But if you have an interesting cybersecurity talk or presentation on a different theme, we'll be happy to consider it. If you have something to say about data leaks, turnover penalties, mergers and acquisitions in the Russian cybersecurity market, or the prospect of AI replacing infosec experts, you are welcome at the business session of the forum. The event evolves, but the conditions of participation remain the same. All presentations at PHDays 12 will be in the form of a talk (50 minutes) or a fast track (15 minutes). How to apply To take part in the forum, fill out an application on the CFP page with information about yourself and your proposed talk. If your research has already been published, specify the relevant conference, journal, or website. If you know of similar work by other researchers, give details and indicate how your approach is different. You may submit as many proposals as you want. Speakers delivering 50-minute talks who are not in Moscow will be provided with a transfer to and from the PHDays venue, hotel accommodation, and two additional tickets to the forum. Don't hesitate to apply, and mark May 19 and 20 on your calendars! See you at PHDays!

8/7/2022

Russian social network VK joins The Standoff 365 Bug Bounty

VK has launched a bug bounty program on The Standoff 365 Bug Bounty, a platform developed by Positive Technologies for uncovering vulnerabilities. A bug bounty program offers rewards to outside researchers for discovering and reporting security flaws before attackers can find and exploit them. The VK bug bounty consists of over 40 projects. Rewards range from $100 to $30,000, depending on the severity level of reported vulnerabilities. VK was one of the first companies in Russia to offer rewards to external researchers for reporting vulnerabilities. Since 2013, the company has received over 15,000 bug bounty reports and used them to fix vulnerabilities and strengthen the protection of users' personal data. In total, the company has paid out more than $3 million in bug bounties.