News
Draw the Future: calling for comics of robots, sarcasm, math, and information security!
Artists rejoice! We're announcing the first-ever PHDays comic contest, called Draw the Future. For several years now, PHDays has held a contest for short stories ("Hacked Future"). Did you really think that hardcore cyberpunk, steampunk in-a-top-hat, and warp-worthy science fiction had nothing more to say? We didn't think so either. But this time, instead of describing the future with words alone, we hope you'll pick up your drawing pen. Draw the world of the future: tell us a story in comic form. The funny thing is, everyone envisions the future differently. Sometimes it's scary and shudder-inducing. For others, the (glorious?) future is already here for us, the mere sliver of humankind that has lived to experience a raft of technologies that could hardly be imagined twenty years ago. The digital world can be harsh: some people run in the other direction, while others are busy trying to profit off it. And some people, well, they sip their whiskey, gawk as the world careens into the e-singularity, and let out a belly laugh as they watch it all burn. Good times! Draw the future, in any way you imagine it: dripping with misery, ascending towards transcendence, frightful, funny, or anything else. As long as the plot involves information technology, we're game! Artist guidelines Each comic should tell a story. If it helps, here are some ideas to get you started: In a galaxy far, far away… The Internet of Good and Evil Things Cybercrime capers (Mr. Robot meets Futurama?*) Adventures of a bitcoin Artificial intelligence attacks Let your imagination run wild! This isn't an exam, there is no "right" answer. So pick the style and genre that you like and do best.If you're dead-set on smashing the competition, winning prizes, getting published in our journal, and even more (imagine your comic in a beautifully bound volume with other exquisite creations for the most rarified of connoisseurs!)… then keep in mind: Doge and MS Paint won't cut it. We may be willing to consider memes of exceptional dankness, but you had better really impress us. Also, if da Vinci can give all his paintings a name, we ask that you give your comic a name to be remembered for the ages. And… do we even have to say it? If you wouldn't see it on your grandma's Facebook feed, don't draw it. Because your grandma does not tolerate profanity, hate speech, or extremism. Nor does she partake in any pornography, hentai, #etcetcetc whatsoever. Even more obvious: don't plagiarize. That's not interesting for anyone. At all. Technical requirements Flattened (single-layer) high-resolution image measuring 220×320 mm @ 300 dpi + lightweight preview. Format: JPEG/PNG. In some cases, the jury may ask you to provide the source materials (with layers). Since we plan to publish the best works, we will be delighted if your comic gracefully contorts itself to the confines of А4 format. Our lawyers said that you should probably check out the legal fine print.\ So what will happen? The creators of 10 best works will get free tickets to attend PHDays 8, which will be held on May 15-16, 2018. Three winners will be announced at our ceremony on May 16. The prizes are going to be fabulous—we'll make it worth your while, let’s put it that way. There will also be a Popular Choice prize. If you're interested, check out our Facebook and Twitter pages and keep an eye out for the latest news. If you're not asking who the judges are, good, because we're not telling (yet). Send your comics by May 10 to comics@phdays.com. Good luck and may the drawing begin! Questions? We'll be happy to help you out: comics@phdays.com. * Rules about intellectual property and copyright use notwithstanding; see the legal verbiage below.\ You must agree with all of the contest rules in order to participate; these rules include but are not limited to the "Legal verbiage" below. By sending materials to comics@phdays.com, you confirm that you are familiar with the contest rules and fully accept them as binding.Legal verbiage:– The participant certifies that all materials submitted to comics@phdays.com for the contest (the Materials) have been created by the sole efforts of the participant, and no part of the materials or likenesses contained therein is the property of any other person or entity.– The participant allows the contest organizer, JSC Positive Technologies (the Organizer), to use the Materials provided by the participant free of charge in any way the Organizer may choose, including:– Posting the Materials online at phdays.com as part of contest-related news;– Publicly displaying the Materials at or around the Positive Hack Days forum on screen, print, or other media;– Publishing the Materials in a printed compilation of materials submitted by contest winners; the compilation may be published and distributed by the Organizer and/or its designees.– All participants must be 16 years or older.
PHDays invites speakers: tell us what the digital community should look like
PHDays 8 Call for Papers starts. Speakers are welcome to apply till March 10. Our international program committee comprising independent researchers and lead experts in information security and IT will review all your applications and select the most exciting reports. If you've got something to say, we look forward to you saying it at PHDays 8. The upcoming forum is called Digital Bet and it focuses on potential security threats and challenges that state, business, and citizens have to face due to the global switch to digital economy. "Every year, we do our best to cover both technical and business reports dedicated to the hottest security issues, and invite security experts from Russia and other countries. PHDays 8 is not going to be an exception, states Sergey Gordeychik, the chairman of the program committee. The upcoming era brings digitalization to all public, business, and social spheres. However, threats imposed by modern technologies and their impact on our lives have not been taken seriously yet. We believe that representatives of government entities, participants of the Digital Economy program, and all information security experts should join in to find a solution of our common problems." You can make your talk in one of the following ways: a traditional talk (50 minutes), Fast Track (15 minutes), or Hands-on Lab (up to 4 hours). Key topics: Role of the government and regulation organizations in economy digitalization Digitalization of finance technologies Security of critical digital infrastructure Actions to reduce risks and control information security Techniques and tools for physical security Neurotechnology and artificial intelligence Home and industrial IoT issues Blockchain technology and its security Security of biometric authentication systems For participation rules and application guidelines, visit the Call for Papers page
Tickets for PHDays 8 already on sale
Good news! PHDays tickets are available right now. The Early Birds discount is on offer until December 31: the price of two-day participation in the forum is RUB 7,337. Starting from January 1, two days will cost RUB 9,600 (RUB 11,400 if lunch is included on one day, RUB 13,200 if lunch is included on both days) while the price per day will go up to RUB 7,337 (RUB 9,137 if lunch is included). The number of tickets is limited. Don't miss your chance to benefit from the discount until all tickets have been sold out as a New Year gift :) For all those who do not look for easy ways: please be reminded that it is possible to take part in the forum for free. To obtain an invitation, please prepare a bright IS research, or win a special hacker contest, or join one of The Standoff teams. More details are coming up soon. Watch out for updates!
PHDays 8: Digital Bet
Mark your calendars for the eighth annual Positive Hack Days, which will be held on May 15–16, 2018. As before, the venue will be the World Trade Center Moscow. Preparations are already in full swing as the organizers ready surprises, design the area for The Standoff, test new equipment, and fine-tune the program. For the eighth year now, we're doing things our way and staying true to the ethos of a one-of-a-kind event. This time at PHDays, the headline topic is the Digital Bet. Big changes are coming. Governments have bet big on data and the web. Telemedicine, online government services, remote management of transportation and industrial infrastructure, smart devices, and cryptocurrencies are all here and now. And soon these new technologies will improve the lives of people in a multitude of ways. But while the world is caught up in the excitement of this digital transformation, hackers are in the driver's seat: they get to decide who will gain from this process and who will lose out… What awaits us if data really does become the most valuable asset? Is there any way to stay safe in a world where life is technology-centric and the line between the real and the virtual is blurred? Can we expect electronic bliss or should we prepare for digital apocalypse? Boris Simis, Deputy CEO for Business Development at Positive Technologies, comments: “Today we live in a world where, for billions of people, living unconnected is unimaginable. The flow of information is now a flood. Given these facts, the transition to a digital economy is a natural one. Yet for all of the benefits, there are plenty of potential downsides. At PHDays we will demonstrate the information security issues that governments, businesses, and individuals will confront as the result of the digital bet. By looking beyond the hype, we hope to improve the quality of the conversation around security.” As in years past, PHDays will offer an enormous range of roundtables, hands-on labs, and demonstrations, as well as technical talks given by security experts from all over the world. Top topics on the agenda for PHDays 8 include the role of government and regulators in the e-economy, the digital wave in finance, security of critical digital infrastructure, security risk management, and physical security. Contests will highlight potential threats and issues in the security of today's cities (transportation, video surveillance), medicine, industry, e-government, and the Internet of Things for both home users and businesses. Contests will also probe for weaknesses in blockchains and biometric authentication. City warfare Cyberbattle between attackers and defenders has long been a crowd favorite. At PHDays 8, the organizers plan to surprise forum visitors with version 3.0 of The Standoff. The conflict between attackers and defenders is going to the next level. The battleground: a city whose economy is based on blockchain technology. City infrastructure includes an electrical plant and substation, railroad, energy-efficient smart homes, and banks with ATMs and self-service kiosks. And of course, what modern city would be complete without online services, mobile network operators, and the Internet? Mikhail Pomzov, a member of the PHDays organizing committee, gives a peek at what to expect: “The city that competitors have grown to know and love is now based on an e-economy. Infrastructure will include both vital facilities and the creature comforts to which most of us are accustomed. Lots of mock people live in our mock city: they work in offices and factories for different companies, live in modern homes, and go outdoors on the weekends. All the infrastructure is linked together in an intricate mechanism that runs like clockwork. But what happens when somebody disturbs this mechanism? We are going to shake up the format a bit. The main participants will still be defenders and attackers, but the latter may have to bone up on their defensive skills. We also plan to give participants a bit more freedom of action, such as by allowing denial of service attacks.” Attackers and defenders are tied so far at 1:1 in past competitions. In May, we'll know everything about this PHDays marquee event—including which of the sides will pull ahead to take the lead. With six months still to go till spring, it's a great time to view the best talks from PHDays VII online. Coming soon: the first Call for Papers and ticket sales. More news to come!
Day 2 of PHDays VII: Revenge of the Hackers
Positive Hack Days VII came to an end this week, having drawn a record-setting 4,800 attendees from all over the world, including the U.S., Israel, Korea, Italy, France, Germany, Kazakhstan, Belarus, India, and Poland. The two-day gathering hosted hundreds of events: seven tracks plus hands-on labs, workshops, and hacking contests. Here are some of the highlights. The Standoff: hackers strike city-wide panic
Day 1 of PHDays: How to create a botnet, hack Telegram, and survive ransomware
The Joy of Tech webcomic about the Internet of Ransomware Things—with dishwashers mining bitcoins and coffee machines threatening to brew only decaf unless paid—is both funny and a sign of the times. Considering the Internet's increasing reach into our offices and homes, the theme of the Positive Hack Days forum this year is "The Standoff: Enemy Inside." The seventh annual PHDays international digital security forum opened today, drawing over 4,000 participants from all over the world, who contributed and took part in talks, hands-on labs, roundtables, and hacking contests. Experts showed the finer points of ransomware infection, created an experimental router botnet, demonstrated the process of hacking electrical infrastructure and WhatsApp accounts, and looked at techniques for intercepting phone calls and text messages.
PHDays VII Business Program: Search for Concrete Answers to Real Threats
Is Internet of things the next spurt of IT development or a global threat to the development of enterprises, the Internet, and the modern world? What will SOCs be like tomorrow? UEBA—already tomorrow or never? These and other topics are included in the business program of Positive Hack Days VII. Below are the presentations that you just cannot miss. Day 1 The forum opens with a plenary discussion in two parts. "Information security today: the splendor and misery of corporate security" devoted to the main factors characterizing the state of security of enterprise information systems will be held from 10:00 a.m. to 11:30 a.m. in the Amphitheater Hall. Is the bug bounty approach applicable in government institutions? What should be done to really prevent and detect attacks on enterprise systems? What prevents the industry from developing? These issues will be discussed by government officials and heads of IS departments of major Russian companies. Vitaly Lyutikov (FSTEC), Artem Sychev (CBR), Sergey Lebed (Sberbank), Alexander Baranov (FTS), Muslim Medzhlumov (Rostelecom), Sergey Gordeychik (Kaspersky Lab), Evgeny Klimov (Infosec), Sergey Danilov (Rosatom), Roman Kalina (Supreme Court) are invited to take part. The discussion will be moderated by Boris Simis, Deputy General Director for Business Development at Positive Technologies. The second part is called "Information security tomorrow: is it a stop factor for digitalization of economy?" The participants will discuss what aspects of information security can hinder the process of digitalization and what risks going digital can pose. Deputy Minister of Telecom and Mass Communications Aleksey Sokolov, Kirill Kerzenbaum (Kaspersky Lab), Denis Baranov and Dmitry Finogenov (Positive Technologies), Ilya Sachkov (Group-IB), Georgy Gritsay (Open Networks Association), Roman Chaplygin (PWC) will share their views on the issue. The discussion will be moderated by Alexey Kachalin, Deputy Director for Business Development in Russia at Positive Technologies (11:30 a.m. – 1:00 p.m., Amphitheater Hall). From 1:00 p.m. to 2:00 p.m. in the Press Hall, Dmitry Gusev, Deputy General Director of InfoTeCS, together with the participants of the round table will try to figure out how import substitution will affect the overall level of security of Russian information systems and the IT industry in general. Is it possible to create competitive high-tech products and export them to foreign markets? Experts of the Russian IT and IS market will present their forecasts. The key theme of PHDays is the Internet of things. From 4:00 p.m. to 6:00 p.m. in the Amphitheater Hall, Alexey Lukatsky, an expert in information security, will host the panel "IoT (in)security". The participants of the discussion will try to look at IoT security from different angles, touch upon the technical, organizational, and legal issues of IoT security, the details of attacks and defense. Dmitry Berezin and Alexander Butenko (CROC), Igor Girkin (Cisco), Vladislav Shershulsky (Microsoft), Pavel Novikov (Positive Technologies), Nikita Utkin (TC 194) are invited. In the afternoon, the Valdai Hall will be given to a whole series of presentations on the experience of operating SOCs. Over the past year, the topic of SOCs was picked up by many organizations in Russia. The presentations will show how SOCs are operated by Russian companies, such as Rostelecom, Sberbank, MTS, and how internal SOCs are operated by global vendors, SAP and Microsoft. At 2:00 p.m., Andrey Dugin, Head of the Information Security Department at MTS, will start talking about the Security Operations Center built by MTS. What can you face? What peculiarities need to be considered in technological implementation and business processes when providing security for an IP/MPLS network of this scale? What conclusions did the company make after participating in the Standoff during PHDays VI? The panel "SOC Evolution 2017" (3:00 p.m. – 6:00 p.m.) will continue the topic. The floor will be given to representatives of companies that have real experience in constructing and operating centers for monitoring and responding to IS incidents—both internally and for customers. Among the panelists are Alexander Lesnikov (Sberbank), Alexey Novikov (Positive Technologies), Arkady Prokudin and Alexey Shabanov (SAP), Elman Beybutov (IBM), Alexander Bondarenko (R-Vision), Vladimir Dryukov (Solar Security), Dmitry Pudov (ANGARA Technologies), Vladimir Shadrin (Rostelecom), Sergey Soldatov (Kaspersky Lab). Another panel is "Innovations in protection tools and security tests" (11:00 a.m. – 1:00 p.m., Conference Hall A). Developers will present new technologies for providing information security, and their customers will confirm the effectiveness of these solutions by their experience. The moderators are Egor Nazarov, Key Partners Manager at Positive Technologies, and Anton Ivanov, Head of the Department for Information Security Technologies at Skolkovo. Among the participants are Wallarm, Yulmart, SafeTech, Vozrozhdenie Bank. Day 2 Today, information security is experiencing acute internal contradictions. Everybody is saying: "Who needs you?", "They will still hack!", "Buy new solutions". Developers of IS solutions and those who use them have lost some of their faith and motivation. The brightest representatives of the IS community will gather in the Amphitheater Hall to talk about what they feel are burning issues and share their ideas, which, in their opinion, can affect everyone and the industry as a whole. The panel will include a series of presentations on various aspects of technology, security, the development of the IS community, and business: what do those who motivate teams of IS developers, customers, and the entire IS branch think about? And what motivates them? The participants of the panel are Alexey Kachalin and Vladimir Bengin (Positive Technologies), Alexey Lukatsky and Mikhail Kader (Cisco), Ilya Sachkov (Group-IB), Elman Beybutov (IBM), Dmitry Manannikov (SPSR Express), Ivan Novikov (Wallarm), Alexey Volkov (Sberbank). The panel will be held from 10:00 a.m. to 12:00 p.m. in the Amphitheater Hall. Those interested in where protection technologies are moving should stop by the Valdai Hall to see the presentations during the panel "Security practice" (12:00 p.m. – 3:00 p.m.). Denis Remchukov together with the representatives of technology companies Oleg Bakshinsky (IBM), Pavel Zemtsov (ICL System Technologies), Konstantin Goldstein (Microsoft), Andrey Revyashko (WildBerries), Sergey Rysin (STLC) will discuss innovative technologies for information protection. The key topics are "How to choose and implement a SIEM system?", " UEBA—already tomorrow or never?", "When will you stop buying these useless endpoint antiviruses?" The day will be rounded off with the panel "Security Path: Dev vs Manage vs Hack" devoted to the problem of human resources in the IS industry: how to build a career in security, what helps in development, and where hackers and defenders can face career deadlocks. Is it possible to hunt bugs during your whole career or is a transition to paperwork expert or people manager inevitable? Which is more attractive to hack and design—software or "bulletproof" enterprise processes. Dmitry Manannikov (SPSR Express), Mikhail Levin (Positive Technologies) and other panelists will try to answer these questions from 4:00 p.m. to 6:00 p.m. in the Amphitheater Hall. See the PHDays VII full schedule on the forum's official website.
PHDays VII Young School: Results Are In
For the sixth year in a row, Young School is being held as part of the Positive Hack Days forum. This program gives undergraduate and graduate students the opportunity to share their research with a wide audience. Young School works this year will be included in the forum's research track, Spring Hack Tricks lightning talks, and security product analysis contest. A total of six works made the cut and will be presented by their authors at PHDays VII. "Over the last several months we have been accepting works on a range of topics in the applied security field. We received a total of 18 proposals from India, Kazakhstan, and Russia. We were delighted to see some of the same applicants from previous years. Selection was performed by academic reviewers and the PHDays Young School program committee. The most interesting works for us were those that combined scientific rigor with experimentally confirmed proposed solutions," described Andrey Petukhov, member of the PHDays Young School program committee. The six works to be presented at PHDays are: Vladislav Aleksandrov (ITMO University), Vasily Desnitsky. — "Energy depletion attack analysis: a case with wireless network devices" Roman Alfyorov (Demidov Yaroslavl State University), Andrey Gorokhov — "Protection against unauthorized access—which method is better?" Askar Dyusekeyev (State Technical Service of the Ministry of Information and Communications of the Republic of Kazakhstan) — "Ransomware analyzer" Anastasiya Parygina (Gumilyov Eurasian National University) — "Developing a Google Chrome extension to protect against information leakage through other browser extensions" Alexey Pertsev (Nivelsky Maritime State University) — "A heuristic approach for detection of DOM-based XSS combined with tolerant parsing" Andrey Fedorchenko (St. Petersburg Institute of Informatics and Automation), Andrey Chechulin, and Igor Kotenko — "Using the event types relationship graph for data correlation in SIEM systems" One author of each of the chosen works will receive full reimbursement for travel and accommodation; co-authors will receive a forum pass. PHDays will take place on May 23–24, 2017, at the Moscow World Trade Center. Register and buy tickets on the PHDays website. Positive Hack Days Business Partner: MONT Forum Partners: Rostelecom, R-Vision, IBM, Microsoft, Solar Security, InfoTeCS, and SAP Forum Sponsors: Axoft, ANGARA, Kaspersky Lab, Check Point, McAfee, and Symantec The Standoff Partners: Palo Alto Networks, ICL System Technologies, Beyond Security, and SberTech The Standoff Participants: Informzaschita, Advanced Monitoring, Jet Infosystems, and Croc Technology Partners: Cisco, CompTek, Synack, ARinteg, Qrator, Wallarm, PROSOFT, Advantech, and QIWI Premier Media Partner: TASS
Palo Alto Networks participating in PHDays VII
Palo Alto Networks has partnered with The Standoff, the marquee team-on-team hacking competition at PHDays VII. Palo Alto Networks will join with Servionica at The Standoff as the team responsible for digital defense of an office complex. "We decided to join The Standoff in part to see the behavior of live attackers. With so many clients and sometimes repetitive tasks in our work, it’s easy to get complacent. The Standoff is a challenge that will help to keep us on our toes and inspire new ideas. It will be particularly interesting for us to protect an office, since this is one of our typical client scenarios," noted Denis Batrankov, Information Security Consultant at Palo Alto Networks. Also, on May 23 from 2:00 p.m. to 3:30 p.m. in Hall B, Batrankov will hold a hands-on workshop entitle "Hacker in a Trap—A Practical Demonstration of How to Block Exploits and Ransomware." Batrankov will demonstrate malware and ways of protecting against it. Forum visitors will learn how to block malicious code that has evaded antivirus protection, stop malware at all stages of the kill chain, prevent phishing-related theft of corporate accounts, and understand how modern protection tools work at the network and host level. PHDays will be held on May 23 and 24 in Moscow. To register and buy tickets visit the PHDays site. Positive Hack Days is supported by: Business Partner: MONT Partners: Rostelecom, R-Vision, IBM, Microsoft, Solar Security, InfoTeCS, and SAP Sponsors: Axoft, ANGARA, Kaspersky Lab, Check Point, McAfee, and Symantec The Standoff Partners: Palo Alto Networks, ICL System Technologies, Beyond Security, and SberTech The Standoff Participants: Informzashchita, Perspective Monitoring, Jet Infosystems, and Croc Technology Partners: Cisco, CompTek, Synack, Arinteg, Qrator, Wallarm, Prosoft, Advantech, and QIWI Premier Media Partner: TASS
PHDays VII: hacking competitions designed to keep things real
For many participants, hacking competitions are the highlight of PHDays. This year we've prepared a number of contests—some of them old hat, others entirely new, but all realistic—for participants' hacking pleasure. Most of the contests will take place as part of The Standoff, which centers around a smart city. Forum visitors can try to hack a smart home, surveillance cameras, and IoT devices, peek under the hood of a smart car, and break the infrastructure of our mock city. The WAF Bypass contest is back as well. As before, participants will attempt to bypass PT Application Firewall, the web application firewall solution from Positive Technologies. Tasks will challenge participants to bypass the new database protection component of PT Application Firewall. Victory will be assessed based on flags. Both forum visitors and ordinary Internet users will have the opportunity to try their hand. Hackers in the mood for espionage can check out MITM Mobile. Our very own mobile operator will be servicing the PHDays venue. So participants will have free reign to intercept SMS messages, find USSDs, eavesdrop on phone conversations, and clone mobile devices. Looking for piles of money? Try $natch. We've made this contest even bigger and better this year with a full-fledged setup that includes banks, ATMs, self-service terminals, online stores, and bank cards. Your mission: to get money by any means possible. And for those in a less criminal mood, there's also something in it for any white hats who can find zero-day vulnerabilities and quickly write a high-quality advisory. New to this year's PHDays is HackBattle. A qualifying stage will be held on the first day of the forum, where participants will need to complete several tasks. On the second day, the brightest hacker minds will assemble on the main stage to astound the audience with their speed, smarts, and improvisation while hacking in real time. Our team of professional streamers will be providing commentary all the while. More detailed information on the start of the competitions will be published soon. Check our page for news and get ready for exciting action! The forum's partners are Microsoft, IBM, Infotecs, R-Vision, Solar Security and Axoft; the business partners is MONT; among technology partners are Cisco, CompTek, ARinteg, Qrator, and Wallarm; the Standoff partners are PaloAlto, ICL System technologies, Beyond Security; the Standoff participants are Informzaschita, Advanced Monitoring, Jet Infosystems and CROC; the general information partner is the news agency TASS.