Tickets

News

11/26/2014

Positive Hack Days V: entering a singularity

The fifth Positive Hack Days international forum on practical information security will take place in World Trade Center Moscow on May 26 and 27, 2015. The conference organized by Positive Technologies will bring together leading experts on cyber defense and the elite of the hacker world, representatives of state institutions and executives of large businesses, young scientists and journalists.

7/25/2014

Videos of Reports and Presentations from PHDays IV are Now Available for Download!

Present-day citizens spend tons of time in public transport. Why not to use these tedious minutes for self-education? From now on, a part of the reports and workshops held at PHDays IV are available on the forum's site and anyone can watch them on their way to work. You can download some of them from Vimeo: How to React to Security Incidents: Investigation of a Cyber-Attack Android Exploitation Give Me Your Data! Side Channel Analysis: Practice and a Bit of Theory A New Approach to Intrusion Detection and Prevention Crypto Hot Cases – One Year Backward Smart TV Insecurity Comparing Iranian, Chinese & North Korean Hacking Worlds ARM Exploitation Impressioning Attacks: Opening Locks with Blank Keys More than 60 reports are placed on the PHDays site at: http://www.phdays.com/broadcast/ Most of the speakers sent us their presentations and now they are published at: We have also made a short movie that summarized the most powerful moments of the recent event:

7/17/2014

The Competitive Intelligence Contest’s Outcome

Competitive Intelligence became one of the most popular online contests at Positive Hack Days, the international forum on practical security. The contest was held during May 15, 16 and 17. It checked the participants' skills in searching for certain information in the internet. Many of us heard about actions of the Anonymous group. Competitive Intelligence gave each participant an opportunity to feel like an agent who is assigned to penetrate into such a group. According to the story, a participant finds himself to be a new member of Anneximous, an underground gang. The task is to gather information about the leaders of ATH, competitors from the World Wide Idol group and about dishonest members of the newly-made agent’s own community. This time tasks were more difficult as compared to the last year's contest. A competitive intelligence researcher needs a great number of different skills and should be able to handle various tools and plugins. That's why we decided to make tasks more challenging. However, traditional requirements for deductive thinking and the ability to find links between data are still applicable. The contest was finished at 7:00 pm on May 17, though some participants offered their answers after the contest was over. 301 participants registered to compete in the contest, 82 solved the intro task. A participant with the nickname The.Ghost became the winner of the main prize — iPad. Second place went to yarbabin, and MooGeek took third place. Other details are available in the table below. | Nickname | Points | Place | | ----------------------------------- | ---------- | --------- | | The.Ghost | 230* | I | | yarbabin | 195* | II | | MooGeek | 130* | III | | godzillanurserylab | 105* | | | topol | 35* | | | Eugene-vs | 20 | | | supertramp | 20 | | | ReallyNonamesFor | 20 | | | Anatolik11 | 20 | | | true-bred | 0* | | | gohome | 0* | | | File_marshall | 15 | | | * excluding 20 points for task 2.4 | | | A detailed analysis of the contest's tasks is available in our blog. Some of the tasks turned out too difficult for every one of the participants, which is why the competition was extended.

7/16/2014

WAF Bypass Results

This year, the visitors of the Positive Hack Days Forum could have a shot at bypassing the PT Application Firewall in the contest called WAF Bypass. It was a good opportunity for us to test our product in action, because the forum gathered the best information security experts. Each contest task represented a script with a typical vulnerability. The participants were invited to use these vulnerabilities to get flags. All tasks were solvable, though some solutions were not obvious. The contestants were provided with the report about scanning the tasks' source code with another Positive Technologies product Application Inspector. The winner was a Moscow State University team consisting of Georgiy Noseevich, Andrey Petukhov, and Alexander Razdobarov. They managed to solve all the tasks! Ivan Novikov (d0znpp) took the second place and Tom Van Goethem, a speaker from Belgium, was the third. All the three medal places were awarded with valuable prizes: Apple iPad Air, Sony Xperia Z2, and an annual license for Burp Suite Pro, respectively. Find more about the tasks, WAF bypassing, and the obtained experience in our blog.

7/16/2014

Hash Runner Results

Recently we published the review of Hash Runner tasks in our blog. The contest had been taking place during three days before Positive Hack Days. The participants were invited to show their understanding of cryptographic algorithms and their skills in cracking hash functions. Within three years of the contest, we had three unique winners: hashcat in 2012, john-users in 2013, and InsidePro in 2014. Every year, most submissions were received in the last 15 minutes and thus the winner was determined in the very nick of time. In 2012 and 2013, InsidePro was beaten into the second place by hashcat and john-users, respectively. This year, InsidePro finally became the first. Congratulations to the winners! 1. InsidePro with 22.81% (write-up) won two AMD Radeon R290X video cards. 2. hashcat with 21.23% (write-up) won an AMD Radeon R290X video card. 3. john-users with 12.78% (write-up) took the bronze. All winners received Forum souvenirs.

6/23/2014

Survive Hacking at PHDays. Cyber Threats of a Common Apartment

Items and devices we use are becoming more and more convenient. Today, we have internet connection in our cars and even in certain kinds of microwaves and fridges. According to Gartner, there will be more than 26 billion intelligent home appliances while the market size will grow to 300 billion dollars by 2020.

6/19/2014

PHDays IV CTF: How It Was

Positive Hack Days IV, which was held on May 21 and 22, traditionally hosted a CTF contest. During two days, ten teams from six countries hacked rivals' networks and beat back attacks. Positive Hack Days CTF's game infrastructure and tasks are usually designed according to a legend that adds special appeal to the contest. During the last year's CTF, participants became the saviors of the fictional world D’Errorim. As the task was solved, they realized that they were fighting on the wrong side, and now their own home is in danger. So the plotline of PHDays III CTF and PHDays IV CTF are related. The text of the legend is available on the forum's website. The game principle There are usually two types of CTF contests. First, task-based contests, where the goal is to solve tasks. Second, attack & defense contests, during which teams need to protect their systems and attack other teams. Positive Hack Days CTF combines these concepts and add original game mechanics. For instance, in addition to standard tasks and services that contains vulnerabilities, PHDays CTF organizers developed unique quests with limited lifetime, bonus for which depends on how many teams solved these tasks.

6/16/2014

Smart City Hacked at PHDays IV

The Critical Infrastructure Attack (CIA) contest at Positive Hack Days IV has shown for the second time how weak critical infrastructure systems can be in terms of security. The participants successfully compromised various ICS systems during this two-day contest.

6/2/2014

Positive Hack Days IV: There are Doors that should be Opened Carefully

The famous quote of Friedrich Nietzsche about an abyss that gazes into you became the motto of the PHDays IV forum on practical security. Participants of the annual international conference learned about cyber threats for which the civilization is unprepared: attacks performed against power and transport systems of a city, a smart home turned into a trap, and hackers emptying a virtual bank account. Various ways of survival in today's digital world were also discussed during the forum. The recipe for PHDays is the same: minimum ads, maximum useful information, entertaining contests, informal communication, rich performances, awkward questions at round-table discussions, and an atmosphere of a research during hands-on labs. On May 21 and 22 more than 2,500 people from 18 countries visited the forum: leaders and specialists from information security departments of more than 700 financial, telecommunications and industrial companies, young scientists and businessmen, representatives of governmental authorities and the Internet society. Among speakers and panellists were representatives of the Ministry of Foreign Affairs, the Bank of Russia, FSB, the Federation Council, as well as campaign managers, Russian and foreign information security experts. 15,000 people from six countries participated in performances and contests that took place at 19 PHDays Everywhere venues. "This is the most powerful event in Russia dedicated to information security. Organizers invited the best experts from Russia and abroad. The forum's program is full of events and informative reports. And what's important, there are lot of young people, and at such events they clearly see the advantages of applying their talents on the bright side", commented Sergey Himanich, Head of the Department of Information Security Project Implementation at Megafon. Scenarios for a disaster film Is it possible, that one attacker can disrupt a whole city's infrastructure? Participants of the Critical Infrastructure Attack contest tried to find an answer for this question. They needed to test SCADA systems that controlled a heating plant, transport management and illumination systems, cranes and industrial robots. After discovering vulnerabilities, they should demonstrate their exploitation on the contest city model. The forum's organizers provided participants with a ready-to-run industrial system. Despite the toylike look, the model was managed by the latest SCADA software used in real life. Alisa Shevchenko turned out to be the best to solve the task. The Russian Lisbeth Salander discovered a number of critical vulnerabilities in a popular industrial automation system that is used by world's largest companies. If exploited in real life, these vulnerabilities can cause harmful consequences, such as denial of service, functional failure of critical infrastructure management systems. Nikita Maksimov, Pavel Markov and Dmitry Kazakov took second to fourth places. William Hagestad II, an expert in cyber-intelligence and counter-intelligence: "It is a unique event, where we can see how information security is created and find out who is who in the area. The forum is notable due to realistic contests, such as CTF, Critical Infrastructure Attack and the contest where participants are dealing with a smart home's obstacles". Modern technologies Cars, doors, vacuum cleaners and TVs all got out of control... It seems like something from Stephen King's novel. However, soon anyone will have to face the threat of his or her smart home becoming insane under the control of an attacker. According to Gartner, there will be more than 26 billion intelligent home appliances and the market size will grow to 300 billion dollars by 2020. A model of a real apartment, which was created by the forum's organizers and equipped with various electrical appliances and a smart home system, turned out to be a trial for those who decided to participate in the contest. Details about winners will be available shortly. Today the number of users of remote banking services in Europe and US is more than 120 million, and security of these systems constantly increases. But at PHDays they always manage to crack everything! During the $natch contest, by detecting and exploiting new serious vulnerabilities hackers withdrew from a virtual bank account almost all the money (17 out of 20 thousand rubles). In the end of the second day, a hands-on lab on ATM security assessment was held, and then there was a contest, during which participants tried to hack an ATM. Unlike last year, though, this time no one was able to bypass the ATM's security system. Tomorrow's army Ten years ago, they said that if there happened to be a war with robots, Counter-Strike gamers were most likely to win it. But now we all know that hackers will win the war—they will just block this "heavy artillery". Capture the flag contests are among the most impressive activities of the forum. The contest was first launched not long ago, but it gives prestige to its participants: PHDays CTF winners are able to get through to the finals of other competitions held in that format. PHDays CTF stands out against other CTF contests due to the original game scenario, real-life vulnerabilities and great visualization, thanks to which it was exciting not only to participate in the contest but also to watch the virtual battle. Several hundreds of teams took part in PHDays CTF Quals. Ten teams from Russia, Spain, Poland, US and South Korea reached the final. During the two days of the forum, they fought for access to secret information, searched for vulnerabilities in the other teams' systems and protected their own systems. This year, the Polish team Dragon Sector became the winner, Int3pids from Spain took second place, and BalalaikaCr3w, a Russian team, came third. Cyber forecast The word "foresight" (methods of forecasting threats and providing preventive measures) became the most frequently used among participants of business sessions. Preemptive tactic is not luxury, but a virtual necessity—these issues were discussed at the round table "Critical Infrastructure Security". Participants spoke on measures that are taken for the protection of critical elements of various sectors: energy, banking, transport, telecommunications. They also attempted to classify cyber threats and assess incident-response readiness. And it is the right time to raise these issues: as it turned out, about one hundred security incidents occurred in each large organization last year. Positive Technologies specialists obtained these data during the security analysis of strategic companies that make the top 100 list in Russia. The main reasons of the current situation lie on the surface. It is all about unfixed vulnerabilities in systems and applications (the age of certain vulnerabilities is more than 7 years!). Participants of the discussion "State and Cybersecurity" often referred to the need of active foresight as well. The keynote of this discussion was another quote of Nietzsche: "He who fights with monsters should look to it that he himself does not become a monster". The round table organized by Skolkovo The PHDays IV forum is designed not only for professionals. It's also a chance for talented young specialists to find themselves in the "white hats" society, present their reports, launch their own project. For these purposes, PHDays Young School, a competition of research papers of students, postgraduates, and young scientists, is held. This year, twenty-two reports were presented by researchers from Russia and other countries. Finalists of the competition spoke at fast tracks during the forum. First place went to Maria Korosteleva and Denis Gamayunov; they presented the report on "Ensuring Cryptographically Strong Group Communications with the Feature of Deniability". Yelena Doynikova took second place; Denis Kolegov and Nikolay Tkachenko, third. For more information, see the PHDays website. Visitors of the round-table discussion "Prospects for Investment in Information Security" spoke about the future of Russian startups. The discussion was organized by Positive Technologies together with the Skolkovo information security cluster. Main security trends in banking, manufacture and government were discussed during the session. Organizational issues of startup events were also demonstrated. Skolkovo Foundation announced the launch of the competition of information security projects (for details see isecurity.sk.ru), which will last from June 2, 2014 till November. Skolkovo will grant financial assistance and tutorial support of leading experts to the winning participants. Future of the information security market During the session "IS Market: New Products, Questions, Answers", major players in the market demonstrated their products and solutions that might determine the development of the market in the near future. Cisco, Intel Security, RSA, Positive Technologies and Kaspersky Lab ran the marathon of new products. According to the panellists, there are three or four main sectors of constantly rising interest. For instance, small and medium-sized businesses are interested in ready-made tools that can take into account their specific characters; big business wants products that can translate information about security threats into terms accessible to shareholders and risk managers. Proactive defense for web applications and a variety of other applications is a topical problem as well. Their quantity and significance is growing constantly, and it is hard to protect them using old technics. Evgeniya Potseluevskaya, Head of the Analytical Group at Positive Technologies, presented the application security management system by telling about new security methods and unique functions of the new products PT Application Inspector and PT Application Firewall. It's worth mentioning that PT Application Firewall by Positive Technologies (released in the middle of the last year) is already listed as a secure WAF, according to Gartner, and was implemented by Megafon. Ten most quoted reports In several days after Positive Hack Days IV, the ranking of reports and sessions most quoted in social networks was formed. The topic of competitive intelligence turned out to be the most popular with the audience. Among the top three were the reports by Igor Ashmanov, Andrey Masalovich, Dmitry Kurbatov and Sergey Puzankov. The list of the most popular reports at PHDays IV and video recordings of sessions are available on the event's website. The musical performance "The night of the cyberpunk eaters" at PHDays fitted in well with the theme of the event, filling the vacuum between the first and second day with inspiring stories about people creating and destroying digital worlds. During the first part, the audience met the MDS project, famous for reading classic and contemporary works on the radio: they read stories by Mersey Shelley and Bruce Sterling this time. After the performance, the night show started at the movie hall. Partners The largest technological companies joined PHDays as partners of the event: Cisco, EMC, ICL-КME CS, Intel Security, Kaspersky Lab and Mail.Ru were among them. The forum was organized with the informational support of 27 leading business and specialized media companies. Main media partners are the Expert magazine, BFM.RU (a business information portal), the Hacker magazine, the Internet portals SecurityLab.ru and Anti-Malware.ru, and the Bankir.Ru news agency.

5/30/2014

Best Reports at PHDays IV: Surveillance, Hacking and Nation-Specific Cyberwar

Big conferences with multiple reports delivered at once seem to cooperate with the Murphy's Law — the most interesting (personally to you) sections have the same schedule time. Choose one of them — miss the others. What can you do? As to the international forum on practical security Positive Hack Days, this problem is easy to solve — watch the report video records. It is particularly valuable for those who missed the conference. All the video files are on the website phdays.com/broadcast/ Yet watching all the records made in all the halls during two days is an option for extremely patient people. It is far more logical to filter them by topics or authors: first, read the descriptions in the program and then choose a particular report from the video list. Still, do not forget the reports were described before the conference, when nobody knew how interesting they would be. What if only the title is cool and the contents are dull? This is the reason we suggest the third method — by popularity. We have analyzed the feedback of the PHDays participants and picked ten fanciest reports. Here they are:

  1. Big Data on Social Networks: No Need for NSA’s Special Surveillance to Keep Track of You
Igor Ashmanov, a specialist in artificial intelligence, started his report with a declaration that he was not interested in information security and got to the conference by accident. Still, he told so many fascinating facts on how to study people using social networks that the audience did not let him go for the whole hour after the report was over. The most Internet-cited are the slides related to "Navalny's band" and the rating of liberal and patriotic media based on the analysis of Twitter and Facebook reposts.
  1. Life After Snowden. Modern Tools of Internet Intelligence
If Mr. Ashmanov used social networks for generalized researches, then Andrey Masalovich, Head of Competitive Intelligence Sector of the Academy of Information Systems, demonstrated techniques of more targeted private-data collection. The Pentagon showed many of these examples on its website. The most cited slide is passport scan collection by simple search on Vkontakte.
  1. How to Intercept a Conversation Held on the Other Side of the Planet
Sure enough, publishing phone conversations of well-known politicians is very trendy nowadays, thus the report title is not accidental. Dmitry Kurbatov and Sergey Puzankov, the experts at Positive Technologies, spoke not just about tapping, but also about other SS7 features hackers widely exploit: DoS attacks, fraud, money transfer, SMS hijacking and determining subscriber’s location without its consent.
  1. Comparing Iranian, Chinese & North Korean Hacking Worlds
William Hagestad has served as a US Marine Officer for more than 20 years, and now is a qualified specialist in cyberwar technologies employed by different countries. He started his report speaking Chinese — as an example of a culture and information security issues in particular odd to people from the West. The rest of his speech is great to cite: "If you have a question, please stop me and ask me, coz I love the multi-task." It's hard to imagine a report delivered as showy by someone, say, from the Ministry of Defense of Russia.... But cannot they rise to the challenge and respond at the next conference PHDays?
  1. Government and Information Security
The organizers invited people of different professions to this round table: a representative of the Ministry of Foreign Affairs, a member of the Federation Council, Head of the Coordination Center for TLD RU, a researcher from the Higher School of Economics, a director of an analytical company and two hackers. Alexey Andreev, the moderator of the discussion and a former chief editor of the Webplanet portal, suggested that they talk about new Internet laws in the language of security not in general words. Why does a blogger with a total audience over 3,000 readers suddenly become dangerous? Why will Russia never adhere to the Budapest Convention on Cybercrime? Where is ICANN's "golden egg" hiding? How much does it cost to hack Dmytro Yarosh' mailbox? It was discursive, but interesting.
  1. Intercepter-NG: The New-Generation Sniffer
Alexander Dmitrenko, Head of Training Department at PentestIT, spoke about the development of "the most advanced tool to restore data from traffic". He covered the algorithms of a few little-known attacks. The author of the sniffer introduced as Ares used to correspond with Edward Snowden, who was interested in how the software processed huge data arrays. This how we found out that children from the West play Russian games!
  1. My Journey Into 0-Day Binary Vulnerability Discovery in 2014
This year, PHDays met a lot of female hackers (or security specialists): a CTF girls-only team from the Republic of Korea, experts in cute SORM (System for Operative Investigative Activities), and Young School finalists. Alisa Shevchenko, Head of her own company Esage Lab, was twice ahead of the others at the conference. Beside the report on personal fuzzing techniques she delivered with examples of flaws in Microsoft Word and Microsoft XML, Alisa won the contest Critical Infrastructure Attack having found several severe vulnerabilities in the latest SCADA versions. Later she confessed that searching for binary vulnerabilities was just a hobby for a couple of hours at night.
  1. Impressioning Attacks: Opening Locks with Blank Keys
The members of The Open Organization Of Lockpickers (this is what TOOOL stands for) visited PHDays for the second time already. During two days of the forum, their tables were surrounded by crowds of people. That, what the majority of us had just seen in movies, was free to try at the forum — to hack an ordinary door lock with a couple of simple metal hooks. This year, TOOOL demonstrated not just picklocks, but also the impressioning technique: to open a door, you need only a blank key, sharp eye and file.
  1. SCADA Strangelove: Hacking in the Name
Sergey Gordeychik and six experts from Positive Technologies told several stories about vulnerabilities in industrial control systems employed in various facilities: energy meters, oil-production enterprises and even the Large Hadron Collider. Their vendors differ as well: ABB, Emerson, Honeywell, Siemens. For two years of work with SCADA, the company has detected 200 zero-day vulnerabilities, but the presentation included only those of them that could be disclosed, since vendors had already eliminated them. The reporters dropped a hint that they had a lot of similar stories to tell next year.
  1. . . . . . . . . . . . . . . .
The emptiness here is not a mistake. We think it is up to you to choose which report must take the tenth position. What report did you like most of all? We might miss something, mightn't we? Join the conversation on our Facebook group.

1...16171819...26