News
A Specialist from Perm Wins the Network Infrastructure Security Analysis Contest at PHDays
The security of network infrastructure is the most important task in business. Companies often suffer significant losses and sometimes go bankrupt when intruders manage to access a company's internal network and steal sensitive information. A key role in providing high security level usually belongs to an equipment on the basis of which a network is built. Stanislav Mironov (Perm, Russia) cracked network infrastructure during the NetHack contest. Stanislav is an expert in network administration and security and currently works for a commercial bank in Moscow. The contest's participants needed to obtain access to the game network during a limited period of time, then get to the unrouted segment that contains a certain automated system. The game network developed for the contest included typical vulnerabilities discovered by the Positive Technologies experts during security analysis and penetration tests. The partakers had an hour to gain access to five network devices, get flags and enter them into a form on a special web page. There was a total of seven participants. The contest's network infrastructure was developed by the Positive Research Center experts Mikhail Pomzov and Sergey Pavlov. The first flag was captured by Alexey "Foxter" Kashin, which took him 10 minutes. It should be noted that each following task was more complicated than previous one. It took Yuri "marsei" Shkodin 15 minutes to capture the second flag. After that, we had another leader: Stanislav "st.Ass" Mironov captured the last three flags and won the contest. The organizers assigned 50 minutes for the NetHack competition. But as it was difficult to determine a winner during the period, 15 extra minutes were added, which decided the outcome of the contest. In the last seconds of the extra time, Stanislav Mironov managed to capture the fifth flag. The rest of the participants failed to capture it. Eventually, Yuri Shkodin took second place, and Sergey Stankevich came third. Both participants captured four flags each. According to Stanislav Mironov, the task was interesting and it was hard to solve it being constrained by time; however, in real life an experienced specialist must not make such errors during setup. "Serious companies have standards and scanning procedures that help detect errors and prevent problems. But mistakes still can be made in real life", Mironov said. "The task that was offered in the contest is mainly related to service errors and misconfiguration of large network infrastructures, which arise from a deviation from standards and best practices. Automated tools for compliance and vulnerability management can reduce risks", said Sergey Pavlov, Head of the Department for Network Devices Security Assessment at Positive Technologies. The winners received special prizes from Cisco, the PHDays technological sponsor, and Positive Technologies, the forum's organizer.
A Student Hacks a Remote Banking System at PHDays
The security of banking systems became one of the key topics at Positive Hack Days III. Discussions, contests and hands-on labs on banking systems were held during the forum. Anatoly "heartless" Katyushin, a student from the Samara State Aerospace University (Samara, Russia), hacked a remote banking system during the $natch competition and "stole" 4,995 rubles. The contest consisted of two rounds. at first, virtual machine copies with vulnerable web services of the remote banking system (a real I-banking system analog) were provided to the participants. In the second round, the hackers needed to exploit the discovered vulnerabilities and steal as much money as it was possible. Positive Technologies developed a test remote banking system PHDays I-Bank for the contest and included typical vulnerabilities. The participants had one hour to exploit the security problems that were discovered during the first round of the contest and to transfer the money to their account. The system contained 20,000 rubles. The winner manages to "steal" only 4,995. Asteros, the forum's partner, doubled the sum. "It took about 4 hours to detect security problems in the system's image. Then we needed just to write a script to automate the vulnerability exploitation," — Anatoly Katyushin said at the end of the contest. Omar Ganiev (beched), a student of the Department of Mathematics at the Higher school of economics, took second place "stealing" 3,277 rubles. "I didn't win last year, because of a script error. But this time I manage to take second place," — said Omar Ganiev. Other participants didn't get a ruble from the PHDays iBank.
The First Day of PHDays Comes to an End
Positive Hack Days III, an international forum on practical information security, has started today, on May 23 in the WTC Moscow. Among the participants are IS experts, hackers, politicians and representatives of the Internet community from every corner of the world. During the reports, hands-on labs and various discussions, the forum’s attendees took a close look at practical security and discussed the perspectives of the industry. Young specialists and IS At the beginning of the forum the section “The Role of the Young of Today on the Information Security Market of Russia” was presented, the moderator was Alexey Lukatsky. Representatives from the Ministry of Communications and Mass Media, FSB Information Security Center, Security Council, Technologies and RuCTF, Ruslan Gattarov, a member of the Federation Council, and Vladimir Zirinovsky, the leader of LDPR and a member of the State Duma Committee on Security participated in the discussion. The participants noted that the government realized the role of cyber security and is starting to respond to the threats. Therefore, the IS experts’ role becomes more and more significant. Vladimir Zirinovsky told that his colleagues in legislation faced mainly the negative side of information security, attacks and hacking. The politician added that in spite the industry is quiet young, the government needs its support, that’s why the State Duma is ready to develop a legal base which will allow the experts to work without the fear of responsibility. SCADA security One of the most important problems discussed at the forum was the security of industry systems. The following works were presented: the report “Are ICS Models Needed to Ensure Information Security of Industrial Systems” by Ruslan Stefanov, the section “ICS Security — an Oxymoron or the Task of the Decade?” by Garald Bandurin (RusHydro) and the presentation by Positive Technologies “SCADA Strangelove: How to Build Your Owen Stuxnet” in which the team announced the release of the new utilities for checking ICS security. Moreover, each participant of the forum could take a close look at industry systems security thanks to the Choo Choo Pwn contest. The goal was to obtain access to a model of a system which controls a railroad and cargo loading by exploiting vulnerable protocols or bypassing authentication of SCADA systems and industrial equipment web interfaces. In the middle of the day, a related hands-on lab devoted to railroad ICS was delivered by Ilya Karpov, Alexander Timorin and Dmitry Efanov. Leave ATM Alone Leave ATM Alone, a hands-on lab on ATM’s software security, generated considerable excitement. It was performed twice by Olga Kochetova and Alexey Osipov in the contests area. Labyrinth The Labyrinth contest was also quite popular. The participants were to get over the laser field and motion detectors, open secret doors, clear the room of bugs, combat with artificial intelligence, and render a bomb harmless. PHDays CTF: Levart D'Errorim This is the third time the PHDays CTF contest is held. Ten teams from six countries are engaged in a fierce struggle: they are to attack the opponents’ systems and defend their ones. The contests are held within one legend: this time the rescue of D’Errorim is prepared for the contestants. You can follow the struggle not only at the venue but also online via the the PHDays broadcasting and special mobile apps for iOS and Android. Tomorrow on May 24 in addition to a great number of hands-on labs and reports, the forum’s participants will hear the report of a key speaker Marc “van Hauser” Heuse. The audience will also see numerous contests (held at the venue and online) and the PHDays CTF final. Follow the news!
Positive Hack Days III Online Competitions
If, for some reason, you will not be able to visit the venue of Positive Hack Days on May 23 and 24, this doesn’t mean you should miss the opportunity to participate. Thanks to the competition program of the forum, anyone will have a chance to compete with contestants from all over the world during exciting online Positive Hack Days III challenges. Best Reverser The purpose of the contest is to demonstrate good knowledge in analysis of executable files for Microsoft Windows. The contestants will be offered to generate a code that will successfully pass validation in a special program. It is only possible to enter another code after the successful validation of the previous one. You can use any method that complies with the law of the Russian Federation. The participant who is the first to generate three valid codes and to provide the jury with a concise description of the process of obtaining the codes, will be the winner. The participants who accomplish the task later than the winner, and those who generate two codes or even one, have a chance to take prize-winning places according to the jury's decision. The contest will last for two days during the forum. Hash Runner Hash Runner challenges the competitors’ knowledge of cryptographic hash algorithms and skills of cracking password hash functions. К конкурсу допускается любой интернет-пользователь. Any Internet user can participate in the competition. You can register via the website phdays.com (the registration is in full swing!). The competition will last through the forum days. Competitive Intelligence The competition will enable participants of the forum to discover how quickly and accurately they can find useful information on the Internet. The competition web page will contain questions concerning a certain organization, information about which can be found online. The task of the competition participants is to find as many correct answers to the questions as possible in the shortest time. The results will be announced at the end of the second day of the forum. PHDays III Online HackQuest The PHDays 2013 program will include Online HackQuest, a competition for the Internet users that offers participants to try their hands at solving various information security tasks. The participants will be provided with access to the site with a list of tasks. The tasks are grouped according to their type and level of difficulty. Once a task is solved, the participant obtains a key (flag) to submit to the jury via a special form. If the flag is valid, the participant will score an appropriate number of points. The participant who scores the maximum points quicker than others becomes the winner. The competition is open for any Internet user. You can register on the PHDays website, from the moment the forum starts. The contest will be held for two days, during the forum. The winners of the contest (first, second, and third participant) will receive prizes from the PHDays organizers (Positive Technologies) and the sponsors of the forum. The registration is at its high! Do not miss the chance to demonstrate your skills and have a great time. Details on competitions and prizes are available on the official Positive Hack Days web site.
Theory, Practice, and Minimum Ceremonies — PHDays III Program Published
The international forum on information security Positive Hack Days III will start in two days! Today you have a possibility to learn the final event program, which consists, as it was last year, of two parts — the conference and hacking contests. The conference includes: - Reports covering various information security issues (and not only), which will be delivered by the leading experts such as Marc Heuse, Travis Goodspeed, Nick Galbreath (IPONWEB), Vladimir Vorontsov (ONsec), Michel Oosterhof (RSA EMC). - Workshops supervised by well-known specialists, who will share their experience in solving various information security problems. - Business sections, discussions with experts from different countries, as part of which the most urgent information security issues (from cybercrime to the role of the youth in the industry development) will be talked over. - Hands-on labs intended for specialized audience, which will be held by recognized practicing experts. - Fast Track reports with more than fifteen short talks covering very interesting information security issues. All the PHDays reports and workshops are ranged according to difficulty levels. Level 100: reports, workshops, or seminars intended for wide audience. Level 200: reports include specific information, which may be difficult to understand relying on general knowledge only. Level 300: the target audience is specialists with profound knowledge and practical experience in information security. See the details on the official website. Contests program: - The Labyrinth is a hacking attraction, a real obstacle course, the participants of which will need to get over the laser field and motion detectors, open secret doors, clear the room of bugs, combat with artificial intelligence, and render a bomb harmless. - Choo Choo Pwn is a contest related to hacking of SCADA systems, which control railway traffic on a specifically built railroad. A unique opportunity to derail a train without any disastrous effect. - Leave ATM Alone, in the course of which the visitors can try themselves in searching and exploiting vulnerabilities in ATMs. - Hash Runner is a contest, in the course of which the Internet users will demonstrate their knowledge of cryptographic hash algorithms and skills in cracking password hash functions. - Best Reverser is one more online contest. The participants will need to demonstrate good knowledge in analysis of executable files for Microsoft Windows. The full list of contests, which will be held during the forum, is available on the PHDays website.
The NetHack Qualifying Round Ends
For a week, from May 7 to 15, hackers from all over the world were engaged in a fierce struggle during the NetHack competition. The participants needed to demonstrate their skills in obtaining control over network infrastructure via exploiting misconfiguration of the equipment. One hundred and twenty-six solutions for the competition task were offered: the Positive Technologies experts in network security received 14 letters a day on average and evaluated the solutions. Eight finalists who showed the best results have been defined: eJay,Melange, VeDoK, st.As, Volt, marsei, Foxter, Platon The finalists will get invitations to Positive Hack Days III and keepsakes. Congrats! In the final (which will take place at the forum on May 24 at 3.00 pm) the goal is to obtain access to the game network during a limited period of time, then get to the unrouted segment that contains a certain automated system and to obtain access to that system. The winner will be awarded a special prize by Cisco, a technological partner of the forum. See you at PHDays!
HackQuest is Completed. Best Reverser is Ready to Start
The epic hacking competition PHDays HackQuest has come to an end. The competition was organized by ONsec_Lab. It lasted from May 1 to 13 and drew 1441 participants, 112 of them solved at least one task. Results The racing continued right to the last minute. The top three was stable until the end of the contest: JustRelаx, MERRON, Bo0om. However, the sly tactics of capturing flags two minutes before the ending allowed one of the participants, namely karim, to win the contest. Bo0om also captured another flag at the last moment and left MERRON on the fourth place, from which he was overtaken by Yngwie. So karim, who was the fourth not long before the end of the contest, won by 50 points. JustRelax being the leader throughout the contest took second place. Bo0om came in third. We’ll keep our promise: 10 participants who showed the best results will get invitations to Positive Hack Days and special T-shirts (1 place — 5 tickets, 2 place — 4 tickets, 3 place — 3 tickets, from 4 to 10 place — 1 ticket per participant). Moreover, the top three participants will get diplomas. Scoreboard in the Norton Commander style: The top ten: 1. karim 4780 2. JustRelax 4730 3. Bo0oM 4530 4. Yngwie 3930 5. MERRON 3830 6. DarkByte 2920 7. RDot.Org 2750 8. Promix17 2730 9. Dor1s 2550 10. push 2530 The forum organizers decided to provide an invitation for each of the sixteen participants who scored more than 1,000 points. Here are the lucky men: · Phobo5 2430 · dipi shmot 2420 · freeoks 2400 · movsx 2330 · kosmonavt 2330 · Samosad 2150 · Artemnv 1970 · flak 1800 · jick 1550 · n0ne 1430 · victor 1400 · daniel 1340 · kost 1110 · mrbio 1100 · Yoda 1070 · endragor 1030 Congrats! See you at PHDays III! Tasks The task of factorization of RSA 512 bits gained plenty of interest. The winner of the contest is karim from the Bushwhackers team. It took him 190 CPU hours of 20 CPU Intel XEON (32 threads each) to solve the task. By the way, karim is the only one who manage to solve the task. Moreover, many participants found the oldbook contest quite entertaining. During the contest, the participants were searching for the oldest book about computer sciences. Due to the publication date of the find, additional points were scored (100 points for every 5 years). Here are the oldest publications that the participants managed to find: · Svoboda, A., Computing Mechanisms, Moscow, Foreign Languages Publishing House, 1949 · Murray, F., The Theory of Mathematical Machines, Moscow, Foreign Languages Publishing House, 1949 There is another book that is worth mentioning: Voronov, A., Elements of the Theory of Automatic Control, Moscow, Voenizdat Publishing House, 1954 Almost half of the participants solved the task of finding out the real name of the ONsec CEO, Vladimir Vorontsov. The value of the unsolved tasks increased every day, and some difficult tasks were simplified during the contests (sidkf, xlc, LIE TO ME etc.). Best Reverser The HackQuest contest completion does not mean you won't be able to fight online with the best hackers from every corner of the world. During Positive Hack Days (May 23 and 24), the Best Reverser competition will be held. Any Internet user will be able to take part in the contest and to demonstrate his or her knowledge in analysis of executable files for Microsoft Windows. Rules A specially designed program will be offered. You should generate codes for the program so that the program considers them to be valid. You can use any method that meets the law of the Russian Federation. The participant who is the first to generate three valid codes and provide the jury with concise description of the process of code generation, will be the winner. It is possible to enter another code after successful validation of the previous one. The participants who accomplished the task following the winner and those who generated one or two codes, will take a prize-winning place according to the jury's decision. The winner will receive AR.Drone 2.0. Participation Terms The competition is open for any Internet user. You can register on the PHDays website, from the moment the forum starts. The contest will be held for two days, during the forum. The winner should provide contact information (name, telephone, e-mail) or be present at the awards ceremony to receive his or her award. Technical Details The participants can use all the necessary equipment they have at their disposal. You can find more information about the contests and awards on the PHDays official website.
New Reports at PHDays III: From ICS Security, to the Analysis of Java 0-day Exploits
How to build your own Stuxnet? Are security systems safe? Is it easy to watch the people and why physical security is the basis of any kind of security? Today we would like to bring to you attention some of more than 30 reports of the main technical program of Positive Hack Days III. If You Can Write a Webserver, You Can Write a Thumb Drive Travis Goodspeed will speak on using the open source Facedancer framework to write emulators in userland Python for Mass Storage, Human Interface, FTDI, and Device Firmware Update protocols. The sockets work a bit differently, and the protocols aren't ASCII, but the principles and the libraries are no more difficult than HTTP. Practical examples of this technique include a tool for catching firmware updates by impersonating the DFU protocol and a prototype of a hard disk that actively defends itself against forensics tools and imaging. Faster Secure Software Development with Continuous Deployment Continuous Deployment allows developer to avoid long release cycles that disenfranchise from caring or even knowing about security issues. When done well, it can be transformative to your software lifecycle and change your security group from a reactive organization into an "in-house security consultancy" that developers come to for questions and assistance. Nick Galbreath, the Vice President of Engineering at IPONWEB, will speak on how to get started with continuous deployment and the tools and process needed to make it a security success. Attack Prelude: OSINT Practice and Automation Collecting and analyzing public information on the target, aka Open Source Intelligence (OSINT), is a mandatory stage of a modern pentest. The value of such analysis is difficult to overestimate, however, some skip this stage and start vulnerability scanning right away. It is a mistake, because collecting information on systems and personnel in the area of testing usually plays a crucial role in security audit and is essential for success of an audit conducted with the use of social engineering techniques. Vladimir Styran, the lead consultant at BMS Consulting, head of information security testing section. Abusing Browser User Interfaces for Fun and Profit Nowadays any modern browser is able to identify potentially dangerous or sensitive action requested by a webpage (file downloading, plugin installation, granting privileges to websites) and prompt a dialog box or a notification bar to require explicit confirmation from the user. Even though these improvements led to a greater degree of assurance, the notification mechanisms are far from being 100% safe. Rosario Valotta, an IT security professional with over 12 years’ experience, will show how notification bars in major browsers (Chrome 24, IE9, IE10) can be abused with little (or even no) social engineering, leading to users security compromise and even to conducting trivial code execution on the victim's machine. Who's Looking at You, Kid? A cell phone, an RFID badge could be tracked. Jeff Katz and aestetix, the members of the OpenBeacon project, will explore their latest findings and a real time location aware tracking system. The speakers will show demos of visuals they have created, teach the technology behind their infrastructure, and show how easily an innocent gadget can be turned into a powerful tool. Honeypot that Can Bite: Reverse Penetration The talk will consider the concept of aggressive honeypot, the main idea of which is that defense can be aggressive, and the options how it may work. The speaker will touch upon such topics as de-anonymizing attackers, filtering and detecting non-bot attacks, determining the attacker’s technical skill level, getting control of the attacker. Alexey Sintsov, a Senior Security Engineer at Nokia, will demonstrate a real experiment, real samples of attacks, and results from the realization of this idea. The speaker will also discuss some more interesting things such as whether one can exploit vulnerabilities of third-party services or only client-side vulnerabilities. Five Nightmares for a Telecom Five Nightmares for a Telecom are five stories on how to intrude into an operator’s network and perform an attack against packet services, how to gain control of the infrastructure, make money with VoIP and self-service portals. Some attacks already have precedents in the past, and others are just a fancy, which we hope will not become a reality. The speaker is Dmitry Kurbatov, an information security specialist at Positive Technologies. Lie to Me: Bypassing Modern Web Application Firewalls The founder, head and leading expert of the company ONsec, Vladimir Vorontsov will present a report that considers analysis of modern Web Application Firewalls. The author provides comparison of attack detection algorithms and discusses their advantages and disadvantages. The talk includes examples of bypassing protection mechanisms. The author points out the necessity of discovering a universal method of masquerading for vectors of various attacks via WAFs for different algorithms. Java Everyday. System Analysis of Java 0-day Exploits The report will cover the results of the system analysis of all zero-day vulnerabilities found in Java in 2012 in 2013 (CVE-2013-1493, CVE-2013-0431, CVE-2013-0422, CVE-2012-5076, CVE-2012-4681, CVE-2012-1723, CVE-2012-1507). The aim of the research was to detect regularities pointing out the same resource or the same method of vulnerability data search. The speaker is Boris Ryutin and the co-author is Alisa Shevchenko. SCADA Strangelove: How to Build Your Own Stuxnet While one is looking for lacking elements of the cyberweapon evolution, Positive Technologies experts want to get a glimpse of the future, where to create a full-fledged SCADA worm one will only need up-to-date Metasploit and a little skill of VBScript programming. Based on the research regarding the security of Siemens SIMATIC (TIA Portal/ WinCC /S7 PLC) series, the talk will cover the vulnerabilities which can be used to hack into ICS. The reporters will also demonstrate the ways of the worm propagation and its malicious impact on the system, ranging from the network level (S7/Profinet) to the web control interfaces, to the WinCC project files. Information on new vulnerabilities in Siemens SIMATIC series will be presented, as well as tools which can be used to analyze security and to find new vulnerabilities in ICSs. Lockpicking & Physical Security Physical security is an oft-overlooked component of data and system security in the technology world. While frequently forgotten, it is no less critical than timely patches, appropriate password policies, and proper user permissions. You can have the most hardened servers and network but that doesn’t make the slightest difference if someone can gain direct access to a keyboard or, worse yet, march your hardware right out the door. Those who attend this session will leave with a full awareness of how to best protect buildings and grounds from unauthorized access. Discussion as well as direct example will be used to demonstrate the grave failings of low-grade hardware ... much of which can be opened by audience members with no prior training. Deviant Ollam, Babak Javadi, Keith Howell will speak on what features to look for in locks and safes will be covered, and how to invest in systems that are easiest to manage in large environments. Evading Deep Inspection for Fun and Shell Evader is an excellent tool to find weaknesses in defenses and it is suitable for penetration tests and security audits. Olli-Pekka Niemi, a well-known specialist in information security, will go into technical details of the Evader and evasions and disclose evasions that still work with most of today’s security boxes. Find Them, Bind Them – Industrial Control Systems (ICS) on the Internet Do you happen to know that many industrial control systems are remotely administrated and can be found on the Internet via search engines like SHODAN. Johannes Klick, Daniel Marzin developed their own SCADACS Search Engine (SSE) and are going to compare the first results of the search engine with SHODAN. They will show the distribution of SCADA/PLC systems over the world with our "Industrial Risk Assessment Map (IRAM)" using SHODAN. IRAM also shows vulnerabilities and possible exploits. The speakers are also going to discuss what happens if you combine IRAM, SSE and exploits into one application. Protecting Organizations from Security Breaches by Persistent Threats, with Examples from RSA Michel Oosterhof (CISSP, CISM, CISA, GCIH), is a Senior Systems Engineer with RSA, The Security Division of EMC. Each enterprise is serious about protecting its resources, brand and intellectual property. Despite this, incidents happen because attackers also have huge resources to develop the means and methods of attack. The author of the report knows this first hand, because RSA is constantly under the gun attacks. As part of the report, the speaker would like to share his experience and expertise in the prevention, detection and minimize the effects of high profile APT-attacks on corporate and government infrastructure. Based on some use cases (Lockheed Martin and others) he will talk about Cyber Kill Chain concept, discuss typical patterns of attack and methods of reducing the risks associated with industrial espionage and cyber attacks. Also the speaker shares some cases and techniques based on his own experience on running internal EMC CIRC (Critical Incident Response Center). The complete list of the reports that will be presented at Positive Hack Days is available on the forum's official website. Besides standard reports, there are Fast Track reports in the PHDays III program, including more than 20 short talks that will cover a number of fascinating topics, from straightening a car out, to the methods of DLP bypassing. P. S. We have aggregated Twitter accounts into a separate list for you to subscribe to them easily:) P. P. S. Registration for the forum is still in progress!
Author of Hydra, Amap and SuSEFirewall Speaks at PHDays
Marc "van Hauser" Heuse, a well-known information security researcher, will be one of the key speakers at Positive Hack Days III. Marc has performed security research since 1993, found vulnerabilities in numerous products. Moreover, he is the author of various famous security tools, such as Hydra, Amap, THC-IPV6, THC-Scan and SuSEFirewall. In 1995 he founded the renowned security research group The Hacker's Choice (THC), which was the first group to, e.g., crack A5 GSM in 2006 within a minute. Since 1997 he works as a security consultant in one of the top-5 enterprise consultant companies. Since 2007 works as an independent security consultant. The subject of his report is secret. To hear the report of the well-known researcher, please register and visit Positive Hack Days on May 23 and 24!
NetHack: Win Invitation to PHDays!
The Positive Hack Days III program promises to be quite rich: reports, hands-on labs of the world leading experts, the CTF hacking battle, the Young School finalists’ presentations and a great number of competitions (held both online and at the venue). This time, to partake in the forum you can buy a ticket. But, anyway, is it the right path of a real hacker? It is much more interesting to get the ticket by fighting other specialists in information security. In case you think the same way, the NetHack contest is held for you. During the contest, the participants will be able to demonstrate their skills in obtaining control over a network infrastructure by exploiting insecure configuration of the equipment. Participation Rules The contest consists of two rounds. The participants, who passed the qualifying round, will get the tickets to Positive Hack Days III. In the final, the participants should obtain control over the network during a limited period of time, then get to a nonroutable segment which contains a special automated system and get access to the system itself. Anyone can take part in the competition. Directions for participants and the qualifying round task are available at . Prizes The winners will receive keepsakes from the PHDays organizers (Positive Technologies) and sponsors of the forum. Technical Details The selection and usage of equipment that may be needed to partake in the contest is up to the participants.