News
Positive Hack Days 10: The Origin to take place on May 20–21, 2021
The iconic Positive Hack Days forum will open its doors on May 20–21, 2021, at the Hyatt Regency Moscow Petrovsky Park. This year we will not just talk about attacks and defense, we will take on the audacious role of writers of history, describing transformation and the beginning of a new era. The event will be held in a hybrid format: some will be able to attend it in person, and some will be able to watch a live online broadcast. The broadcast will allow you to view the main halls and backstage of the forum from different angles through dozens of cameras and experience total immersion thanks to the filming that is on a par with the TV format. Russian and foreign developers, representatives of governmental authorities, CIOs and CISOs of the largest Russian and international companies, leading experts from banks as well as telecom, oil and gas, industrial, and IT companies are going to speak at PHDays. The program consists of dozens of presentations, workshops, hands-on labs, round tables, and lectures. The forum will traditionally include a large-scale competition program developed by leading cybersecurity experts, based on all the wide experience of conducting PHDays. Contests are an important part of the event: they visualize the infosec threats around us. "We came up with the concept of The Origin last year, but time has shown that it happened a bit prematurely: it should take place right now. And this is associated not only with the post-COVID era and the dramatic increase in the importance of digital technologies, but also with the overdue necessity to reassess the information security model, which will change the established infosec role in business," said Vladimir Zapolyansky, Director for Marketing and Corporate Communications at Positive Technologies. In 2020, The Standoff, the world's largest open cyberbattle, separated from PHDays and became an independent activity. This year, The Standoff will become a full-fledged partner of the forum for the first time. The Standoff cyber-range is a digital replica of a modern metropolis, emulating the real city infrastructure with its industrial and energy complexes, financial system, banks, transport infrastructure, entertainment facilities, and business center. The virtual city will become a battleground for red and blue teams and will clearly demonstrate how important it is for today's businesses to have a risk-oriented information security strategy. The battle will take place on May 17–21, and its results will be given wide publicity within the PHDays framework. "Technologies are not easy to visualize because we can't always show their internals in the form of servers, cables, and light bulbs, and we are working towards the solution," says Vladimir Zapolyansky. "At The Standoff you can clearly convey to any audience the idea of how technology is woven into the modern city and into our lives and how dangerous the consequences of cyberattacks may be. It is a place to try out any hypotheses, a place where anyone can anticipate and avoid catastrophic consequences in real life." "Positive Hack Days reflects the expertise and knowledge content of the IT and IS industries in Russia. Every year, the role of IT in the world is growing, and technology is developing at an incredible pace. That is why we believe that The Origin, the central theme of the event, should be put forward now, in the Year of Science and Technology in Russia," says Victoria Alexeeva, Program Director of Positive Hack Days. See you on May 20 and 21 at PHDays!
EPAM Systems’ Zed Conference Brings Cyber Security to The Agenda through The Standoff Cyber Range
To raise cyber security up the agenda for their event attendees and customers, EPAM Systems’ Zed Conference partnered with The Standoff cyber range to demonstrate the risks and vulnerabilities presented by cyber attacks firsthand. On Tuesday 3rd December Vladimir Zapolyansky, CMO of Positive Technologies, was invited to Zed Conference to summarize the results of The Standoff cyber-range event. Vladimir was joined by Sam Rehman, SVP Chief Information Security Officer at EPAM, and Adam Bishop, Director IT Security at EPAM, to discuss the highlights of The Standoff cyber-range, which took place virtually across three continents on 12-17 November. The Standoff saw 250 cyber security experts compete - as 29 attacking red teams faced off against six defending blue teams in a one-of-a-kind cyber range competition. The full-fidelity cyber-range built for The Standoff contains the same hardware and software as a real city, including an airport, amusement park, gas distribution company, oil company, powerplant and more. The objective is to pursue a new risk-orientated approach to cyber security, uncovering threats in a realistic environment that demonstrate the importance of defense and make security products smarter. Adam Bishop, Director, IT Security at EPAM said: “Security is a major track featured at this year’s EPAM ZED conference. It is important to highlight EPAM’s participation in the Standoff, a unique and rewarding experience for our offensive and defensive teams.” Vladimir Zapolyansky, CMO of Positive Technologies said: “The purpose of The Standoff competition is to raise awareness of the vulnerabilities and security risks that exist in the real world. We have created the most realistic cyber-range environment in the world to replicate potential attack scenarios and educate businesses on how to protect themselves. “The collaboration with Zed Conference brings this one-of-a-kind experience to their audience, helping them to gain a practical understanding of how cyber attacks work. I would like to thank our partners at EPAM who have collaborated with us to make The Standoff a success and helped to promote our new approach to cyber security.” Catch up on the highlights and insights of The Standoff shared at Zed Conference here: .
The Standoff wraps up: only port and railroad unscathed by attacks
Six days of more than 70 talks and roundtables brought over 20,000 visitors By the end of the last day of the battle at The Standoff, attackers had successfully breached the perimeter of all six organizations and gained persistence on corporate networks. But they had a harder time with triggering business risks thanks to the work of experienced defender teams. Systems were taken offline at the airport, amusement park, gas distribution station, oil company, and power plant. The business center and bank were hit as well. While hackers were able to show materials of their choosing on billboards, the port and railroad remained intact. Here we will give our round-up of all the action at The Standoff. Online talks included experts speaking on such topics as gaining physical access to a building, faking a voice in five seconds, recovering ransomed files, intercepting smartphone data on 5G, and much more. Meanwhile, in the cyber-range competition, the winning attacker team was Codeby (27,123 points), followed by back2oaz (24,463 points) and DeteAct (18,508 points). Collectively, the attackers were able to trigger 47 percent of all the risks that had been designed. Of the 24 unique triggered cyber-risks, 2 were novel and unanticipated by the organizers. The jury accepted more than 50 task completion reports from attacker teams. Defender teams were able to detect more than 200 security incidents on their respective infrastructures. Incident detections were highest for the teams IZ:SOC and CT&MM. The teams performed 21 investigations. The average investigation took 11 hours and 50 minutes from start to finish. All of the mock city's companies had to grapple with the aftermath of cyberattacks. Here are some of the most serious cases: At the Nuft petrochemical plant, an accident led to toxic leakage. Attackers were able to gain access to the plant's controls and closed the refrigeration intake, which caused overheating and disrupted the chemical manufacturing process. Soon after, the attackers were able to halt the process entirely. A cyberattack disabled oil extraction equipment, causing production to stop. The attackers also accessed the oil storage controls and disrupted the process for transport of oil to storage tanks. They later were also able to disable the controller responsible for managing petrochemical transport. At the 25 Hours amusement park, the Ferris wheel fell over. A team gained access to the controls and increased the rotation speed to the highest value, causing the Ferris wheel to collapse. They finished by disabling the Ferris wheel's controller and turning off lighting to prevent visitors from leaving. Bank attacks enabled theft of funds from individuals' accounts, as well as theft of data regarding bank clients (name, account balance, card PAN, etc.). Valuable documents were stolen from two companies. Employee personal data was stolen from five companies. During the closing minutes of the competition, back2oaz accessed climate controls for the office buildings and could change the temperature settings. Some risks were made possible by poorly protected corporate websites. These include disruptions to the amusement park's online ticketing offices, as well as plane ticket sales and passenger check-in systems on the airport website. However, the majority of risks required first accessing the company's local network. Here, too, we see that attackers started by looking for vulnerabilities in web applications in order to breach infrastructure. Defender teams reported on successful attempts to exploit such vulnerabilities. The first vulnerability was found by n0x in a Nuft system just 19 minutes after the start of the competition. The jury received a total of 433 bug bounty reports. Almost half were SQL injection, while a quarter involved remote code execution. Two thirds of all vulnerabilities were found at the city's Nuft and Big Bro Group. The largest number of risks (8) was triggered at 25 Hours, the mock company that owned the city's business center, HVAC system, traffic lights, and amusement park. The runner-up, with seven unique risks triggered, was oil company Nuft. Only the railroad and port escaped unscathed. Life and limb at risk in one third of cases According to Maxim Filippov, Director for Russian Business Development at Positive Technologies, a third of the risks at the cyber-range could have caused some form of physical harm to people. At the Kommersant business session during The Standoff, he noted some of the novel aspects added to this year's competition. Filippov said: "Every business modeled on the cyber-range has certain risks associated with it: disruption of operations, leak of personal data, loss of confidential documents, and so on. There are no ready-made attack vectors here. Instead, we create a space for red teams with freedom of action to hack and probe systems. We observe as they hack, analyze traffic, and build their attack chains. The result is valuable insight that then gets distilled into our products." Dmitry Serebryannikov, Director of Security Analysis at Positive Technologies, added: " We did not expect half of the risks to be triggered. That's a lot, particularly given that we had little time. This year, the level of attackers has really increased." Mikhail Pomzov, Director of Knowledge Base and Expertise at Positive Technologies, explained in more detail: "This year, the job of defenders was to prove their ability to monitor an incident at every stage. Their overarching aim was to keep an eye on the functioning of services and, as quickly as possible, fix any disruptions caused by the attackers' actions. The defenders were evaluated based on the number of attacks they detected, average incident investigation time, and infrastructure uptime—after all, the longer that services are down, the worse defenders are coping and the more damage is being done by attackers." Hacking doors, banks, and 5G Many hackers dream of gaining physical access to hardware or facilities. Robert Sell, President of Trace Labs, in his talk described the eight steps taken by attackers to obtain physical access to a facility of interest. He showed how criminals (or pentesters) scope out their target, along with the pretexts they have ready in case they are caught. He also talked about tools for breaking and entering, plus ways to cache them in the target building for later use. Today's banks should be less worried about their vault doors and more about their information security. Timur Yunusov, Head of Research at Cyber R&D Lab, demonstrated how many banks are poorly protected against fraud, complete with real examples of attacks on European banks costing hundreds of thousands (or even millions) of euros. Timur analyzed the typical mistakes made by security and risk management teams in the financial sector, along with real-world advice on how to avoid issues. The latest and most complicated solutions—such as machine learning—are often unneeded when it comes to stopping many threats to banks. Instead, banks simply need to follow time-proven steps to address specific vulnerabilities and take a hard look at how much they lose from specific attacks in order to prioritize security efforts.
The Standoff approaches its climax: red teams hack city billboards, rob the bank, and trigger an emergency at the petrochemical plant
The last two days also included 15 talks given by information security experts Disaster has struck the cyber-range at The Standoff! Attackers successfully transferred money from the bank cards of mock-city residents to their own accounts, froze production at the petrochemical plant, and caused a system failure at the airport. By the end of the fourth day, 13 different business risks had been triggered. Meanwhile, in a much calmer but no less exhilarating environment, The Standoff expert speakers discussed current threats to information security, many of which bear relation to COVID-19. These include vulnerabilities in medical image-recognition systems, problems with IP telephony and video conferencing products, and attempts to hack VPNs. A hot day at the factory Red team back2oaz continued their attack on the Nuft petrochemical plant. This time, they gained access to the plant control system, allowing them to close off the inlet valve to the refrigeration circuit. This led to overheating and disrupted the plant's chemical production processes. But the attack didn't end there—soon back2oaz succeeded in completely immobilizing the production process. Were this attack conducted on a real petrochemical plant, and not just in the mock-city of the cyber-range, the situation could lead to the injury and death of factory workers, as well as to toxic spills causing environmental pollution. Attackers once again compromised the systems of the airport in Heavy Ship Logistics: team Hack.ERS succeeded in breaking into the system and making away with passengers' personal data. On Friday night, the blue teams submitted 17 reports on registered incidents. A third were attacks on web applications. The defenders managed to submit 4 reports on incident investigations. On average, blue teams have required nine hours to investigate detected incidents. Earlier this week, the defenders of the business center were the first blue team to submit an incident investigation report, which cataloged the deletion of fines and damages data from the center's computer system. The team took additional time to investigate the incident in detail and understand how each of the two red teams conducted their attacks. It's certainly no easy task to sort out the details of two attacks that took place at practically the same time! On the second day of the event, red teams submitted 63 reports on identified vulnerabilities. They found the greatest number of vulnerabilities in the systems of the companies Nuft and Big Bro Group.
First results from The Standoff: red teams hacked the airport, the municipal system for fines and damages, and the petrochemical plant
The first two days of the event also included over 30 presentations given by information security experts, which were viewed by over 13,000 participants around the globe. Is it possible to trigger a blackout in a megapolis the size of Moscow or New York? Many researchers in information security believe they could do it in just a few days. On The Standoff cyber-range, those claims can be verified. In the course of the six-day cybersecurity marathon, hackers search for weaknesses in the power grid of a digital mock-city, do their best to derail trains, and see if they can successfully disrupt the operations of an airport. A third of the event has already gone by. The attackers have managed to compromise the oil field and petrochemical plant, as well as the IT systems of the airport and business center. Meanwhile, information security experts have given a multitude of fascinating presentations to eager viewers. We've learned how to hack a smartphone with a lighter, install video games on a point-of-sale terminal, and make an AI confuse a car with an ostrich. Keep reading to learn more! Online apocalypse A mere 2 hours and 50 minutes after the beginning of the confrontation, team back2oaz already managed to penetrate the network of the Nuft petrochemical plant (it attracted 60% of all attacks on the first day). back2oaz also succeeded in gaining access to the computer of the director of the Oil Department and stole files containing information on tenders. Another battalion of keyboard-armed gladiators, DeteAct, managed to disrupt the ticket sales system of the mock-city's airport. Now passengers are unable to buy tickets online. The attackers also caused failures in the airport's check-in system, and passengers who have already purchased a ticket have found themselves unable to check in for their flights from their personal accounts—even when using the form of an airport employee. On Thursday night, the city's business center was attacked twice. Teams SpbCTF and n0x broke into the city portal database within two hours of each other and deleted information on fines and damages owed by citizens. "Classical CTFs can't solve the big problems that we face in everyday life—they are focused entirely on theory. The Standoff is an opportunity to examine the real issues that face us—things like failures of medical equipment or problems at oil loading stations, which, of course, are much closer to reality." — Hack in the Box CEO Dhillon Andrew Kannabhiran. "The Standoff isn't just a platform for cybersecurity training— it's an environment that models key IT processes. Organizations can "bring" part of their IT infrastructure to the platform, call in information security experts from all over the world, and those experts will help identify and fix the systems' vulnerabilities before they "burst" into real life and ravage a business." — Andrew Bershadsky, director of the Positive Technologies Competency Center. Hardcore: Snake on a POS terminal and how to hack a smartphone with a lighter Generally speaking, the devices around us run on old and insecure operating systems. This is certainly true of POS terminals, which we use to make purchases in stores every day. Independent researcher Danila Parnishchev spoke about the security shortcomings of Verifone equipment that uses the Verix OS. Parnishchev connected to a POS terminal via an HDMI cable then used an exploit to load on a game application, allowing him to play Snake on the terminal. If a hacker wished, they could load malware onto the terminal instead of an innocent video game classic.
The Standoff: Black-hat hackers combat!
The Standoff cyber-range has experienced a DDoS attack. The attack on the main website IP address occurred the day before, on November 12, and was successfully filtered out by the cloud service of Qrator Labs, a technology partner of the project. More than a thousand addresses from various networks and regions were involved in the DDoS attack. The top 5 countries were Brazil, India, Indonesia, Russia, and Thailand. The recorded traffic was 500 times higher than usual, but the Qrator Labs cloud service managed to catch everything at the entrance to its filtering network, and website visitors did not notice anything. The attackers' attempt to disrupt cybertraining has failed. "The DDoS attack on the web resource of The Standoff cyber-range was conducted by using SYN flood. In a fairly short period, attackers sent a large number of SYN connection requests via TCP. The Qrator filtering network blocked malicious traffic sources from the very first request, and the website continuously maintained its working capacity in normal mode. Qrator Labs keeps monitoring the traffic of the largest cyber-range and will protect it from the most sophisticated network attacks," says Artyom Gavrichenkov, CTO, Qrator Labs.
New talks at The Standoff: the art of the breach, protection from ransomware, and automation of honeypot
We continue to introduce you to the upcoming talks at The Standoff online conference. How do hackers break into IT systems step by step? Is it possible to recover data after a ransomware attack? Why should we automate honeypot? These questions will be answered by the speakers we are announcing today. The art of the breach Robert Sell, President of Trace Labs, will tell how hackers gain physical access to the equipment or area where the IT resources they strive to obtain are located. Such physical access is often required for the exploitation of various vulnerabilities. The talk takes the attendees through a step-by-step process to get from the sidewalk to the president's filing cabinet so everyone can see not only the steps, but how an attacker would plan the entire event. This ensures that every single audience member will have at least one point of value to bring back to their office. Investigations and bulletproof hosting Vladimir Kropotov and Fyodor Yarochkin, researchers at Trend Micro, will tell about pivoting techniques in investigations of bulletproof hosters. Cyberattacks leverage network hosts for a variety of different purposes. Bulletproof hosting services are used to build C2 servers, deliver exploit payloads or for hosting phishing pages, as well as other components of an attacker's network infrastructure. The speakers will highlight techniques of pivoting through indicators and tracing its origin. Programmer vs ransomware Dmitry Sklyarov, Head of Reverse Engineering at Positive Technologies, will tell how he managed to recover his friend's data and find online keys for many victims of STOP (Djvu) malware. To solve this problem, he had to think like a programmer. Honeypot infrastructure and automation Matthias Meidinger, Software Engineer at VMRay, will show how the plethora of collected data and payloads can be visualized and processed with as little manual work as possible. Honeypots can provide valuable insights into the threat landscape both on the open Internet as well as your internal network. But deploying them correctly, and interpreting activity on them, is not easy. This is a follow-up to the VB2020 talk "Like bees to a honeypot," which focuses on generated data, its visualization, as well as automation and integration of multiple systems. COVID-19 and IS issues In addition to the talks, The Standoff conference will also include a series of interviews with international IS experts. For instance, Costin Raiu, Director of the Global Research and Analysis Team (GReAT) at Kaspersky, will tell what impact sophisticated attacks have on healthcare at COVID-19 time. Also, Sergey Golovanov, Principal Security Researcher at Kaspersky, will answer the question of how to react to information security incidents during COVID-19.
More topics to be discussed at The Standoff: ICS security, approaches to disclosure of dangerous vulnerabilities and evasion attacks against computer vision
We continue to introduce you to the program of the online conference, which will be held as part of The Standoff. Please find announcements of other talks on the Positive Technologies website (first and second announcements), and here are five more interesting topics. How to disclose serious weaknesses In the "Kr00k," the talk given by Robert Lipovsky, Senior Malware Researcher at ESET, you will learn the details on his responsible disclosure process of serious security weaknesses identified in chipsets used by a significant number of Wi-Fi capable devices. Robert will also tell how he successfully cooperated with vendors while they prepared patches. The presentation will include technical details and a demonstration, where the speaker will show how his team triggered a reassociation to set an all-zero encryption key and decrypt intercepted packets. He will also discuss the potential impact of these vulnerabilities, along with the limitations of exploiting them. Specifically, the speaker discovered that FullMAC Wi-Fi chipsets by Broadcom (Cypress)—and possibly other manufacturers—are vulnerable to encrypting packets in a WPA2-protected network with an all-zero encryption key. The number of affected devices is likely over a billion including devices by Amazon, Apple, Samsung, and others that use the vulnerable chipsets. The chipset-level all-zero-key vulnerability has been assigned CVE-2019-15126. How to hack a factory Vyacheslav Moskvin, Senior Specialist of ICS Security at Positive Technologies, will conduct a three-day workshop on ICS security. Specially for pentesters and reverse engineers. The speaker will describe ICS features and tell how to hack the system. Specially for reverse engineers, the talk will cover firmware analysis of industrial devices: the speaker will provide an overview of their internals, explain how to obtain the firmware, and outline the first steps of the analysis. Verix OS security Independent researcher Danila Parnishchev will give a talk about the design and security of the Verix OS, a proprietary platform for POS terminals that has its own SDK, binary executable format, and developer documentation. Although recent trends in digital payments suggest that mobile POS terminals may eventually replace this old platform entirely, it is still widely used all over the world. Therefore, the security of the Verix platform remains an important and timely topic. The talk describes the internal structure of the OS, as well as external protocol for uploading and downloading files to and from Verifone terminals. It also introduces tools developed for static analysis of Verix binary applications. And, of course, security issues will also be presented, including a critical vulnerability that allows bypassing signature verification and running arbitrary applications on POS terminals. Best practices of vulnerability disclosure Cesar Cerrudo, Chief Technology Officer at IOActive Labs, will give a talk that can help those companies that are not mature enough to improve their vulnerability disclosure processes, and also make researchers more collaborative and their lives easier. In 20+ years working in cybersecurity, the speaker reported more than 1,000 vulnerabilities to a wide variety of companies. The response (or lack thereof) from different vendors was also very different, depending on vendor security maturity. Based on his experience, the speaker came up with a list of disclosure laws which he is willing to share. Evading machine learning antimalware models Hyrum Anderson, Principal Architect at Azure Trustworthy Machine Learning, Microsoft, will talk about evasion attacks against computer vision. The speaker's research shows that while the underlying concepts of evading machine learning remained constant, an evolution of tactics from manual bypasses towards automated learning methods manifested itself in just over a year. Hyrum will review the concepts and evolutions, highlighting a relatively sophisticated sequential optimization attack against black-box antimalware models.
First talks at The Standoff: machine learning vulnerabilities, red teaming tools, and forensic artifacts
Less than a month is left until The Standoff, a unique global information security event. We are putting the finishing touches to the cyber-range infrastructure, completing the formation of the red and blue teams, and preparing the conference program, which will be an important part of the event. Today we present the first group of speakers whose presentations have already been included in The Standoff discussion section. So here is what they will talk about. Vulnerabilities of machine learning infrastructure The boom of artificial intelligence brought to the market a set of impressive solutions both on hardware and software sides. On the other hand, massive implementation of AI in various areas brings about problems, and security is one of the greatest concerns. Sergey Gordeychik, CIO at Inception Institute of Artificial Intelligence, will present results of hands-on vulnerability research of different components of AI infrastructure, including NVIDIA DGX GPU servers, ML frameworks, such as PyTorch, Keras, and TensorFlow, data processing pipelines and specific applications, including medical imaging and face recognition–powered CCTV. Also, updated Internet Census toolkit based on the Grinder framework will be introduced. Red teaming simulation: unique attacks of lateral movements In his career, Lawrence Amer, a vulnerability researcher at PwC's DarkLab, reported medium- and severe-level vulnerabilities in Adobe, Carbon Black, CrowdStrike, eBay, Facebook, Microsoft, Sony, and Yahoo. At The Standoff, Lawrence will talk about techniques of lateral movements, and how attackers can achieve their goals before they get on the radar. The speaker will also introduce frameworks and tools which will help red teams in their operations. How to hack medical imaging applications via DICOM Maria Nedyak, a developer at BI.ZONE, will talk about DICOM, one of the core technologies used in medical imaging applications along with machine learning. Maria has conducted security analysis of popular DICOM servers, protocols, and libraries employed in medical imaging systems. In this talk, the speaker will present the most interesting security bugs in the DICOM ecosystem and demonstrate how easy it is to find critical flaws and how to fix them quickly. SailfishOS: forensic artifacts Krassimir Tzvetanov, an expert in information security and graduate research assistant at Purdue University, will talk about SailfishOS, a Linux kernel-based operating system, mostly deployed on cell phones. It is being rapidly deployed in Russia, India, and China, where it is used by government agencies and large companies, such as Huawei. While popularity is growing, there is no sufficient research in this space, so it is likely for investigators to encounter it in the field. This presentation shows the mapping of the digital artifacts pertinent to an investigation, which can be found on the file system of a phone running SailfishOS 3.2. It covers call logs, text messages, location services, address books, and other important artifacts. Safety of the Safari reader mode You might have come across a nice article on a website fully loaded with different advertisements, funky background images and sounds. To deal with it, browser vendors created reader mode. In his talk "My hacking adventures with Safari's reader mode," Nikhil Mittal, a security consultant at Payatu Software Labs will describe some major flaws in reader mode which result in security policy bypass. We continue to accept applications from speakers. If you want to talk at The Standoff, please, fill out this form.
The Standoff: worldwide virtual cyber-range highlights real-world cyber risks and defensive techniques
Event to include large-scale controlled offensive and defensive competition and online conference on top cybersecurity issues (November 12–17). Rapid digitalization continues to impact nearly all aspects of our lives. But along with the benefits come risks that did not exist prior to the interconnected digital world. From sensitive information disclosure to financial loss and risks to physical safety, the threats in the new digital paradigm are real. The Standoff aims to uncover these risks, empowering industry participants to address key issues and move towards a more secure tomorrow. This global event will be held on November 12–17 across three continents. The Standoff is an excellent example of collaboration between leading security and technology companies and conferences, including Positive Technologies, EPAM Systems, Microsoft, Cyber R&D Lab, and Hack In The Box. Attendees will see the best offensive and defensive cybersecurity teams in the world come together to enhance their skills in an online competition format. Would you like to join us to create a new approach to security analysis of new technologies and develop tools to model critical infrastructure threats without impacting the real world? If yes, then we are waiting for you at The Standoff. If there were a way to know in advance how new technologies will interact with each other and how the activity of cybercriminals will affect them, the world would be a safer place. By launching The Standoff, we aim to create a platform for digital modeling of events, such as cyberattacks on critical infrastructure. One of the centerpieces of The Standoff is an online offensive/defensive competition in which defenders (blue teams) compete against attackers (red teams) to control the infrastructure of a simulated digital city. The exercise goes far beyond the standard Capture the Flag (CTF) format, in which participants only solve security-related tasks. Instead, at The Standoff, both sides get access to the real equipment and software that control the whole of modern urban life and have to hack or defend the infrastructure in real time. Defending and attacking teams participating in The Standoff are often comprised of actual corporate teams that have taken the opportunity to improve their skills and gain unique experience. By competing at The Standoff, they gain a deep familiarity and training within days that might take months or even years in the real world. As a cyber-range, The Standoff contains a full-fidelity virtual copy of the manufacturing chains, business scenarios, and technology landscape typical of different industries. A wide range of real companies will be recreated at The Standoff 2020: defenders and attackers will have free run of a natural gas pumping station, port, rail terminal, chemical plant, fire station, oil refinery, amusement park, airport, electrical plant and substation (with windmills), plus business and financial center. A cyber-range of this kind is the only truly effective way to model threats and empirically evaluate the security level of specific technologies. These insights can be used by companies and governments to understand how a particular technology works in the real world and see the consequences of a successful cyberattack. At the event site, there will be an active round-the-clock Security Operations Center (SOC) equipped with all the latest security tools. The SOC, in conjunction with specialists from the Positive Technologies Expert Security Center (PT ESC), will help to make the virtual action at The Standoff visible to all. At the same time, The Standoff is also a cybersecurity conference with talks, workshops, and demos from global cybersecurity experts. As a cybersecurity marathon under The Standoff brand, it will start in the U.S. and go through Europe, the Middle East, and Asia, before ending in Russia. The Standoff unites different audiences and countries with one agenda and one idea—improving cybersecurity through real-world offensive and defensive exercises. The Standoff provides a unique communication platform for instant text and video feedback from the audience, which can flip between channels in real time. All attendees will be able to track reactions, join the conversation, and expand their network by adding new connections. This year will be the first time for The Standoff conference to arrive online in people's homes. It will provide all participants with an opportunity to share their experiences and gain valuable insights in achieving the core cybersecurity mission of making the world a safer place while strengthening trust in technology! Learn more: . Join us on social media: Twitter, LinkedIn. See you at The Standoff!