PHDays 8: full list of contests now available

4/26/2018

Every year at Positive Hack Days, contests offer the chance for the best hackers and defenders to show off and win glory. We have already announced a few new contests, some of which will be held online in the weeks leading up to PHDays. Here we'll share all about the contests that will take place at PHDays itself on May 15 and 16.

The Standoff

Of course, the center of the action is The Standoff, a 30-hour cyberbattle between teams of attackers, defenders, and security operations centers. At stake is a mock city built on a technologically advanced economy. The city precisely recreates all the digital infrastructure found in the real world: power plant and substation, railroad, energy-efficient smart homes, and banks with ATMs and self-service kiosks. And what modern city would be complete without cell phones, the Internet, and online services? The city is populated by corporate employees as well as simple folk who use smart gadgets in their daily lives.

Attackers are invited to use their imaginations and do absolutely anything that is not forbidden by the rules. The action will be monitored non-stop by our jury. This year's rematch is set to be decisive, since after 2016 and 2017, the sides are tied 1:1.

The teams themselves promise an exciting game, because all three sides will include participants who work in information security every day: integrators, vendors, and client-side information security staff. Learn all about the competition rules and participants: The Standoff.

HackBattle

The excitement is back with HackBattle, which made its debut last year. A qualifying round will be held on the first day of the forum; participants will be timed as they complete tasks of varying difficulty. The finale will be on the second day, when two hackers take the stage to attack the same target while viewers follow along on the big screen.

MITM Mobile

Today's phreakers are still targeting telecom companies—and you can become one of them thanks to MITM Mobile. Intercept the airwaves of our very own on-site mobile operator. The two participants completing the most tasks will win prizes. To take part, bring your own Osmocom, SDR, virtual machines, and other necessary equipment.

Leave ATM Alone

This classic crowd-pleaser will again offer the chance of a lifetime: 15 minutes to (legally) try to steal money from an ATM. Keep any money you can take! Total potential winnings are RUB 40,000. Attackers can look forward to network access on the first day and physical access on the second day. Perhaps you'll hit the jackpot?

CAMBreaker

Great news: CAMBreaker is returning to PHDays. See how well you can hack IoT devices and find zero-day vulnerabilities in popular IP cameras. We encourage web application aficionados, masters in firmware reverse engineering, and beginning Binwalkers to all take part. Bonus new to this year: firmware has been extracted for analysis from all devices (over 12 in total).

blzhquest

The St. Petersburg CTF (SPbCTF) community invites PHDays visitors to compete in a unique CTF. Be the first to reach the community's mascot, an enchanted hedgehog who has a few prizes for the best and brightest. Hack servers one after the other in order to climb higher on the pyramid. Each level of the pyramid consists of a set of tasks for web, reverse engineering, forensics, and crypto.

Prizes await the first to complete each level. At the top stands the hedgehog, eager to award the main prize to the first person to ascend the pyramid in its entirety.

To take part, walk up to the blzhquest stand and get the username and password for the contest network. Tasks can be completed from anywhere at any time during the forum. Laptop is required.

The Labyrinth

It's a smart home! At PHDays! Rostelecom has created The Labyrinth, in which participants are given 15 minutes and three tools of their choice to take on a smart home. To win, a three-person team must complete The Labyrinth without triggering any alarms and steal a special PHDays statuette from inside. Teams with the best times will receive prizes from Rostelecom.

2drunk2hack

It's a tradition to close out the PHDays contests with 2drunk2hack. Participants will compete at hacking web applications protected by a web application firewall, as well as maintaining their ability to think while inebriated. The objective is to successfully attack a firewalled web application. Every five minutes, the participants whose actions have attracted the most attention from the WAF will down 50 ml of high-proof consolation—and then head back into battle. Win by being the first to collect the main flag via executing commands on the server. Participants must bring their own hardware and software.

More information is available on the Contests page.