Results of Positive Hack Days

5/30/2011

The Positive Hack Days forum gathered a variety of representatives of information security industry. By estimations, the forum was visited by more than 500 people, including representatives of government agencies, technical specialists, top managers in the IT industry, independent experts, and hackers.
Two programs were conducted simultaneously: a business program, which included seminars and master-classes, and a hacking contest program. The organizers sum up the preliminary results.

PHD CTF Contest

The forum included the PHD CTF open international information security contest. Ten teams from Russia, USA, India, and Europe have been protecting their networks and attacking the networks of their rivals for 8 hours. There were a prepared number of vulnerabilities that exist in modern information systems (e.g., SCADA systems, etc.). The aim of the contestants was to detect vulnerabilities, fix them on their servers and exploit the vulnerabilities to obtain sensitive information from the competitor teams.

According to the results of the contest, the PPP team (Pittsburgh, USA) won by a wide margin and was awarded with 5 thousand dollars. One of the PPP members said, "It's not our first experience of participating in a CTF contest, but in the PHD CTF it was the first time when we were not only to attack other teams' resources, but also to protect our own resources. We will be glad to take part in the contest the next year." Second and third places were taken by Russian teams Leet More (Saint Petersburg) and HackerDom (Yekaterinburg).

Boris Simis, Business Development Director at Positive Technologies, noted, "The PHD CTF is the first contest of such scale, conducted in Russia. Whereas in USA, Canada and Europe similar contests have been held for a very long time. It is connected with the fact that the first place was taken by the team from the USA, the country where information security issues are taken very seriously. We are sure that it was interesting for Russian participants of the PHD CTF to contend with foreign teams, and we are happy to welcome everybody the next year."

Contest Program

Hacking Safari

The forum included specific hacking contests. Thus, in the laptop hacking contest, specialists were able to detect a so called zero-day vulnerability (a vulnerability which was not known before) and exploited it to demonstrate that the latest version of the Safari web browser for Windows can be hacked. The contest was won by the CISSRT information security specialists.

Hacking iPad

In the analogous contest the participants formally failed to hack an iPad, because the program for exploiting a software vulnerability (the exploit) written by them did not work stably. Nevertheless, the CISSRT specialists proved the existence of the vulnerability in the mobile version of Safari during the qualification round of the contest, and the failure during the contest itself was due to the difficulties with the exploit only.

To Drunk to Hack

The "Too Drunk to Hack" contest was conducted at the end of the contest program. The participants of the contest were offered to hack a copy of the forum website www.phdays.com. In case of a mistake, a contestant was to drink 50 grams of tequila. Russian and foreign guests of the forum of the full legal age took part in the contest. Vladimir Vorontsov, information security expert at onsec.ru became the winner. After six mistakes he managed to find all the required vulnerabilities.

Fox Hunting

In this contest the contestants were to find a wireless access point, which was constantly moving around the place during the whole day. It is remarkable, that one of the contest winners was a young lady.

To Hack in 900 Seconds

The participants were to successively hack network equipment (switches) in 6 stages. The contestants actively used the hints, provided by Alexey Lukatsky, the representative of Cisco Systems. The winner of the contest is a participant with an ambiguous nickname "003".

The organizer of the contests program and Positive Technologies expert Dmitry Evteev commented, "The specialists that took part in the contests were very good, they coped with many challenging problems. It should be noted, that some tasks were too difficult for the participants, but it was rather due to general tiredness, accumulated during the day of informative program of the forum. Generally, I'm glad that the level of training of Russian specialists is no worse than the level of the foreigners."

Business Program

Leading specialists of Russian IT market from Kaspersky Lab, Cisco Systems, RISSPA, Federal Service for Technical and Export Control, Rostelecom, VimpelCom, etc. presented their reports at technical and business workshops.

The participants discussed such topics as cybercrimes and cyberwars, security of wireless networks and remote banking systems, DDoS, WIkiLeaks and sensitive information disclosure, the Information Society program. Technical specialists took part in master classes of various levels conducted by distinguished experts in vulnerability detection and security analysis of various information systems.