$natch at PHDays — E-banking System to Be Hacked is Available for Download

Do you want to try what it’s like to be a hacker stealing money from bank accounts? Take part in the $natch contest at Positive Hack Days IV!

You will test your knowledge and skills in exploiting common vulnerabilities of remote banking web services. The task is based on the vulnerabilities that Positive Technologies' experts commonly find during real-life remote banking pentests.

The contest consists of two rounds. First, you need to get familiar with the system — download the virtual machine copy at http://www.phdays.ru/download/ibank3.ova (root:phdays) or an archive with source code at http://www.phdays.ru/download/ibank_source.zip. You need to detect vulnerabilities the system includes before the contest starts. Then (during the second day of PHDays) you should exploit the vulnerabilities you discovered to withdraw funds.

The winner receives the “stolen” money as a prize!