The First Day of PHDays Comes to an End

Positive Hack Days III, an international forum on practical information security, has started today, on May 23 in the WTC Moscow. Among the participants are IS experts, hackers, politicians and representatives of the Internet community from every corner of the world. During the reports, hands-on labs and various discussions, the forum’s attendees took a close look at practical security and discussed the perspectives of the industry.

Young specialists and IS

At the beginning of the forum the section “The Role of the Young of Today on the Information Security Market of Russia” was presented, the moderator was Alexey Lukatsky. Representatives from the Ministry of Communications and Mass Media, FSB Information Security Center, Security Council, Technologies and RuCTF, Ruslan Gattarov, a member of the Federation Council, and Vladimir Zirinovsky, the leader of LDPR and a member of the State Duma Committee on Security participated in the discussion.

The participants noted that the government realized the role of cyber security and is starting to respond to the threats. Therefore, the IS experts’ role becomes more and more significant.

Vladimir Zirinovsky told that his colleagues in legislation faced mainly the negative side of information security, attacks and hacking. The politician added that in spite the industry is quiet young, the government needs its support, that’s why the State Duma is ready to develop a legal base which will allow the experts to work without the fear of responsibility.

SCADA security

One of the most important problems discussed at the forum was the security of industry systems. The following works were presented: the report “Are ICS Models Needed to Ensure Information Security of Industrial Systems” by Ruslan Stefanov, the section “ICS Security — an Oxymoron or the Task of the Decade?” by Garald Bandurin (RusHydro) and the presentation by Positive Technologies “SCADA Strangelove: How to Build Your Owen Stuxnet” in which the team announced the release of the new utilities for checking ICS security.

Moreover, each participant of the forum could take a close look at industry systems security thanks to the Choo Choo Pwn contest. The goal was to obtain access to a model of a system which controls a railroad and cargo loading by exploiting vulnerable protocols or bypassing authentication of SCADA systems and industrial equipment web interfaces.

In the middle of the day, a related hands-on lab devoted to railroad ICS was delivered by Ilya Karpov, Alexander Timorin and Dmitry Efanov.

Leave ATM Alone

Leave ATM Alone, a hands-on lab on ATM’s software security, generated considerable excitement. It was performed twice by Olga Kochetova and Alexey Osipov in the contests area.

Labyrinth

The Labyrinth contest was also quite popular. The participants were to get over the laser field and motion detectors, open secret doors, clear the room of bugs, combat with artificial intelligence, and render a bomb harmless.

PHDays CTF: Levart D'Errorim

This is the third time the PHDays CTF contest is held. Ten teams from six countries are engaged in a fierce struggle: they are to attack the opponents’ systems and defend their ones. The contests are held within one legend: this time the rescue of D’Errorim is prepared for the contestants.

You can follow the struggle not only at the venue but also online via the the PHDays broadcasting and special mobile apps for iOS and Android.

Tomorrow on May 24 in addition to a great number of hands-on labs and reports, the forum’s participants will hear the report of a key speaker Marc “van Hauser” Heuse. The audience will also see numerous contests (held at the venue and online) and the PHDays CTF final. Follow the news!