Contests
Download the full program in PDF.
Videos of reports and hands-on-labs
(Russian and English).
Highlights |
Online |
Onsite | ||
|
Hack for invite! |
During forum |
For real hackers |
For everyone |
PHDays Online HackQuest 2012
|
2600
|
* - only for the PHDays Everywhere spots
PHDays Online HackQuest 2012
The PHDays 2012 program will include Online HackQuest, a competition for the Internet users that offers participants to try their hands at solving various information security tasks.
On the forum’s second day, Online HackQuest participants will have a chance to influence the results of PHDays CTF 2012, the on-site contest.
- Rules
-
Rules
For the competition, participants are provided with access to a VPN gateway. After connecting to it, the participants are to identify target systems and detect their vulnerabilities. If exploitation of a vulnerability is successful, the participant gains access to a key (a flag), which should be submitted to the jury via the form on the participant’s personal page. If the flag is valid, the participant gains the corresponding number of points.
All flags are in the MD5 format. The winner is the first participant to gain 100 points (which is the maximum possible amount). Participants who manage to gain more than 100 points are traditionally awarded with individual prizes :) - Participation Terms
-
Participation Terms
Any Internet user is welcome to participate in the competition. The registration will open on the PHDays 2012 web site after the forum begins. Moreover, the Online HackQuest will also be available for out-of-competition participation during 14 days after PHDays 2012.
- Prizes
-
Prizes
Positive Technologies (the PHDays organizers) and the sponsors of the forum provide prizes and gifts for the competition.
- Technical Details
-
Technical Details
The participation requires Internet connection and a possibility to establish connection to a VPN gateway via PPTP or IPSec.
-
Hack2own
This competition allows the participants to demonstrate their skills in security analysis and hacking mobile devices (e. g. Apple iOS, Android), popular Internet browsers, and operating systems (skills in exploiting kernel vulnerabilities in current OS versions). Detailed Rules of Hack2own competition.
- Rules
-
Rules
The participants of the competition should demonstrate their exploits (each participant gets three attempts to attack).
The competition is divided into three categories: exploitation of vulnerabilities in a browser, in mobile devices, and exploitation of kernel vulnerabilities. - Participation Terms
-
Participation Terms
The competition is held as part of PHDays 2012 and will last through the forum days. All the preregistered specialists can participate in the competition. Please send your applications to phdcontests@ptsecurity.com (the last day of registration is May 28, 2012). Specify the participant’s name, the competition category, provide a short exploit description and specify the target system and attack vector. Additionally, list all the software and hardware required to demonstrate the exploit at the forum. The organizers of the competition reserve the right to refuse a candidate in case he or she fails to prove his or her competence to handle the issues the competition is based on.
If a competitor cannot attend the forum in person, the organizers of the forum may demonstrate the exploit on behalf of the author by pervious agreement. (In case the competitor wins, the prize will be handed over after the forum.) - Prizes
-
Prizes
The winner in each category will be chosen by the organizers and will receive corresponding money prizes.
- Technical Details
-
Technical Details
The software versions used in the competition will be settled not less than two weeks before the beginning of the forum. The information will be published on the PHDays 2012 web site.
After every vulnerability exploitation attempt all the software will be restored to its original state.
The competitors should bring their own software and hardware needed for conducting the attack. Wireless or wired network connection will be provided.
-
$natch
The competition allows the participants to check their knowledge and skills in exploiting typical vulnerabilities in online banking system web services. The competition tasks will include actual vulnerabilities of Internet banking applications detected by Positive Technologies specialists while analyzing security of such systems.
- Rules
-
Rules
The contest is held in two stages. At first the participants are provided with copies of virtual machines containing vulnerable web services of an online banking system (an analogue of an actual Internet banking system). The participants should detect vulnerabilities in the system within a specified period of time. At the second stage the participants are to exploit these vulnerabilities for unauthorized money withdrawal within a limited time.
- Participation Terms
-
Participation Terms
Any attendee is welcome to participate in the competition. The visitors can register in the contest area. The number of participants is limited.
- Prizes
-
Prizes
Following the results of the contest each participant gets a monetary reward equaling to the amount of money stolen from the game Internet bank service.
- Technical Details
-
Technical Details
A notebook is needed to participate in the competition.
-
Too Drunk to Hack NG
The competition enables the participants to try their skills in hacking a web application which is protected by a Web Application Firewall and demonstrate the ability to think straight in any situation.
- Rules
-
Rules
The competitors should successfully hack a web application protected by a Web Application Firewall (WAF). The web application, in turn, contains a limited number of vulnerabilities, consecutive exploitation of which allows executing OS commands.
The whole competition takes 30 minutes. Every 5 minutes the competitors whose actions caused a more frequent WAF reaction are offered 50 g of a strong drink and proceed with the competition.
The winner is the first who manages to capture the principal game flag on the stage of executing OS commands on the server. If the principal flag is not captured the winner is the participant with the largest number of flags captured on other stages of exploiting the vulnerabilities. - Participation Terms
-
Participation Terms
Any attendee who has reached the age of 18 is welcome to participate in the competition. The participants can register in the contest area. The number of competitors is limited.
- Prizes
-
Prizes
Positive Technologies (the PHDays organizers) and the sponsors of the forum provide prizes and gifts for the competition.
- Technical Details
-
Technical Details
The participants should bring their own software and hardware required for the competition. Connection to the game network segment will be provided.
-
Hacked in 137 Second *only for the PHDays Everywhere spots
This competition enables the members of the hackspaces supporting PHDays 2012 forum online to demonstrate their skills in cracking Cisco IOS network devices.
- Rules
-
Rules
Within 3 hours the competition participants should gain unauthorized access to a specified Cisco network device consecutively increasing privileges up to the level 15. With every new level gained, the participant obtains a flag in MD5 format, which should be entered into a form on a specified interface. After 3 hours, during exactly 137 seconds the organizers will demonstrate every participant’s achievements in speeded-up mode and decide the winner. The winner is the person who obtains the highest level of privilege for the shortest time.
- Participation Terms
-
Participation Terms
Only the members of the hackspaces that support PHDays 2012 forum online are allowed to participate. The registration will be open during PHDays on the forum’s web site. The number of participants is limited.
- Prizes
-
Prizes
Prizes and gifts will be provided by the PHDays organizers, the Positive Technologies company, and by sponsors of the forum.
- Technical Details
-
Technical Details
Ability to connect to Internet and VPN gateway via PPTP and IPSec is necessary for participation.
-
Hash Runner
Hash runner challenges the competitors’ knowledge of cryptographic hash algorithms and skills of cracking password hash functions. Statistics
- Rules
-
Rules
The competitors will be provided with a list of hash functions generated according to various algorithms (MD5, SHA-1, BlowFish, GOST3411, etc.). Points for each decrypted password are scored according to the algorithm’s level of difficulty. To become a winner, a competitor should gain the most points in a limited period of time, leaving the rivals behind.
- Participation Terms
-
Participation Terms
Any Internet user can participate in the competition. Competitors can register during PHDays on the forum's website. The competition will be held as part of PHDays 2012 and will last through the forum days.
- Prizes
-
Prizes
Prizes and gifts will be provided by the PHDays organizers, the Positive Technologies company, and the forum sponsors. The first prize is the AMD Radeon HD 7970 graphics card.
- Technical Details
-
Technical Details
The competitors are to use their own software and hardware. Internet connection will also be needed to participate in the competition.
-
WAF Bypass
This competition is for enthusiasts and experts engaged in web application security. The competitors are to attack vulnerable web applications protected by Web Application Firewall using SQL Injection technique. The applications function in connection with DBMSes of various vendors.
- Rules
-
Rules
Participants will be offered to attack (or demonstrate the attack possibility) for the purpose of gaining data from a DBMS. There are four vulnerable web applications employed in the contest, each of them uses its own DBMS type. All attacks exploiting any SQL injection vector, inclusive of gaining file system access, OS commanding, brute force and binary search attacks are counted. Attacks exploiting other vulnerabilities (e. g. buffer overflow in the web server or DBMS server) are not counted. The winner is the first who implements an SQL injection exploitation technique in one of the web applications. If several competitors implement different exploitation techniques the winner is the person whose attack allows obtaining the same DBMS data set using the least number of queries to the server.
- Participation Terms
-
Participation Terms
Any Internet user is welcome to participate in the competition. Participants can register on the PHDays 2012 web site after the forum begins. The competition will last through the forum days.
- Prizes
-
Prizes
The winner will be awarded Apple iPad 3. The best ten competitors will receive prizes and gifts from Positive Technologies (the PHDays organizers) and from the forum sponsors.
- Technical Details
-
Technical Details
The participants should bring their own software and hardware required for the competition.
-
WikiLeaks
The competition will enable participants of the forum to find out how quickly and accurately they can find hidden information on the Internet.
- Rules
-
Rules
The competition web page will contain questions about certain organization, information about which can be found online. The task of the competition participants is to find as many correct answers to the questions as possible in the shortest time. Results will be announced at the end of the second day of the PHDays 2012 forum.
- Participation Terms
-
Participation Terms
Any Internet user is allowed to take part in the competition. Registration will take place on the PHDays 2012 site after the forum has begun. The competition will last through the forum days.
- Prizes
-
Prizes
Prizes and gifts will be provided by the PHDays organizers, the Positive Technologies company, and by sponsors of the forum.
- Technical Details
-
Technical Details
Each participant chooses for themselves what hardware and software they require to use. An Internet connection is also necessary.
-
Best Reverser
This competition enables the participants to try their skills in reverse engineering of executable files for MS Windows platform. The participants should capture hidden flags (code phrases) in a specially prepared program. This program contains three flags exactly. The access to every subsequent flag becomes possible only after capturing the preceding flag.
- Rules
-
Rules
Every participant gets a program specially crafted for analysis. There are no limitations on techniques or software used for capturing the flags (except for the applicable laws of the Russian Federation). The winner is the first who gets all three flags and provides a short description of how to get them. The participants who deal with the competition tasks later than the winner or get less than three flags take the second and third places by the jury’s decision.
- Participation Terms
-
Participation Terms
Any Internet user is welcome to participate in the competition. The registration will open on the PHDays 2012 web site after the forum begins. The competition will last through the forum days.
- Prizes
-
Prizes
The 1st prize is the new iPad (Wi-Fi + 4G), the 2nd prize is Amazon Kindle Fire (2 items for 2 prizewinners), the 3rd prize is Amazon Kindle Touch (3 items).
- Technical Details
-
Technical Details
The participants should bring their own software and hardware required for the competition.
-
Fox Hunting NG
Participants can demonstrate their skills in the field of wireless networks security assessment and PCI DSS Wireless Guideline compliance using various software and hardware.
- Rules
-
Rules
The participants should detect 802.11 a/b/g/n wireless access point with a pre-defined ESSID or crack the WPA-PSK encrypted password used for access to the wireless network. The access point location will change with time.
To become a winner a participant must accomplish at least one of the tasks:
• to become the first who detects the exact coordinates of the current wireless access point location and to inform the organizers about it;
• to become the first who cracks the password of the access point and to inform the organizers about it.
- Participation Terms
-
Participation Terms
Any attendee is welcome to participate. The participants can register in the contest area. The competition will last through the forum days.
- Prizes
-
Prizes
Positive Technologies (the PHDays organizers) and the sponsors of the forum provide prizes and gifts for the competition.
- Technical Details
-
Technical Details
The participants should bring their own software and hardware required for the competition.
-
Hack the RFID
This competition allows the participants to try their knowledge and skills in Radio Frequency Identification (RFID) systems.
- Rules
-
Rules
The participants will be provided with two stationary boxes under locks controlled by RFID readers. The corresponding RFID tags will be attached at a distance from the readers so that it is impossible to unlock the boxes directly with these tags. The participants will be invited to open one or both boxes and take the prizes from within.
The participants will be invited to open one or both boxes and take the prizes from within.
To determine the competition winner, organizers will estimate the originality of applied methods and the number of opened boxes.
At the end of the second forum day, the final RFID tag (125 KHz) cloning competition will be conducted. The participants will be challenged to copy a low-frequency RFID tag and open the corresponding locked box. Here, it will be the distance between the contestant and the tag in the moment of cloning that will be of the decisive importance. The winner will be the one who manages to clone the tag from the maximal distance. - Participation Terms
-
Participation Terms
Any forum visitor is welcome to participate in the competition. Those willing to try their hand should register in the contest area. The competition will be held as part of PHDays 2012 and last through the forum days.
- Prizes
-
Prizes
Positive Technologies (the PHDays organizers) and the sponsors of the forum provide prizes and gifts for the competition.
- Technical Details
-
Technical Details
Both low-frequency (125 KHz) and high-frequency (13.56 MHz) RFID reader will be used in the competition.
The participants are not allowed:
• to perform any actions aimed at disabling the locks controlled by RFID readers;
• to attempt destroying the boxes;
• to prevent other competitors from solving the task.
The participants use their own software and hardware.
-
2600
This competition challenges participants to demonstrate their knowledge, skill and ability in the field of communications hardware. The contestants will be using soviet coin-operated telephone to call a predefined number.
- Rules
-
Rules
The participants will be asked to first call a predefined number from an authentic soviet telephone using tokens as the means of payment and then extract the used token and give it back to the jury. The winner will be selected basing on how fancy the used extraction method was. The contest results will be announced on the second day of the forum.
- Participation Terms
-
Participation Terms
Any attendee is welcome to participate in the competition. The visitors can register in the contest area. The competition will last through the forum days.
- Prizes
-
Prizes
Positive Technologies (the PHDays organizers) and the sponsors of the forum provide prizes and gifts for the competition.
- Technical Details
-
Technical Details
Competitors are prohibited from performing any actions that may damage the competition telephone!
-
Don’t Copy That Floppy
The competition will help participants to feel the spirit of the 80s and 90s, when programmers could not have imagined their lives without a pile of punched cards or floppies recorded over and over for hundreds of times.
- Rules
-
Rules
The participant will have to find information media (floppy disks of various types) hidden by the organizers. Moreover, they will have to find a way to read the data stored on the floppies. The floppies can be anywhere: on a wall or behind a column, under a table or on a chair back, or just lying somewhere on the floor in the corner.
The collected media and the read information (in any form that allows identifying the stored data) must be submitted to the organizers in the contest area. A participant who will manage to find and read the largest number of floppies wins. The winner will be decided on the second day of the forum. - Participation Terms
-
Participation Terms
Any attendee is welcome to participate in the competition. There is no pre-registration. The competition will take place as part of the PHDays 2012 program and last through the forum days.
- Prizes
-
Prizes
Positive Technologies (the PHDays organizers) and the sponsors of the forum provide prizes and gifts for the competition.
- Technical Details
-
Technical Details
The participants are to use their own software and hardware tools. The organizers provide reading devices at extra charge :)
-
Big Shot
This competition allows participants to test their social engineering skills in practice.
- Rules
-
Rules
A participant is given a photo of a person and a number of statements that characterize this person. The photo is taken in a way that prevents unambiguous identification. The person is one of the attendees of the forum. The participant’s goal is to identify the person and make certain actions according to the task, for example, to get the person's business card or to take a photo of the both from a specified angle. The winner is a participant who will cope with the largest number of tasks for the shortest period of time. The results will be summed up on the second day of the forum.
- Participation Terms
-
Participation Terms
Any attendee can take part in the competition. The registration will be open in the contest area. The competition will last through the forum days.
- Prizes
-
Prizes
Prizes and gifts will be provided by the PHDays organizers, the Positive Technologies company, and the forum sponsors.
- Technical Details
-
Technical Details
The participation requires such qualities as determination, excellent social skills and charisma. Neuro-linguistic programming skills at level 137 are an advantage :)
-
Hack-T-Shirts
The competition enables the participants of PHDays 2012 to show their individuality and creativity, and add visual appeal to the event.
- Rules
-
Rules
Every forum attendee has an opportunity to stand out of competitors and colleagues putting on his or her own ‘hack-t-shirt’ which he or she considers the most interesting or funny, stylish or amusing. Special agents on the part of the PHDays organizers will take photos of all participants wishing to partake in this competition. The winner will be declared on the second forum day.
- Participation Terms
-
Participation Terms
Any attendee is welcome to participate in the competition. There is no pre-registration. The competition will last through the forum days.
- Prizes
-
Prizes
Positive Technologies (the PHDays organizers) and the sponsors of the forum provide prizes and gifts for the competition.
- Technical Details
-
Technical Details
To participate, the competitors should purchase, put on, and embellish (if necessary) their own T-shirts :)
-
Blow Up the Town
Starting almost a month before PHDays 2012, this competition offers a chance to win extra invitations to the forum. Blow Up the Town will both help the participants warm up their brains before PHDays 2012 and provide them with an opportunity to see some most attractive places of Moscow by means of an interactive map.
- Rules
-
Rules
The participants are offered to accomplish various tasks and gain special keys (flags) in return; these keys are to be submitted to the jury via a form on the participants’ personal pages. If the flag is valid, the participant gains the corresponding number of points. The tasks are divided into several categories: Web (detecting and exploiting web applications vulnerabilities), Crypto (decrypting a text or hacking hash functions), Reverse (using application reverse engineering), and Social Engineering (demonstrating manipulative skills). New tasks will be given every day.
- Participation Terms
-
Participation Terms
Any Internet user is welcome to participate. The registration will be open on the website of the event once the competition starts. The competition will last from May 7 to May 25, 2012 inclusive.
- Prizes
-
Prizes
The winners will be awarded invitations to Positive Hack Days 2012: 1st prize — 5 invitations, 2nd prize — 3 invitations, and 3rd prize — 2 invitations. Also, there will be special prizes and gifts from Positive Technologies (the PHDays organizers) and from the forum sponsors.
- Technical Details
-
Technical Details
The required software and hardware is to be selected and used by participants on their own. Internet connection is also necessary.
-
Hackers vs. Forensics
The participants will have a chance to try their hands either at investigating incidents and detecting malware (as ‘forensic experts’) or at conducting sophisticated attacks (as ‘hackers’). The competition will reveal the strongest.
- Rules
-
Rules
‘Hackers’ implant a Trojan into the image of an operating system. The task of the Trojan is to hide, defend itself, and by all means provide the ‘hackers’ with Internet access to the virtual machine. The images will be located on the resources of the organizers.
‘Forensic experts’ will have to examine the system for backdoors implanted by ‘hackers’ and fix the flaws.
The rules for ‘Forensic experts’ are the following:
• detect and specify the key vitality mechanisms of the Trojan (auto run, self-defense, hiding);
• examine and provide any data related to the Trojan’s primary functionality (i. e. how it interacts with its master, what data can be transferred, etc.).
To win, a ‘forensic expert’ should provide:
• a correct fixing solution for the Trojan;
• the most detailed description of the primary functionality of the Trojan;
• with all other conditions equal, completeness of the provided solution and freshness of the proposed approach.
As for ‘hackers’, a participant will win if:
• there is no adequate fixing solution from ‘forensic experts’;
• with all other conditions equal, innovative technologies are used.
- Participation Terms
-
Participation Terms
Those willing to participate as ‘hackers’ must from May 7 to May 15, 2012 provide the organizers with an image of a virtual machine under any operating system compatible with the x86 architecture with an implanted Trojan.
Any Internet user can participate as a ‘forensic expert’. The registration will be open on the PHDays 2012 website once the competition starts. The competition will last from May 7 to May 25, 2012 inclusive. - Prizes
-
Prizes
The winners will be awarded invitations to Positive Hack Days 2012: 1st prize — 5 invitations, 2nd prize — 3 invitations, and 3rd prize — 2 invitations. Also, there will be special prizes and gifts from Positive Technologies (the PHDays organizers) and from the forum sponsors.
- Technical Details
-
Technical Details
The participants should bring their own software and hardware required for the competition. Internet connection is needed for participation.
-