Contests
Onsite contests |
Online contests |
$natch |
$natch
The competition allows the participants to check their knowledge and skills in exploiting typical vulnerabilities in online banking system web services. The competition tasks will include actual vulnerabilities of Internet banking applications detected by Positive Technologies specialists while analyzing security of such systems.
- Rules
-
Rules
The contest is held in two stages. At first, the participants are provided with copies of virtual machines containing vulnerable web services of an online banking system (an analogue of an actual Internet banking system). The participants should detect vulnerabilities in the system within a specified period of time. In the second stage the participants are to exploit the vulnerabilities for unauthorized money withdrawal within a limited time.
- Participation Terms
-
Participation Terms
Any attendee is welcome to participate in the competition. The visitors can register at the information desk (in the lobby of the second floor). The number of participants is limited.
- Technical Details
-
Technical Details
You will need a laptop to participate in the competition.
- Winners
-
Winners
1st prize – More Smoked Leet Chicken
2nd prize – Stas Povolotsky
3rd prize – RDot
-
2drunk2hack
The competition enables the participants to try their skills in hacking a web application which is protected by a Web Application Firewall and demonstrate the ability to think straight in any situation.
- Rules
-
Rules
The goal is to hack a web application protected by a Web Application Firewall (WAF). The web application contains a limited number of vulnerabilities, consecutive exploitation of which allows OS commands execution.
The competition takes 30 minutes. Every 5 minutes the competitors on whose actions WAF reacted more often can drink a 50 g shot of a strong drink and proceed with the competition.
The winner is the first who manages to capture the principal game flag on the stage of executing OS commands on the server. If the principal flag is not captured, the winner is the participant with the largest number of flags captured on other stages of vulnerabilities exploitation.
- Participation Terms
-
Participation Terms
Any attendee who has reached the age of 18 is welcome to participate in the competition. The participants can register at the information desk in the lobby of the second floor. The number of competitors is limited.
- Technical Details
-
Technical Details
Please bring your own software and hardware that you require for participation. Connection to the game network segment will be provided.
- Winners
-
Winners
1st prize – Artsploit
2nd prize – Saplt
3rd prize – Zensec
-
Hash Runner
Hash runner challenges the competitors’ knowledge of cryptographic hash algorithms and skills of cracking password hash functions.
- Rules
-
Rules
The competitors will be provided with a list of hash functions generated according to various algorithms (MD5, SHA-1, BlowFish, GOST3411, etc.). Points for each decrypted password are scored according to the algorithm’s level of difficulty. To become a winner, a competitor should gain the most points in a limited period of time, leaving the rivals behind.
- Participation Terms
-
Participation Terms
Any Internet user can participate in the competition. You can register via the website phdays.com (the registration opens one week before the forum begins). The competition will be held through the forum days.
- Technical Details
-
Technical Details
Please prepare your own software and hardware for participation in the competition. You will also need Internet connection to participate.
- Winners
-
Winners
1st prize – Hashcat
2nd prize – Alexey Cherepanov
Alexander “ch3root” Cherepanov
Sergey “Nugget” Zabolotsky
Ilya Sokolov
(john-users)
3rd prize – insidePRO -
2600
This competition challenges the participants’ knowledge and skills in old school phreaking. The contestants will try to use soviet coin-operated telephone to call a predefined number.
- Rules
-
Rules
The participants will be asked to first call a predefined number from an authentic soviet telephone using tokens as the means of payment and then extract the used token and give it back to the jury. The winner will be selected basing on how fancy the used extraction technique was. The competition results will be announced on the second day of the forum.
- Participation Terms
-
Participation Terms
Any attendee is welcome to participate in the competition. The contest will last through the forum days.
- Technical Details
-
Technical Details
The competitors must not perform any actions that may damage the competition telephone.
-
HackQuiz
Participants of this smart quiz have a chance to demonstrate their expertise in practical security. Those PHDays guests who keep track of hacker news, are strong at vulnerabilities and hacking techniques, know how famous hackers look like, and answer questions quicker than anybody else are very likely to win.
- Rules
-
Rules
It's all like in classical quiz shows: 5 topics, each of them having 5 questions of a different value. Teams are given 30 seconds to answer a question. Each correct answer allows the team to choose the next question. The team with the higher scores wins.
- Participation Terms
-
Participation Terms
Participants of the Positive Hack Days forum as well as visitors of PHDays Everywhere venues are welcome to take the quiz. For remote participation, please register your team beforehand and test your teleconference connection by sending an email to phd@ptsecurity.com.
- Prizes
-
Prizes
The winners will get a series of books on information security by Ryan Russel and keepsakes from the organizers.
- Technical Details
-
Technical Details
PHDays Everywhere venues' remote participants will need to join the teleconference (requires communication channel capacity up to 1 Mbps), as well as to have speakers, a mike, and a webcam.
- Winners
-
Winners
1st prize – Bushwhackers (Moscow, Russia)
2nd prize – Joker (Kharkiv, Ukraine)
3rd prize – Foxxland (Novosibirsk, Russia)
-
WAF Bypass
In this contest the aim is to bypass Positive Technologies Application Firewall, which protects an application with specially planted multiple vulnerabilities. The contest participants will be provided with the application's source code and a vulnerabilities report generated by Application Inspector – another new product of Positive Technologies. With the source code provided, the participants will be able to verify the existence of the detected vulnerabilities and try to find other ones.
The contest will be held throughout the forum and everyone is welcome to participate. To receive the prize the winner should provide his or her contact information (name, phone number, e-mail) and personally be present at the forum.
- Rules
-
Rules
The participants will be offered to attack (or demonstrate the attack possibility) for the purpose of gaining data from a DBMS and file system. There are several vulnerable web applications in the contest. All attacks exploiting any SQL injection vector, inclusive of gaining file system access, OS commanding, brute force and binary search attacks are counted. Attacks exploiting other vulnerabilities (e. g. buffer overflow in the web server or DBMS server) are not counted. The winner is the first who obtains access to all specially crafted data (flags). There are three flags in the competition. If several competitors implement different techniques of exploiting the same vulnerability, the winner is the person whose attack allows obtaining the same DBMS data set using the least number of queries to the server.
- Participation Terms
-
Participation Terms
Any PHDays III is welcome to compete for prizes. The competition will last throughout the forum. To receive the prize, the winner should provide his or her contact information (name, phone number, postal address) or be present at the award ceremony in person.
- Technical Details
-
Technical Details
The contestants get an archive with the source code of the web application with multiple vulnerabilities planted in it. A vulnerability scanning report by Application Inspector will also be provided. A WAF bypass is scored when a participant manages to gain one of the flags. Attack vectors will also be taken into account by the jury. The winner is the participant with the highest number of flags obtained.
- Winners
-
Winners
1st prize – Andrey Petukhov
George Noseevich
Alexander Razdobarov
(Bushwhackers)
2nd prize – Mikhail Stepankin
3rd prize – Eldar Zaitov
(More Smoked Leet Chiken)
-
Competitive Intelligence
The competition will enable participants of the forum to discover how quickly and accurately they can find useful information on the Internet.
- Rules
-
Rules
The competition web page will contain questions concerning a certain organization, information about which can be found online. The task of the competition participants is to find as many correct answers to the questions as possible in the shortest time. The results will be announced at the end of the second day of the forum.
- Participation Terms
-
Participation Terms
Any Internet user is welcome to take part in the competition. Team-playing is allowed. You can register via the website phdays.com. The competition will begin at 9.00 AM 26.05.2015 and will last through the forum days. Competition page: phdays.com/ci2015/
- Technical Details
-
Technical Details
Plase prepare your own hardware and software for participation in the competition. You will also need Internet connection.
- Winners
-
Winners
1 место
djecka
2 место
sharsil
3 место
MZC
-
Leave ATM Alone
The competition challenges the participants' skills in exploiting ATM vulnerabilities. The software for the tasks is specially developed for PHDays V and contains the most common vulnerabilities of such systems seen in wild life.
- Rules
-
Rules
The competition consists of two rounds. In the first round the participants will have a chance to find and exploit vulnerabilities in a system deployed on an ATM. Those who achieve the best results in the first round become finalists, and in the second round will face similar challenges but with a stricter time limit.
- Participation Terms
-
Participation Terms
Any attendee of the forum can take part in the competition. You can register in the competition zone. The number of participants is limited.
- Technical Details
-
Technical Details
Please bring your own ... brains :)
- Winners
-
Winners
1st prize – Andrew Gein (HackerDom)
2nd prize – (More Smoked Leet Chicken)
3rd prize – Anton Nurgatin
Ilya Matkin
(ReallyNonamesFor)
-
PHDays Сybersecurity Project Competition
The winner will be awarded with 1,500,000 rubles by Almaz Capital.
What: Almaz Capital is seeking startup projects in the cybersecurity space and all things related. Key requirement: projects should have the ambition to become globally competitive.
Where: Positive Hack Days
Who: We invite any group of developers and engineers. You do not have to have set up a company yet, but you must have established your team.
When: May 27, 2015
- Rules
-
Rules
How: Project Stage - there should at least be a prototype of your solution/service/product, i.e. something that can be tried out by users. Later stage companies with real users and revenues are even more welcome.
Selection: A panel of judges from leading venture capital firms and security companies will select the winner during live pitch sessions at the Positive Hack Days Conference. Almaz Capital will be represented by General Partner Geoffrey Baehr, former CTO for networking at Sun Microsystems and a seasoned VC, and by Managing Partner Sasha Galitsky, who has built five software companies.
Stay Tuned: We will announce the names of confirmed judges soon. Check back out for information updates. - Participation Terms
-
Participation Terms
How to apply: Please submit your presentation or project description to hack@almazcapital.com
If you would like advice on your presentation and pitch preparation, please submit your presentation/project description by May 15, 2015. - Prizes
-
Prizes
The winning team will be awarded seed funding from Almaz Capital to pursue their project further and gain access to various well-regarded VC firms in Silicon Valley.
The winner will be awarded with 1,500,000 rubles by Almaz Capital. -
Advantech against cyber geniuses
Competitors will have the opportunity to gain access to modern equipment for industrial automation and gain complete control over it, thus make a shot from a rocket launcher on a secret facility.
- Rules
-
Rules
The challenge for visitors: disable operating software to gain control of a rocket launcher, to rotate the protected object, and hit the target. We remind you, your task is not to damage the unit, but force him to perform desired actions.
- Participation Terms
-
Participation Terms
Take part in the competition can any forum guest. If you managed to complete the task, please go to the employee of the company Advantech, leave your coordinates and explain methods of achieving results.
- Technical Details
-
Technical Details
To enter the contest, you should have a laptop or tablet PC.
- Winners
-
Winners
1st prize – Artur Grigoriev
2nd prize – Petr Ivanov
3rd prize – Alexander Yarov
-
Download the full program in PDF
Levels
The Labyrinth
The Labyrinth at Positive Hack Days is a real hacking attraction. During only one hour the participants of the competition are to get over the laser field and motion detectors, open secret doors, clear the room of bugs, combat with artificial intelligence, and render a bomb harmless. To get through the Labyrinth, you will need some skills in dumpster diving, lock picking, application vulnerabilities detection, social engineering, and of course there is no way without mother wit and physical fitness.
How to Get Into the Labyrinth?
To pass the Labyrinth, create a team of three persons and register in the contest zone. You will be offered some vacant time slots. Please note that passing the Labyrinth may take more than an hour, so avoid planning anything else for this time.
- Rules
-
Rules
"The judge is always right." If while you are breaking through the perimeter the judge requires going back to the starting point, you must fulfill this requirement. Even if you don't hear the horrid sound of the security alarm.
"Sobriety is the norm of life." Do not mix up Labyrinth and Too Drunk to Hack — in order not to loose your way, keep your mind clear.
"Breaking? No, making!" Please avoid any destructive actions against the Labyrinth infrastructure. If you think that it is impossible to pass a room without applying a Bolt Cutter™, please consult the judge.
"Time is short." If you manage to pass the room quicker than it was planned according to the schedule (9 minutes are allocated for each room), you may use the rest of time to fulfill additional tasks. Accomplished all tasks? Impossible!
- Winners
-
Winners
1st place
Antichat
2st place
Shkolota
3st place
Extra Team
-