RU | EN

PARTNERS AND SPONSORS 2011

 

 

 

 

PHD 2011 Contests

PHD 2011 Contests PHD 2011 Contests PHD 2011 Contests PHD 2011 Contests PHD 2011 Contests
Contests list

CTF Freestyler
1st place - Andrey1800
2nd place - Nucro
3rd place - CTF Freestyler 25

Safecracker
1st place - Gleb Shipilev
2nd place - Vitaly Glinsky
3rd place - Kirill Tyurin

Too drunk to hack
1st place - Vladimir Vorontsov

iPhone hack 2 own
No winners

Notebook hack 2 own
Winner - Nikita Tarakanov

Hacked in 900 seconds
1st place - 003
2nd place - Art
3rd place - Kost

Best Reverser
1st place - Dmitry Sklyarov
2nd place - Alexander Gavrilenko
3rd place -Maksim Grigoriev, Alexander Butenko

Fox Hunting NG
1st place - Ekaterina Bessonova, Ruslan Sabitov
2nd place - Konstantin Chigirev
3rd place - Kirill Tyurin

The significant part of Positive Hack Days Forum is practical security contests that are open for all visitors of the Forum. Winners and participants receive prizes and gifts from PHD sponsors. So here they are!

 

CTF Freestyler

The contest is held as a part of PHD CTF 2011 but common rules adapted for individual participants. Every participant can demonstrate the abilities in security assessment, exploitation of vulnerabilities, reverse engineering and just hacking.

Rules

Participants are free to choose methods to perform the task. You should use one or more vulnerabilities in real productive systems to capture a flag. The winner is the first who captures the greatest number of flags in the Contests zone.

Conditions

Any Positive Hack Days participant is allowed to take part in the contest.

Rewards

All winners receive prizes and gifts from the PHD sponsors and Positive Technologies.

Technical details

Participants should choose and bring all necessary software and hardware (notebook, etc.) along. Every participant is provided by a network connection to Contests segment.

Participants are allowed:

to attack servers in the Contests zone to get flags (flag capture);

to use instruments that do not violate the Russian legislation to find vulnerabilities on the servers;

to access the contest data located and handled on the servers.

Participants are prohibited:

to attack other participants' computers;

to generate too much traffic (flood, DoS);

to destructively attack servers (for example, rm -rf /);

to delete flags from servers;

to do any illegal actions to Internet resources.

Safecracker

Every participant can demonstrate the abilities in non-destructive forcing locks.

Rules

The contest is held during the whole PHD. Every participant has one attempt limited by time to force the greatest number of locks. Every participant is provided with a working place and a set of locks of different types. It is prohibited to use destructive methods: the lock functions should not be violated, or your actions should be reversible without parts replacements. You should show the opened locks to the jury.

Conditions

Any Positive Hack Days participant is allowed to take part in the contest. Follow to the Contests zone to register.

Rewards

The winners are the first three participants that force the greatest number of locks during the shortest period of time. All winners receive prizes and gifts from the PHD sponsors and Positive Technologies.

Technical details

Participants are provided with basic instruments only, so do not forget to bring all necessary devices.

Too drunk to hack

Every participant can demonstrate the abilities in web application security analysis and Web Application Firewall protection assessment.

Rules

You should successfully attack a web application protected by Web Application Firewall (WAF). The web application includes a limited number of vulnerabilities. If you exploit them consecutively, you can run OS commands. All Web Application Firewall responses are recorded, and every 4 minutes the participants that evoke the greatest number of responses, should drink 50 grams of strong drinks to continue. The contest lasts 20 minutes. The winner is the first who get the main flag running commands on the server. If nobody is able to get the main flag, the winner is the participant who capture the greatest number of flags during other stage of vulnerability exploitation.

Conditions

Any Positive Hack Days participant is allowed to take part in the contest. Please, follow to the Contests zone to register.

Rewards

All winners receive prizes and gifts from the PHD sponsors and Positive Technologies.

Technical details

Participants should choose and bring all necessary software and hardware (notebook, etc.) along. Every participant is provided by a network connection to Contests segment.

iPhone hack 2 own

Every participant can demonstrate the abilities in security analysis of mobile devices based on Apple iOS and Android.

Rules

You can attack one browser in every stage; the jury follow the given link. You can use only one attack vector in every stage. You have three possibilities to attack any contest device. You can use only one attack attempt via one attack vector on every stage. The winner is the first on the first stage; the runner-up is the winner on the second stage, and the third place ranks the winner on the third stage. You should run application on the attacked device via remote attack to become the winner. The jury reserve the right to reduce participant rating because of used vulnerability and exploitation conditions (user assistance, limitations to attack progress, other conditions that influence risk level according to CVSS).

Conditions

Please, register beforehand to take part in the contest. Please send your applications to . The registration ends on May 16th, 2011. Please, include the following data: participant name, attacked device type, attack vector. The jury may refuse the permission to participate if the participant does not confirm the expert level of knowledge.

Rewards:

the winner: Sony Ericson Xperia arc (more details follow) and 100 000 rubles;

runner-up: iPhone 4G or iPad and 75,000 rubles;

the third place: iPhone 3Gs and 50,000 rubles.

The contest participants can attend Positive Hack Day Forum events free of charge.

All participants receive prizes and gifts from the PHD sponsors and Positive Technologies.

Devices:

Sony Ericson Xperia arc (more details follow);

iPhone 4G;

iPad;

iPhone 3Gs.

Technical details

Used software versions are announced at least 2 week before the contest and are published in PHD Forum web site: http://www.phdays.ru. Default "packaged" configuration is used for the devices except network settings. Device is rebooted and restored after every attack attempt.

Default attack vector is the use of specially crafted web site via default device browser. If you want to use other attack vectors (SMS/MMS, browsing e-mail, etc.), please describe it in your application.

Participants should choose and bring all necessary software and hardware (notebook, etc.) along. Every participant is provided by a wired or wireless network connection to the device.

Notebook hack 2 own

Every participant can demonstrate the abilities in cracking the most common Internet browsers.

Rules

Every participant has three possibilities to attack the last version of the following Internet browsers.

First and second stage:

Microsoft Internet Explorer 9;

Google Chrome 10;

Mozilla Firefox 4;

Opera 11;

Apple Safari 5 for Windows.

Third stage:

Microsoft Internet Explorer 8;

Mozilla Firefox 3;

Microsoft Internet Explorer 9;

Google Chrome 10;

Mozilla Firefox 4;

Opera 11;

Apple Safari 5 for Windows.

You can attack one browser in every stage; the jury follow the given link. You can use only one attack vector in every stage. The winner is the first on the first stage; the runner-up is the winner on the second stage, and the third place ranks the winner on the third stage. You should run application on the attacked operating system via remote attack to become the winner. The jury reserve the right to reduce participant rating because of used vulnerability and exploitation conditions (user assistance, limitations to attack progress, other conditions that influence risk level according to CVSS).

The following platforms are used:

First stage: Windows 7 Service Pack 1 (x86);

Second stage: Windows 7 Service Pack 1 (x86) and Windows XP SP3 (x86);

Third stage: Windows 7 Service Pack 1 (x86) and Windows XP SP3 (x86).

Conditions

Please, register beforehand to take part in the contest. Please send your applications to . The registration ends on May 16th, 2011. Please, include the following data: participant name, attacked browser, attack vector. The jury may refuse the permission to participate if the participant does not confirm the expert level of knowledge.

Rewards

The winner of the first round will be awarded with a notebook and 50 thousand rubles.

The winner of the second round will be given a notebook and 50 thousand rubles.

The winner of the third round will receive a notebook.

The contest participants can attend Positive Hack Day Forum events free of charge.

All participants receive prizes and gifts from the PHD sponsors and Positive Technologies.

Technical details

Used system and application versions are announced at least 2 week before the contest and are published in PHD Forum web site: http://www.phdays.ru. Operating system is restored after every attack attempt. Participants should choose and bring all necessary software and hardware (notebook, etc.) along. Every participant is provided by a wired or wireless network connection to the Contests segment.

Hacked in 900 seconds

Every participant can demonstrate the abilities in assessment of network infrastructure protection in extreme conditions.

Rules

The participants should consecutively hijack network devices using typical administration and network security management errors. The contest takes part during 15 minutes. The winner is the first who access the most distant network device with the highest privileges.

Conditions

Any Positive Hack Days participant is allowed to take part in the contest. Follow to Contests zone to register.

Rewards

All winners receive prizes and gifts from the PHD sponsors and Positive Technologies.

Technical details

Participants should choose and bring all necessary software and hardware (notebook, etc.) along. Every participant is provided by a network connection to the Contests segment.

Best Reverser

Every participant can demonstrate the abilities in reverse analysis of executable files for MS Windows platform. You should get flags that are hided as code phrases in specially crafted program. The program includes four flags exactly. You should get the previous flag to access the next one.

Rules

Every participant analyses a specially crafted program. There are no limitations for used methods or software (except the Russian legislation). The winner is the first who gets all four flags and gives details how to get them. The second and third places are for participants who get only three or two flags or meet the conditions later than the winner.

Conditions

Any Positive Hack Days participant is allowed to take part in the contest. Follow to Contests zone to register. The start time will be announced late.

Rewards

First prize: Amazon Kindle DX.

Runner-up: Amazon Kindle 3 Wi-Fi.

Third prize: ESET Smart Security (3 years).

All winners receive prizes and gifts from the PHD sponsors and Positive Technologies.

Technical details

Participants should choose and bring all necessary software and hardware (notebook, etc.) along.

Fox Hunting NG

Every participant can demonstrate the abilities in wireless networks security and PCI DSS Wireless Guideline requirements using different software and hardware.

Participants should detect 802.11 a/b/g/n wireless access point with pre-defined ESSID identifier.

Rules

The winner is the first who detects the exact coordinates of current wireless access point, physically bring to at least half of a meter to it, and inform the jury. The contest is held during the whole PHD. Access point location may change with time.

Conditions

Any Positive Hack Days participant is allowed to take part in the contest, no registration is needed.

Rewards

All winners receive prizes and gifts from the PHD sponsors and Positive Technologies.

Technical details

Participants should choose and bring all necessary software and hardware (notebook, etc.) along.

__________________________________ __________________________________ __________________________________ __________________________________
Copyright 2011
Positive Technologies