Contests
Onsite contests |
Online contests |
2600 |
$natch
"How to Clean Out a Bank and Stay Alive" is one of the oldest and most exciting contests at PHDays. This year, participants will have more to deal with than just analyzing e-banking source code—they will have to empty ATMs and self-service kiosks, and be ready to smuggle money out past anti-fraud systems. Like last year, hackers can also choose to play for the "good guys" by writing about vulnerabilities to a special incident response group.
- Rules
-
Rules
Contest will last for the duration of the forum. http://contest.phdays.com
- Participation Terms
-
Participation Terms
All forum participants may take part. Come to the contest stand to join.
- Prizes
-
Prizes
Players take home all the money "stolen" from the system (stealable funds total RUB 60,000).
-
2drunk2hack
The competition enables the participants to try their skills in hacking a web application which is protected by a Web Application Firewall and demonstrate the ability to think straight in any situation.
- Rules
-
Rules
The goal is to hack a web application protected by a Web Application Firewall (WAF). The web application contains a limited number of vulnerabilities, consecutive exploitation of which allows OS commands execution.
The competition takes 30 minutes. Every 5 minutes the competitors on whose actions WAF reacted more often can drink a 50 g shot of a strong drink and proceed with the competition.
The winner is the first who manages to capture the principal game flag on the stage of executing OS commands on the server. If the principal flag is not captured, the winner is the participant with the largest number of flags captured on other stages of vulnerabilities exploitation.
- Participation Terms
-
Participation Terms
Any attendee who has reached the age of 18 is welcome to participate in the competition. The participants can register at the information desk in the lobby of the second floor. The number of competitors is limited.
- Prizes
-
Prizes
Winners will recieve valuable prizes.
- Technical Details
-
Technical Details
Please bring your own software and hardware that you require for participation. Connection to the game network segment will be provided.
-
2600
Participants can watch wits at old-school phone phreaking. Their task: use an ordinary token to make a call on an old Soviet pay phone.
- Rules
-
Rules
To emerge victorious, a participant must make a call from the pay phone to a certain phone number—and retrieve the token.
- Participation Terms
-
Participation Terms
All forum participants may take part. Contest will be held throughout the forum.
- Technical Details
-
Technical Details
Participants may not damage the pay phone in any way!
-
Free SCADA
Free SCADA is an educational open-source project intended to demonstrate typical vulnerabilities in SCADA components. Free SCADA will consist of SCADA components with PLCs (based on Raspberry Pi). As part of The Standoff, each of the attacking teams will be given access to a separate stand for warming up and gathering useful hints about the infrastructure and settings of one of the main contests—Critical Infrastructure Attack: City.
Made possible with the support of ASP Labs.
- Rules
-
Rules
Contest will last for the duration of the forum as part of The Standoff.
- Participation Terms
-
Participation Terms
Only Standoff teams may take part.
- Technical Details
-
Technical Details
Participants must bring their own software and hardware.
-
CAMBreaker
Forum visitors can try to hack IoT devices by finding zero-day vulnerabilities in popular IP cameras. Besides web vulnerability aficionados, we encourage masters of firmware reverse engineering and JTAG wizards to show off. Don't forget to bring your own devices!
- Rules
-
Rules
Contest will last for the duration of the forum. http://contest.phdays.com
- Participation Terms
-
Participation Terms
All forum participants may take part. Come to the contest stand to join.
- Prizes
-
Prizes
1st place: LG Nexus 5X smartphone, PHDays souvenirs 2nd place: PHDays souvenirs 3rd place: PHDays souvenirs
- Technical Details
-
Technical Details
Participants must bring all necessary software and hardware themselves.
-
HackBattle
HackBattle is new to PHDays. A qualifying stage will be held on the first day of the forum at the contest stand, where participants will need to complete several tasks. On the second day, the brightest hacker minds will assemble on the main stage to astound the audience with their speed, smarts, and improvisation while hacking in real time. Our team of professional streamers will be providing commentary.
To participate, hackers must come to the HackBattle stand on the first day and perform the qualification tasks.
- Participation Terms
-
Participation Terms
All forum participants may take part. Qualifying stage will be held on the first day of the forum. Finalists will be determined by the end of the first day. Championship will be on the afternoon of the second day.
- Prizes
-
Prizes
1st place: Hak5 Field Kit, PHDays souvenirs 2nd place: PHDays souvenirs
-
MITM Mobile
Mobile network security has well-known issues at all levels from client devices to operators. One sore point is the GSM standard, which can be hacked not only by nation-states, but by engineers with $20 to spare. Don't get your hopes up for 3G/4G though: operators are stuck supporting GSM for years to come, so downgrade attacks involving "evil-twin" base stations can force subscriber devices to switch to the not-very-secure GSM standard. Interception of SMS messages and USSDs, eavesdropping on phone conversations, use of IMSI catchers, and cloning of mobile phones—all this can be seen and learned at our stand by trying to hack the special mobile operator we have set up specially for the event. Prizes await the nimblest participants.
- Participation Terms
-
Participation Terms
Contest held during the forum. Come to the contest stand to take part.
- Prizes
-
Prizes
1st place: bladeRF x40, PHDays souvenirs 2nd place: PHDays souvenirs 3rd place: PHDays souvenirs
-
Automotive Village: CarPWN
At Automotive Village: CarPWN, participants can compete to show off their knowledge of everything related to car security. Competition tasks will include searching for wires, ECU searching, connecting to the on-board network, setting up an MITM attack using CANToolz, testing the security of QNX, and much more. Conference participants will have two days of access to a training stand and vehicle for hacking.
- Participation Terms
-
Participation Terms
Contest will be held throughout the forum. All forum participants may take part.
- Technical Details
-
Technical Details
We recommend that participants bring their own special CAN equipment.
-
HackQuest
This year's HackQuest is organized by Wallarm. Hackers must solve as many tasks as possible. These tasks are based on real vulnerabilities found in the past year. New to this year: neural networks.
- Rules
-
Rules
Contest will be held from May 1 to 13. Start: 12:01 a.m. (midnight) on May 1.
- Participation Terms
-
Participation Terms
All Internet users are eligible to participate.
- Prizes
-
Prizes
Winner will receive free PHDays tickets and souvenirs.
- Technical Details
-
Technical Details
To sign up, visit hackquest.phdays.com
-
WAF Bypass
WAF Bypass is back at PHDays. As always, participants will try to bypass PT Application Firewall. This year’s tasks will center around bypassing the new database protection component of the Positive Technologies web application firewall. Victory will be gauged based on special flags. Both forum visitors and Internet users are eligible to participate.
- Rules
-
Rules
The contest consists of tasks during which the competitors collect flags. Each flag is worth points. In case of a tie, victory goes to the participant who obtained their final flag more quickly.
- Participation Terms
-
Participation Terms
The contest consists of tasks during which the competitors collect flags. Each flag is worth points. In case of a tie, victory goes to the participant who obtained their final flag more quickly.
- Prizes
-
Prizes
1st place: Apple Watch, PHDays souvenirs 2nd place: one-year Burp Suite Pro license, PHDays souvenirs 3rd place: PHDays souvenirs
- Technical Details
-
Technical Details
To sign up, go to waf-bypass.phdays.com
-
Competitive Intelligence
In today's world, it's easy to dig up sensitive information on people and companies. The main skill in competitive intelligence is to find and synthesize morsels of information scattered across public sources. For several consecutive years (2012, 2013, 2014, 2015) we have shown how big secrets can be ferreted out with little or no hacking. This craft is becoming easier on the one hand because of the amount of information online, but also harder because of the difficulty for humans to process all this information. In addition to search engines, online sleuths will need to use special tools and techniques from the realm of competitive intelligence. The contest will be held online over three days: May 14, 15, and 16. The victors will receive prizes at the PHDays awards ceremony.
- Rules
-
Rules
The contest page will have questions regarding a particular organization that is widely represented on the Internet. Competitors try to find the maximum number of correct answers as quickly as possible. Results will be known on May 16 at 18.00.
- Participation Terms
-
Participation Terms
Contest will open at 9:00 a.m. on May 14, 2017 at phdays.com/ci2017/.
- Prizes
-
Prizes
1st place: iPad Air, PHDays souvenirs, 3 forum invites 2nd place: PHDays souvenirs, 2 forum invites 3rd place: PHDays souvenirs, 1 forum invite
- Technical Details
-
Technical Details
Participants select all necessary software and hardware themselves. Internet connection required.
-
Critical Infrastructure Attack: City
In this contest, hackers will target a model city's automation systems, which are concentrated in a large industrial zone essential for the ongoing operation of the city and its infrastructure. The model city approximates a real-world city in terms of both technology and functionality. Opportunities for acting on city systems are limited only by attackers' imaginations and the defenses in place on various system segments.
The model city includes:
- Residential areas with building management systems (BMS), smart homes, transportation systems, and IoT gadgets
- Railroad linking all parts of the city
- Power station and substation (electrical generation, distribution, and management)
- Oil refinery and oil storage/transport facilities
- Video surveillance systems
- Rules
-
Rules
Contest will last for the duration of the forum as part of The Standoff.
- Participation Terms
-
Participation Terms
Only Standoff teams may take part.
- Technical Details
-
Technical Details
Participants must bring their own software and hardware.
-
Download the full program in PDF
Levels
The Labyrinth
The Labyrinth at Positive Hack Days is a real hacking attraction. During only one hour the participants of the competition are to get over the laser field and motion detectors, open secret doors, clear the room of bugs, combat with artificial intelligence, and render a bomb harmless. To get through the Labyrinth, you will need some skills in dumpster diving, lock picking, application vulnerabilities detection, social engineering, and of course there is no way without mother wit and physical fitness.
How to Get Into the Labyrinth?
To pass the Labyrinth, create a team of three persons and register in the contest zone. You will be offered some vacant time slots. Please note that passing the Labyrinth may take more than an hour, so avoid planning anything else for this time.
- Rules
-
Rules
"The judge is always right." If while you are breaking through the perimeter the judge requires going back to the starting point, you must fulfill this requirement. Even if you don't hear the horrid sound of the security alarm.
"Sobriety is the norm of life." Do not mix up Labyrinth and Too Drunk to Hack — in order not to loose your way, keep your mind clear.
"Breaking? No, making!" Please avoid any destructive actions against the Labyrinth infrastructure. If you think that it is impossible to pass a room without applying a Bolt Cutter™, please consult the judge.
"Time is short." If you manage to pass the room quicker than it was planned according to the schedule (9 minutes are allocated for each room), you may use the rest of time to fulfill additional tasks. Accomplished all tasks? Impossible!
- Winners
-
Winners
1st place
Antichat
2st place
Shkolota
3st place
Extra Team
-