2021
PHDays can boast all that an information security conference is supposed to have: a presentation of new products and ideas, lots of communication with colleagues, a technical and business track, and participation of industry regulators and pentesting experts. And The Standoff is its special highlight. We've taken part in it since 2017 both as defenders and attackers, but in 2021, due to the slight changes in the rules, the cyberbattle turned out to be the most interesting and dynamic of all time. The organizers did a great job!
PHDays, as always, went nice and clean. The place was full of people: after a long break, we managed to meet and communicate with customers, partners, friends, and competitors. The talks were interesting; some people watched them offline, and some joined online, which was also very cool. This time, our team was quite large, but still, we sometimes could not cope with the influx of those who wanted to have a talk with us, learn about our new developments, and discuss possible solutions to current problems. All in all, it was, as always, cool, exciting, and positive. We are looking forward to PHDays 11.
I think that PHDays has long become more than just a conference but a unique platform for discussions and exchange of experience of information security professionals at all levels and in areas of expertise. As developers of advanced cybersecurity solutions, the Security Vision team took an active part in PHDays: these two days were filled with lively, informative, and very productive communication.
Of course, this is one of the most significant events in Russia, because it unites the cybersecurity community and, at the same time, allows you to watch The Standoff cyberbattle in real time. The conference gives customers the opportunity to get acquainted with cybersecurity technologies at the partners' stands and listen to experts on the Russian and international markets. The combination of practical aspects and technical talks creates a special atmosphere of the event, which has been maintained for a decade now. PHDays 10 was expected to take place in 2020, but, unfortunately, the pandemic made its own adjustments. I am delighted that Positive Technologies was able to continue the tradition this year. On the whole, this is probably one of the most well-known and popular events in Russia that everyone is looking forward to.
We've participated in The Standoff for the second time. Last year, we provided our payment processing under the RBK.money brand for the financial system of the cybercity, and this year, we attended the event as IT company Osnova, within which we develop our technological line of business.
City F's entire financial system used the Osnova processing: the bank that issued cards to city residents, the payment solution for online stores, and other elements of the FairMarket financial infrastructure. As a result, almost all the cybercity companies suffered from hacker attacks: red teams wreaked havoc at the train station, changing the train schedule, gained access to the crane control and dropped a container on a barge at the seaport; they caused explosions at the gas distribution station; power lines, wind generators, and other vital systems of the city were disabled. And the financial system of the cyber-range successfully passed this stern crash test: the Osnova processing withstood all of the attacks.
The attackers failed to trigger two specific risks of using bank cards for fraudulent transactions and disrupting the work of the processing center. Although at least four red teams, by hacking the online store connected to the processing system, were able to obtain merchants' API keys, with the help of which they could try to withdraw store funds through payment to cards—no one eventually triggered such a risk. I'd like to stress that the city's banking system was not protected by any of the blue teams—Osnova's own internal processing protection system was the only protection.
This is an impressive result and another confirmation that our solution is really reliable and safe. But if the red teams had been able to break our protection, this would've been a positive outcome for us anyway: the more vulnerabilities are detected, the better our product becomes. We constantly work on its security, including developing the Bug Bounty program and inviting all specialists to look for vulnerabilities in our code, send reports, and receive rewards.
We thank Positive Technologies for this useful and interesting experience. It was really cool! The Standoff is a landmark event in the cybersecurity industry, and we will gladly continue to take part in it.
Bruce Schneier
The Chief Technology Officer of IBM Resilient, a fellow at Harvard's Berkman Center, and a board member of EFF
We have been organizing security conferences for more than ten years. The major part of them are boring corporate events. However, this conference is something completely different. It not only inspires, it is very practical and quite counter-cultural.
2018
I couldn't get enough of PHDays—it just flew by. There were so many interesting talks, meetings, case studies, practical discussions, and new ideas. We were able to present our latest accomplishments, get useful feedback from the community, and be a part of the conversation on the most important topics in security. PHDays continues to set the bar for events in the security industry. The combination of applied security and thought-inspiring talks would be very difficult to find anywhere else.
Among all the security industry events in Russia, PHDays is a very special one in both form and content. This is a unique space for experts, junior specialists, CISOs, and security practitioners to engage with each other. We were not tied to a particular stand at the last PHDays, so we got to roam freely and have fun exploring all the halls and making acquaintances.
At Positive Hack Days, you're fighting for the security of the digital world. Every year, the discussion covers the most critical and fundamental problems in information security. Topics last time focused on the digital economy and the far-reaching changes that have been unleashed. We believe that by combining the forces of the industry’s best and brightest, it is not too late to build a digital future that is secure.
Positive Hack Days means lots of interesting meetings, insightful asides from colleagues, and content-filled talks and sessions. For Angara, the most recent PHDays was busy with several presentations and our demo stand. The highlight was participating in The Standoff for the first time in our company's history. We are proud of the results shown by our team ACRC. Thanks to the non-stop 30-hour cyberbattle in a full-scale mock city, the mettle of both attackers and defenders was tested while trying out tools and techniques, some of which were well known and others brand-new. It was a true all-out struggle in which SOCs were pushed to prove their analytic prowess as well as skill at monitoring an onslaught of attacks.
Marc "van Hauser" Heuse
The Hacker's Choice
PHDays is special because of combining hackers and business together.
2015
I've attended the conference for all five years of its existence. Right before my eyes, PHDays has "grown up" into a serious event that draws major players and visitors from all over the world.
This was my first time at a conference in Russia, and I liked it. People take a completely different approach to the big questions. I'm already used to hearing everything that Western specialists have to say about security, but here I got a different perspective. Here you can see how private companies, industry organizations, and the government are working together to find a solution to shared problems. It was very interesting.
This event is the only one like it in Russia, combining deeply technical talks with topical business presentations by both Russian and international security luminaries.
So many wonderful technical talks and popular topics. The program was great, but the people are what make PHDays shine.
I was blown away by the scale. I expected a large number of people, based on what I read, but it still managed to surpass all my expectations. PHDays is a wonderful place for talking with colleagues and exchanging views among those who research technology and those who write the laws that govern technology.
Engaging with colleagues is the reason I come to the forum. In this regard, PHDays is one of the best events in Moscow. Here you can find people you would hardly come across in your daily routine… PHDays brings us together.
Travis Goodspeed
An innovative security researcher
It's this coziness to it that conferences of this size rarely have.
2014
At last our region has a well-deserved event for specialists in information security. I would like to thank, onсe again, the organizers, Positive Technologies.
The Hash Runner contest was fun and challenging, it helped us test some experimental John the Ripper code and identify areas for further improvement.
It's a very good experience. PHDays is tremendously creative. It is a fantastic atmosphere. The programme is very versatile—a mixture of unique competitions, interesting conferences, and opportunities to make new acquaintances ... And it's a lot of people. I did not expect that many!
This is the strongest information security event in Russia, period. The organizers make the effort to bring the best experts from Russia and abroad. Many events going on, many interesting talks, and most importantly, many young people. PHDays is the perfect event to help them see the advantages of putting their talents to use for the "light side".
Very impressive. It was a pleasure to see all these great researchers who presented here. Industry stakeholders should definitely come to PHDays to catch up with the latest trends and meet new contacts.
PHDays is a unique event where we can see how information security is created and who is who in our field. And it's a place where the binary, digital world of hackers meets the physical world. The forum has realistic contests, such as CTF, Critical Infrastructure Attack, and one in which participants probe for vulnerabilities in a smart home.
PHDays gives talented teams momentum for developing innovations and for finding their way in entrepreneurship, in the white hat community.
PHDays has proven it: cyberwar is real, and we are trying to prepare for it, just like all other countries. However, not all threats are taken seriously, at least in business. There are problems on the governmental level also: legislation is failing to keep up with the times. Professionals must declare their initiatives for all to hear.
PHDays is one of the best information security events in Europe.
Tao Wan
IBM GCG Cloud Tiger Team Security Managing Consultant
It's very nice to have a chance to attend Moscow and PHDays.
2013
My sincere thanks to the organizers, who moved mountains so that PHDays II could be so successful.
Only at a conference like this could opposites look so natural together: C-suite suits and tech guys in T-shirts, hackers and defenders, experts and n00bs.
Thus, professionals and students are looking forward to attending again this big event with the confidence that next time it will be even bigger and more attractive.
It felt like I saw almost all the security big names I know here! That's so important at these events.
It was a pleasant surprise to see so many young people participating in such a serious forum. This gives me hope for the future of information security.
It's a pleasure to see that interest in PHDays is only growing with each year!
The presentations were excellent, plenty of fresh faces, and not too many systems integrators crowding up the place.
Again, thanks to the whole PHDays crew, to the speakers and to the attendees! Hope to see you all there next year as well.
The CTF was also pretty awesome to watch. They had a dumpster diving challenge where the teams had to try to find an MD5 hash. I hadn't seen that before in a CTF and thought it was genius.
Just listing everything would take more space than I have here.
Digital October, plenty of space, in the center of the city. The milieu and decorations are superb: clean, neat, and gorgeous. Very pleasant spending time in such spaces.
The presentations were exciting, as opposed to the boring marketing spiels we tend to get at Russian security conferences.
Positive Hack Days is an event that literally blows up the hacker world.
This was simply an incredible event with one-of-a-kind atmosphere, interesting people, and awesome program.
This is among the very best security events I've seen. And definitely the most original one.
Wonderful location, there were plenty of people and the conference was organized extremely well. The SCADA demonstration was very novel and very unique.
The hands-on labs and the infrastructure built for them are incredible.
PHDays is a right place to be and a right place to talk about security.
PHDays is different from any conference I've ever been to. It's incredibly well organized, the program is very technical and the CTF visualization was very cool.
There are a lot of really amazing, smart people here. The more people you put together, the more voices are talking, the more knowledge gets shared.
Audience was great, the setup was good. Enjoyable!
I made a great deal of new friends from Russia, the independent nation of Appalachia, and Europe over the last week and will never forget this trip.
2012
I'll say it right out: incredible! This was my first year at PHDays and the two days just flew by.
Have to point out that this year there were many more speakers from abroad, as well as CTF teams.
The PHDays forum was packed with technical and business seminars, hacking contests and emerging security technologies demonstrating the latest security issues and challenges security professionals face on a daily basis.
In my lectures this year, I'll be recommending that all students visit PHDays or, if they can't make it to Moscow, PHDays Everywhere in St. Petersburg.
The organizers pulled off an unfathomable amount of work to make an event that is truly unforgettable!
At PHDays I loved the true hacker atmosphere, interesting talks, and Guinness in the open bar :) All I can add is to thank Positive Technologies for putting the event together. It was awesome.
Overall the conference was very well organized, with plenty of exciting contests too, including the (in)famous 2drunk2hack, where one of our engineers finished in second place.
PHDays II has raised the bar for atmosphere and comfort at security conferences.
The CTF was cool. It was real fun!
First of all we would like to congratulate PHDays for another great competition and the opportunity to compete against the best password cracking teams worldwide.
My experience confirmed what people were already saying before PHDays this year: it's the biggest and most interesting information security conference in Russia.
Participating in the PHDays CTF means a lot of swag!
Thank you so much to Positive Technologies for organizing the event so well.
Thank you to the organizers of the Hash Runner contest, who quickly and thoroughly answered all questions that came up, and fixed bugs quickly as well. Everything was top-notch.
