News

Competition held at HITB+ CyberWeek in UAE, winners hail from Russia.

At this year's Positive Hack Days, teams of attackers, defenders, and security operations centers (SOCs) waged cyberbattle in The Standoff for the fourth time, fighting for control of a mock city's digital infrastructure.

This year's PHDays 9 included Industrial Ninja—a contest of skill at hacking a gas pumping facility. At the PHDays venue, we created three stands that, at different levels of difficulty (No Security, Low Security, High Security), emulated the same industrial process: pressurized air was pumped to inflate, and then deflate, a balloon.

At PHDays 9, we added something new to The Standoff: a hackathon for developers. Teams of attackers and defenders fought for control of a mock digital city, as usual. But all the while, there were also developers working around the clock to make application updates and maintain uninterrupted uptime under a crush of attacks.

Positive Hack Days 2019 included our first-ever IDS Bypass competition. Participants had to study a network segment of five hosts, and then either exploit a service vulnerability or meet a particular criterion (for example, send a certain HTTP response) in order to get a flag. Finding an exploit was easy, but the IDS complicated things as it stood between the participants and the hosts, checking every network packet. When a signature blocked the connection, participants were informed via the dashboard. Here are details on the tasks and the ways to solve them.

For eight years now, the Competitive Intelligence contest at PHDays has provided participants with the opportunity to test their skill at searching for information while learning new OSINT techniques. This year's tasks centered on a fictional information security company specializing in a particular vulnerability. Participants had to dig up information on people related to this company, but do so without hacking, using only their wits and various online resources.

At PHDays 9 we decided to take a look at the grittier side of artificial intelligence and machine learning. Our task-based capture the flag contest, AI CTF, put participants through their paces to test knowledge of AI-related security topics.