PHDays IV CTF: how it was

Within the framework of the international forum Positive Hack Days IV, which was held in Moscow on May 21 and 22, the hacker competition Capture The Flag was traditionally held. Over the course of two days, 10 teams from 6 countries of the world hacked into networks of rivals and repulsed their attacks.

Traditionally, the infrastructure and tasks of Positive Hack Days CTF are developed according to the general legend, which is a real highlight of the competition. During last year’s CTF, participants reincarnated as the saviors of the fabulous world of D'Errorim, who was threatened with death. Having completed the task, they realized that they were fighting on the wrong side, and now the danger threatens their own home. The storyline thus combines the PHDays III CTF, through the CTF Quals qualifiers, with the final battle during PHDays IV.

Full textcompetition legends - on the forum site.

Game principle

Typically, CTF competitions are divided into two types - task-based, where the main task is to solve the tasks prepared by the organizers, and attack & defense, when teams must defend their networks and attack opponents' systems. Positive Hack Days CTF combines both of these concepts, complementing them with individual game mechanics. In particular, in addition to standard tasks (“tasks”) and services containing vulnerabilities, the organizers of PHDays CTF developed unique quests - tasks that have a limited life span, and the bonus for their execution depends on the number of teams that completed.



In addition, every year the organizers give CTF participants the opportunity to earn extra points by participating in competitions of the main program. In 2012, teams were looking forflags in a special container with garbage (dumpster diving), and on PHDays III you could earn points by getting out of the hacker maze.

This time, members of the participating teams could test their strengths in finding vulnerabilities in industrial systems and protocols during the Critical Infrastructure Attack contest . The RDot team managed to earn extra points.

On the second day of the competition, the central task was to analyze the security of the QIWI terminal - for this, a real terminal connected to the network was installed on the forum site. Teams received copies of the analysis software installed on it in advance, and during the competition they were given full physical access to the terminal (for example, to connect external devices). The participants' task was to withdraw money (313,370 rubles) to a special electronic wallet. The closest team to victory in this competition was the team More Smoked Leet Chicken.

Visualization

In order to make the competition even more spectacular, last year the organizers developed a special visualization system in the style of fantasy. This year this system has been updated. Using special applications for iOS and Android, anyone could follow the battle on the screen of their smartphone (visualizer applications still work now, displaying the progress of the CTF battle in demo mode).



On the forum site, the images were broadcast on large screens.

Winners

Competitions were held in a fierce struggle. During the two days of the PHDays forum, the change of leader took place more than once: the teams of intr3pids, More Smoked Leet Chicken, Dragon Sector, SecurityFirst, Reallynonamesfor, BalalaikaCr3w and Ufologists managed to visit the top three.

In the end, the Dragon Sector team representing Poland won. Spaniards from int3pids took the second place, and Russians from Balalaika Cr3w became the third.



Every year, teams from all over the world take part in PHDays CTF - from the USA to Japan. At the qualifying competitions this year, more than 600 teams registered.

PHDays CTF was held for the fourth time: for the first time the competition was held during the Positive Hack Days forum in 2011, then the participants of the American PPP team became the winners, the Russian team Leet More won the following year, and Eindbazen from the Netherlands became champions at PHDays III. After the victory of the Polish Dragon Sector team, it can be argued that a true tradition has taken shape: every year a new team representing a new country wins.