Confrontation Positive Hack Days: attackers are set for revenge

The Positive Hack Days forum is about to start, and with it the most anticipated part of it is a cyber battle between hackers and security guards Confrontation. Last year, as we recall, hackers were not able to seize the city completely , therefore one of the most pressing issues of this year, which concerns not only the participants, but also the visitors of the forum, will they be able to take revenge? We talked with the attacking teams, found out their mood, game plans and, of course, forecasts.
Characters
This year, the organizers have revised the approach to the choice of attackers, leaning towards professional teams. “Our main task in the framework of the hacker part of PHDays is to show the hacker world to people as clearly as possible. Therefore, not only CTF regulars were invited to the role of attackers, but also pentesters with a rich arsenal of hacking techniques, a systematic and at the same time very creative approach to business, ”said Mikhail Levin, member of the organizing committee of PHDays.
The lion's share of participants - in their free time from Positive Hack Days :) - successfully works in the field of pentest, and some of them participate in the Confrontation as representatives of a particular company. So, on the side of the attackers in the Confrontation of the 2017 version, 9 teams:
- Antichat
- Rdot.org,
- BIZone
- PwC Cyber (PwC),
- Vulners (QIWI),
- KansasCityShuffle,
- True0xA3 (Information Security),
- “TSARKA” (Tsarka, Kazakhstan),
- Hack.ERS (world team).
“Who does not know how to attack, he does not know how to defend”
Some teams were seriously preparing for the Confrontation and, of course, have Napoleonic plans for the game. The Antichat team, for example, has updated its roster and, as last year, goes to the Confrontation for an absolute victory. For the Rdot.org team, participating in competitions is a kind of tradition. The BIZone team, whose members are part of the CTF teams BalaikaCr3w, EpicTeam, has the opportunity to play once again. The team captain Antichat, who considers PHDays as an integral stage in the formation and development of any Russian CTF team, also supports colleagues in the workshop. Although there are plans for everyone to enjoy the game, plunge into the atmosphere and feel the spirit of competition (and not in vain - these plans will certainly be fulfilled and even overfulfilled).
Although for most teams participation in the Confrontation is primarily a training, an opportunity to demonstrate and test your strengths. Interest plays an important role: in real life, due to the specifics of work, it rarely turns out to “touch” such an infrastructure as it is recreated on PHDays. “We have been visiting PHDays for several years, and mainly participated in small competitions. This year we realized that we are ready for the Confrontation. It is important for us to see how the guys will interact with each other, to establish the right process among the team members, to learn our strengths and weaknesses, ”said Olzhas Satiev, a member of the“ CARKA ”team.
Says Pavel Sorokin (True0xA3): “We have extensive experience in conducting various penetration tests, which allow us to identify key weaknesses in the security of our customers and offer them the most effective solutions to eliminate these shortcomings. PHDays is an excellent event that allows you to hone your teamwork, rally employees, increase expertise when practicing practical cases. This year we act under the motto "Who does not know how to attack, he does not know how to defend."
Igor Bulatenko, a member of the Vulners team, who also believes that a good security guard should know what methods and techniques will be used by attackers to attack his infrastructure, agrees with him: “The confrontation will allow you to be in the shoes of the attacking side and try to find weaknesses in a well-built protection system. This experience may help us take a fresh look at the protection of our servers and improve something. ”

We will attack everything
And the participants will be trained on what. The city familiar from the past PHDays has grown significantly, both in size and population. This time, the organizers decided to give hackers and defenders not separate objects, but a whole city - with traffic lights, cars, houses, hundreds of residents. All objects are interconnected with each other and technically are not much different from the real city.
What infrastructure objects will hackers attack? Of course, none of them is in a hurry to reveal all the secrets, but we still managed to find out something. Basically, teams are guided by their own real experience. The Antichat team plans to attack objects with a web interface, since they have the most specialists in this area, and maybe they even implement several scenarios of social attacks. According to Nikita Vdovushkin, a member of the BIZone team, they would love to try to immediately get into the banking or office infrastructure, since in real life their company BIZon specializes in the banking sector.
The teams also shared their thoughts on the alleged vulnerabilities. The Vulners team expects classic misconfiguration errors, standard accounts, forgotten services, and classic web vulnerabilities. One of the members of the BIZone team suggested that there would be many interesting and difficult to exploit binary vulnerabilities. Pavel Sorokin: “We are interested in how the organizers will beat the ShadowBrokers sink. Will there be vulnerabilities for these exploits in the Confrontation? And I wonder how the defenders will defend themselves from them. "
In general, the participants have positive expectations from the game. They rely on complex and interesting vectors, hardcore, clear rules and a transparent scoring system for both attackers and defenders. And of course, they hope for the right balance of power. Igor Bulatenko: “Last year, it seems to me, the forces were not on the side of the attackers. I hope that this year the organizers will be able to solve this problem and bring more realism to the life of the city. ”

Hacker arsenal
Last year, hackers rushed into the battle almost with bare hands. The participants decided not to repeat past mistakes and prepared a whole arsenal. This time, standard security analysis tools will be used - a gentleman's set of pentester and reverse, as well as tools accumulated during real pentests and participation in CTF.
Antichat team promises to use well-known Linux distributions specially designed for penetration testing: BlackArch, Kali. And if we talk about specific software, then the indispensable means, according to the team, are Burpsuite, Metasploit Framework, as well as Radare2.
The Rdot.org team was most impressed. Here is an incomplete (!) List of their tools: diversionary software to infect automated process control systems, 0day exploits for browsers and web applications, femtocells and frameworks for OTA operation, radar and radio signal amplifiers, skimmers and RFID programmers for faking smart cards and bank cards, atomic force microscopes and a chemical laboratory for chip analysis, IoT botnets for organizing DDoS attacks, night vision devices and telescopes for monitoring rival monitors, certified forensic equipment for DMA attacks, bitwise copying of hard drives and video data formation, EFI backdoors for infecting rival devices and infrastructure, equipment for detecting and decoding spurious electromagnetic radiation and acquiring information through acoustic channels,
Odds - 50 to 50
In general, the mood of the attacking camp is more than decisive. Moreover, there is some competition between the attackers themselves. Antichat old people, for example, are sure that “all hackers have chances,” however, they note that only LC↯BC can compete with them, and they do not plan to participate in this competition.
Olzhas Satiev: “Some teams are not participating for the first time, therefore, they have more experience. Yes, we are new, but with a fresh look :) - and we will do our best to achieve our goals. ”
But attackers in most cases speak reservedly about rivals. Nikita Vdovushkin (briskly) believes that “in the real world, it is quite difficult for defenders to quickly respond to attacks and close vulnerabilities while maintaining the availability of services, since services can reach huge sizes of several thousand lines of code. “We believe,” he says, “that the success of the defenders largely depends on how the organizers manage to reflect this aspect of the real world in the competition.”
Pavel Sorokin relies on experience and well-prepared training: “We will strive for victory! We are preparing for the Confrontation and we hope that our preparations will help us achieve our goal. ” Well, Antichat leaves the defenders no chance at all.
***
How will the defense respond to this challenge? The answer to this question is in our next article. Follow the news!
We remind you that the forum will be held May 23-24, 2017 at the Moscow World Trade Center. Tickets for Positive Hack Days can be bought here .