Gameplay Analysis.

CTF Quals, registration has started!

Positive Hack Days CTF

Positive Hack Days CTF is an international information protection contest based on the CTF (capture the flag) principles. Several teams defend their own networks and attack the networks of the other teams for a specified period of time. Contestants need to detect vulnerabilities in the other teams' systems and obtain sensitive information (flags) while detecting and fixing vulnerabilities of their own systems.

History and geography

PHDays CTF takes place for the fourth time this year; the contest was initially held at Positive Hack Days in 2011. The team PPP from the USA won the competition that time, Leet More from Russia won in 2012, and Eindbazen from the Netherlands took first place last year at PHDays III.

Teams from all over the world participate in PHDays CTF each year. This year, more than 300 teams registered to take part in PHDays CTF Quals; where teams compete to qualify for PHDays IV CTF.

The Challenge

The hands-on experience of Positive Technologies’ experts in detecting security issues is used as a basis for the tasks. This is why many of the game simulated vulnerabilities can be found in real life as well. PHDays CTF is more interesting because of its difficult tasks and also for original procedures and rules that add a strategy element to the game. The organizers develop infrastructure to provide the players with several possible game strategies, each of which can lead to the victory.

However, solving tasks typical of such competitions is not enough to win PHDays CTF. PHDays II, in 2012, provided an opportunity to score additional points by finding bonus flags in a special paper dumpster (dumpster diving). At PHDays III the organizers moved even further by including the famous hacking labyrinth in the CTF. Participants needed to get past the laser field and motion detectors, open secret doors, clear the room of bugs, fight with artificial intelligence and deactivate a bomb. PHDays IV CTF will raise the bar again.

The Atmosphere

In contrast to other information security conferences, at PHDays the CTF participants are central figures of the event and their battle becomes a key happening along with presentations by leading security experts. To make last year’s competition even more entertaining, the organizers developed a special animation inspired by Heroes of Might and Magic. With special applications for iPhone and Android, anyone could watch the battle on their mobile device. It could also be viewed online from the PHDays website. At the venue itself, the course of the battle could be followed on large monitors placed throughout the venue – where you would frequently find large groups of spectators gathered to watch the competition.

Traditionally, PHDays CTF organizers prepare both a game infrastructure and a unique plotline which adds special appeal to the contest. Such conditions create an exciting atmosphere and make the Positive Hack Days CTF contest stand out amongst similar competitions.

What others say

"If you’ve seen CTF anywhere else, normally it is just a bunch of names on a scoreboard. So it's really cool to see something that adds more character to that."

Babak Javadi (TOOOL)

"It was very different. Clearly a lot more time and effort was put into it than other CTFs. We would know because the CTF we ran was maybe about a fourth of all the setup or less and we thought we were going crazy. We know how much work is behind this." PPP.

"It is not just solving tasks. You had to have some strategy!"


PHDays IV CTF Quals Storyline

May 23, 2013. The infrastructures of the four most powerful information security corporations were brought out of service by the participants of PHDays III CTF. The contestants also triggered the distribution of the most advanced malware – the worm Detcelfer, which infected more than 85% of all PCs and mobile devices in the world. Positive Technologies summons the task force of experts code-named Golem to neutralize the dangerous computer worm and investigate the incident.

The detailed research of the Detcelfer worm shows that in spite of the fact that various mechanisms were used for hiding and distributing the malware, its payload is pretty common – a backdoor. At the questioning, the CTF participants tell an unbelievable story that as soon as CTF started they were teleported to a fantasy world called D'Errorim and the worm Detcelfer helped them to fight "evil monsters". Is that a blatant lie or the result of hypnosis?

As soon as the investigation begins, experts realize that Paul_Axe, one of PHDays CTF developers at Positive Technologies, leaks insider data and someone promised him a great reward for “cooperation”. Paul takes part in two projects – PRISM and D’Errorim.

PRISM stands for “PRISM: Reality Interpretation Switching Modules”, and its goal is to create a hardware-software solution for creating and maintaining virtual realities – VR worlds, that are described using the custom language PILL (PRISM Illusion Layer Language). The main idea of this project is to create a custom virtual world and obtain an ability to bring certain individuals there. It was formed by Gerald Malkin – a mathematician and subsequently a member of the PRISM project – on the basis of the existence mapping theory by the philosopher Phil De Payne, and the universe polysemy theory by Kipp Carm, a theoretical physicist. Except Paul and Gerald, the PRISM project was developed by the Japanese biochemist Chika Sudo, Korean physicist Tal Gi Choi and Buryatian shaman Baatyr – the only person able to enter virtual realities without using PRISM.

The D’Errorim project is an implementation of a VR world for PRISM. It was developed targeting at PHDays III CTF participants specifically for testing the PRISM capabilities on the battlefield.

Both projects are supervised by Apollinary Ryzhebochkin, acting as an intermediary between the members of the two projects on the one hand, and the customers – Zohers – on the other. Zohers form a very powerful distributed group of people who literally rule the world. They sponsor a variety of global projects including PRISM and D’Errorim. Unfortunately, nobody knows what their mission is.

Not long before the final testing of both projects at PHDays III CTF, Gerald Malkin realizes that PRISM is really dangerous for people, so he decides to leave the group and publish an article revealing all the mathematical principles of the project. Zohers launch a hunt for Gerald and he disappears leaving his computer pre-configured to publish an archive containing sensitive information about Zohers.

Eventually, it turns out that Gerald is alive and agrees to cooperate with Golem to defeat Zohers. He provides the source code of the D’Errorim beta version as well as the PILL language specification. Now Positive Technologies is going to create its own VR world based on the leaked D'Errorim sources and set all Zohers as targets. Gerald reveals that PRISM has a powerful search engine that makes it possible to find all Zohers and bring them together inside a certain VR world.

To be continued....