Cybersecurity experts from around the world will take part in the Standoff cyberbattle during the St. Petersburg International Economic Forum

cyber_battle

International cyber exercise at SPIEF

Earn points by finding vulnerabilities in systems. Points are awarded separately for each system, and you can report only one vulnerability of each type per system.

Langit Biru

Insight Cyber X

ET-BLUE

Tube produces, refines, stores, and sells oil and gas. Its assets include an oil refinery, a natural gas processing plant, pipelines with pumping stations, a trunk gas pipeline, tankage facilities, an LNG storage tank, and oil-product loading stations for rail and sea transportation. 
 
Over the past year, State F has made significant strides in the gas industry: Tube has set up new drilling facilities and commissioned a natural gas processing plant, which is now actively recruiting staff. The company uses a gas carrier to transport its products by sea. Tube also uses a custody transfer metering skid to measure the volume and quality of products delivered from suppliers to consumers.
 
Cyberattacks on the oil and gas industry can affect other sectors in State F beyond the target companies. For instance, malicious interference could shut down the tire factory, while disruptions in the operation of an oil pipeline, fractionating column, electric dehydrator, or hydrocracking reactor could cause a fuel crisis in State F. Hackers could also disable the air cooling unit at the liquefied natural gas facility or the absorption column at the gas processing plant, resulting in long periods of downtime and significant financial losses.
 
Tube is featured in the "Oil" and "Gas" 3D models.

Oil and gas

OCTOPUS

CyberTeam

HogGuards

The Central Bank of Standoff is the country's financial regulator. Consumer financial services are provided by three commercial banks. The Commercial Bank of Standoff, which has many offices across the country, caters to companies and organizations. First Partner Bank manages merchant accounts and enables QR code payments and fast transactions. Global Digital Bank has only one branch office as it is fully automated; the bank's applications are cloud-based.

## Scope
Outer perimeter:
combs.stf 10.119.10.64/26
centralb.stf 10.119.10.128/26
firstpb.stf 10.119.10.192/26
glodb.stf 10.119.11.0/26

Inner perimeter:
combs.stf 10.149.2.0/23
centralb.stf 10.149.4.0/23
firstpb.stf 10.149.6.0/23
glodb.stf 10.149.8.0/23

## Out of scope: 
1) all servers named logc.<office>.stf
2) network 10.119.1.0/24
3) SC SERVERS, SC USERS networks: 10.149.2.0/26, 10.149.4.0/26, 10.149.6.0/26, 10.149.8.0/26, 10.149.10.0/26, 10.149.12.0/26, 10.149.14.0/26, 10.149.16.0/26, 10.149.18.0/26, 10.149.20.0/26, 10.149.22.0/26, 10.149.24.0/26
4) Accounts starting with "pt*"

## Vulnerability reports
The tasks indicate where the vulnerabilities are located: on Gate hosts or in the DMZ and further within the infrastructure. Reports on vulnerabilities found in Gate are automatically verified upon flag submission. Reports on vulnerabilities found in the DMZ and within the infrastructure are verified by the jury.  
 
When reporting a vulnerability, make sure to note where it was found. If it was discovered on Gate hosts, open the report in the relevant tab, select the vulnerability, and submit the flag. If it was found in the DMZ and further within the infrastructure, fill out a report for the jury.

Banking sector

UzCERT Blue Team

CyberPrantikKella

isc.rw.BY

black_desert

MetalliKO specializes in full-cycle ferrous and non-ferrous metal production and processing.
 
The factory has an onsite ore-blending plant with a bucket-wheel excavator and conveyor, a blast furnace, an oxygen-converter section, a continuous casting unit, and a rolling mill. Rolled metal is transported to customers from the product storage area.

Hacker attacks could knock out the cooling system of the blast furnace, bring the rolling mill to a standstill, cause molten metal to spill in the workshop, lead to a chlorine gas leak in the titanium production area, or trigger an explosion at the factory. Restoring the factory would take years of work and cost billions, meaning that State F's metal industry would basically collapse.
 
MetalliKO is featured in the "Metallurgy" 3D model.

Metallurgy

Zapekanka

N0N@me

Kryptonite

The energy sector of the state is divided into two main segments - wholesale and retail.

Within the wholesale segment, electricity is generated and transmitted. Generating companies that own thermal power plants, hydroelectric power stations, and wind turbines produce electricity and transmit it through power lines to substations. On the wholesale market, purchases are made by energy-intensive industries, such as the «MetalliKO» metallurgical plant. Enterprises that have their own power plants can use the generated energy for their own needs or sell it. The operator of the wholesale electricity market, «OptEnergoMarket», is responsible for managing the wholesale segment. It organizes the trade in electricity, monitors compliance with rules and regulations by market participants, and verifies the accuracy of calculations.

Energy supplying organizations in the retail market, in turn, are engaged in the distribution and sale of electricity to end consumers, including households and organizations. Sales companies, such as the «OffEnergo» energy company, buy electricity on the wholesale market and sell it to consumers on the retail market.

Forecasting demand for electricity in the retail market is crucial, as it directly affects the volume of generation in the wholesale market. Accurate forecasting allows generating companies to adjust production according to consumer needs, ensuring stability and reliability of energy supply.

The smooth operation, reliability, and efficiency of all processes, including generation, transmission, distribution, and consumption of electricity, are ensured by a single operator of dispatch control - the Central Dispatch Unit «Energo». It carries out round-the-clock monitoring of the energy system.

If hackers interfere with the operation of at least one element of the energy system, all market participants will suffer, and the functioning of power supply facilities will be disrupted. And attacks on critical equipment of power plants can leave State F without electricity.

The companies of the electric power industry are featured in the «Energy sector» 3D model.

Energy

N@mele$$

DizFry

Koscab

The company's main business is providing housing and public services. In particular, it is in charge of street lighting, CCTV maintenance, and digital billboards. It also helps residents equip their apartments with IoT devices. Beside that, City Housing & Utilities manages a stadium, a multifunctional public service center, and an automated warehouse (dark store).

## Scope
Outer perimeter:
10.119.11.192/26
Inner perimeter:
10.149.14.0/23

## Out of scope: 
1) all servers named logc.<office>.stf
2) network 10.119.1.0/24
3) SC SERVERS, SC USERS networks: 10.149.2.0/26, 10.149.4.0/26, 10.149.6.0/26, 10.149.8.0/26, 10.149.10.0/26, 10.149.12.0/26, 10.149.14.0/26, 10.149.16.0/26, 10.149.18.0/26, 10.149.20.0/26, 10.149.22.0/26, 10.149.24.0/26
4) Accounts starting with "pt*"

## Vulnerability reports
The tasks indicate where the vulnerabilities are located: on Gate hosts or in the DMZ and further within the infrastructure. Reports on vulnerabilities found in Gate are automatically verified upon flag submission. Reports on vulnerabilities found in the DMZ and within the infrastructure are verified by the jury.  
 
When reporting a vulnerability, make sure to note where it was found. If it was discovered on Gate hosts, open the report in the relevant tab, select the vulnerability, and submit the flag. If it was found in the DMZ and further within the infrastructure, fill out a report for the jury.

City Housing & Utilities

A digital twin of Positive Technologies' target information systems. Attacks on these systems could result in two non-tolerable event scenarios for the company.

## Scope
Outer perimeter:
10.119.13.0/26,  10.119.255.196/26

Inner perimeter:
10.149.26.0/23

Out of scope: 10.149.26.0/26, logc.pt.stf

International cyber exercise at SPIEF

PT infrastructure

Scope

Attacker metrics

Results