Red teams of the world's top white hat hackers and blue teams of Russian cybersecurity experts will test their limits online and offline in this year's biggest Cyberbattle at PHDays Fest

# Getting started
1.	If you don't have an account yet, [register on the Standoff 365 Platform](https://auth.standoff365.com/en-US/account/registration/).
2.	Read the [step-by-step instructions](https://help.standoff365.com/en-US/8833436683/portal) on how to set up a connection to Standoff Cyberbattle.
3.	Go to Workspace → [Access and resources](https://range.standoff365.com/battle/38/?section=report&tab=accessAndResources), and download a VPN config file.
❗️Each polygon has its own unique VPN configuration. For correct operation, it is necessary to download a separate configuration file for each polygon through this access page. If you try to use the configuration file of another polygon, the system will deny access.


# Completing tasks
You can find answers to all tasks in Positive Technologies security tools, which store logs and artifacts from the Standoff Cyberbattle.
If you don't have any experience with Positive Technologies products, read the following materials:
*	 [MaxPatrol SIEM Quick Start Guide](https://storage.ptsecurity.com/d/7629f49778f14d969b18/files/?p=%2FMP-SIEM.pdf)
*	 [PT NAD Quick Start Guide](https://storage.ptsecurity.com/d/7629f49778f14d969b18/files/?p=%2FPT-NAD.pdf)
*   [PT ISIM Quick Start Guide](https://storage.ptsecurity.com/d/7629f49778f14d969b18/files/?p=%2FPT_ISIM.pdf/)
*   [PT Sandbox Quick Start Guide](https://storage.ptsecurity.com/d/7629f49778f14d969b18/files/?p=%2FPT_SandBox.pdf/)
*   [Official Positive Technologies documents](https://help.ptsecurity.com/en-US/projects)

Please note:
• To connect to MaxPatrol SIEM, select the **LDAP** tab in the authorization window.
• Don't forget to turn on VPN to complete tasks and work with security tools.

# Getting support
If you encounter technical difficulties or have any questions about the Standoff Cyberbattle, write to our [Telegram bot](https://t.me/stf_def_support_bot).

cyber_battle

Final of the international Standoff 15 Cyberbattle at PHDays Fest

Your_shell_not_pass

Heavy Logistics manages transport infrastructure and operates the traffic light system in State F. The company is also in charge of airport customs, a temporary storage warehouse, an airport express train station, and an automated parking facility for airport visitors and passengers.

State F will face catastrophic consequences if hackers break into Heavy Logistics systems and seize control. For example, they could cause a passenger information system failure, disrupt traffic, and contribute to flight delays or runway overruns.
 
Heavy Logistics is featured in the "Transport" 3D model.

Logistics

Grep_Tribe

City Housing & Utilities provides communal and public services in State F. In particular, it is in charge of street lighting, building maintenance, digital billboards, and public transportation. The company also manages shopping malls and business centers, parking lots, a multifunctional public service center, and information desks. In addition, City Housing & Utilities connects residential apartments to the city's broadcasting network and provides entertainment and leisure activities for citizens.

Cyberattacks on the company could affect citizens significantly, leaving them without online pharmacy orders, street lighting, and access to public services, or even causing panic and chaos with false evacuation alerts.

City Housing & Utilities is featured in the "Urban services" 3D model.

Urban infrastructure

GreenWallTeam

The energy sector of the state is divided into two main segments - wholesale and retail.

Within the wholesale segment, electricity is generated and transmitted. Generating companies that own thermal power plants, hydroelectric power stations, and wind turbines produce electricity and transmit it through power lines to substations. On the wholesale market, purchases are made by energy-intensive industries, such as the «MetalliKO» metallurgical plant. Enterprises that have their own power plants can use the generated energy for their own needs or sell it. The operator of the wholesale electricity market, «OptEnergoMarket», is responsible for managing the wholesale segment. It organizes the trade in electricity, monitors compliance with rules and regulations by market participants, and verifies the accuracy of calculations.

Energy supplying organizations in the retail market, in turn, are engaged in the distribution and sale of electricity to end consumers, including households and organizations. Sales companies, such as the «OffEnergo» energy company, buy electricity on the wholesale market and sell it to consumers on the retail market.

Forecasting demand for electricity in the retail market is crucial, as it directly affects the volume of generation in the wholesale market. Accurate forecasting allows generating companies to adjust production according to consumer needs, ensuring stability and reliability of energy supply.

The smooth operation, reliability, and efficiency of all processes, including generation, transmission, distribution, and consumption of electricity, are ensured by a single operator of dispatch control - the Central Dispatch Unit «Energo». It carries out round-the-clock monitoring of the energy system.

If hackers interfere with the operation of at least one element of the energy system, all market participants will suffer, and the functioning of power supply facilities will be disrupted. And attacks on critical equipment of power plants can leave State F without electricity.

The companies of the electric power industry are featured in the «Energy sector» 3D model.

Energy

B0dyContainS

The Central Bank of Standoff is the country's financial regulator. Consumer financial services are provided by three commercial banks:

— Commercial Bank of Standoff caters to both individuals and organizations and offers international money transfers via SWIFTNet.

— First Partner Bank specializes in personal banking, supports QR code payments in its mobile app, and also provides internet acquiring services for small businesses.

— Global Digital Bank is a cutting-edge bank that operates without brick-and-mortar locations or tellers. It offers a wide range of products and services, from standard plastic cards and domestic money transfers to a mobile app with multiple features.

Hackers could disrupt banking apps or steal huge amounts from customers and the banks themselves.

Banking sector

LogCrushers

FEFU EXE1sior

RubyTeam

Ctrl+Alt+Defend

Tube produces, refines, stores, and sells oil and gas. Its assets include an oil refinery, a natural gas processing plant, pipelines with pumping stations, a trunk gas pipeline, tankage facilities, an LNG storage tank, and oil-product loading stations for rail and sea transportation. 
 
Over the past year, State F has made significant strides in the gas industry: Tube has set up new drilling facilities and commissioned a natural gas processing plant, which is now actively recruiting staff. The company uses a gas carrier to transport its products by sea. Tube also uses a custody transfer metering skid to measure the volume and quality of products delivered from suppliers to consumers.
 
Cyberattacks on the oil and gas industry can affect other sectors in State F beyond the target companies. For instance, malicious interference could shut down the tire factory, while disruptions in the operation of an oil pipeline, fractionating column, electric dehydrator, or hydrocracking reactor could cause a fuel crisis in State F. Hackers could also disable the air cooling unit at the liquefied natural gas facility or the absorption column at the gas processing plant, resulting in long periods of downtime and significant financial losses.
 
Tube is featured in the "Oil" and "Gas" 3D models.

Oil and gas

Busy Beavers

MetalliKO specializes in full-cycle ferrous and non-ferrous metal production and processing.
 
The factory has an onsite ore-blending plant with a bucket-wheel excavator and conveyor, a blast furnace, an oxygen-converter section, a continuous casting unit, and a rolling mill. Rolled metal is transported to customers from the product storage area.

Hacker attacks could knock out the cooling system of the blast furnace, bring the rolling mill to a standstill, cause molten metal to spill in the workshop, lead to a chlorine gas leak in the titanium production area, or trigger an explosion at the factory. Restoring the factory would take years of work and cost billions, meaning that State F's metal industry would basically collapse.
 
MetalliKO is featured in the "Metallurgy" 3D model.

Metallurgy

Жаным }|{aHblm

IDDQD Junior

Verus Team

ReKad Team

The only airline operating in State F is called Cloud Wings Airlines. It offers passenger and cargo transportation services.
 
The industrial design, engineering, and prototyping of aircrafts are handled by SkyTech Mechanics, which sets design and development standards for civil aircrafts, prepares engineering documentation, and conducts research.
 
A successful cyberattack on the airline billing system or ticket sales service could cause significant financial losses or even bring the company to the brink of bankruptcy. If hackers manage to leak client or partner data, the airline will face lawsuits and fines as well as reputational damage. 
 
By attacking the design bureau, hackers could steal its know-how, documents, and other confidential data.
 
Cloud Wings Airlines and SkyTech Mechanics are featured in the "Transport" 3D model.

Final of the international Standoff 15 Cyberbattle at PHDays Fest

Getting started

Completing tasks

Getting support

Leaderboard of attacker teams