Standoff 12
Cyber exercise
finished
Banking system
Banking system
The Central Bank of Standoff is the country's financial regulator. Consumer financial services are provided by three commercial banks. The Commercial Bank of Standoff, which has many offices across the country, caters to companies and organizations. First Partner Bank manages merchant accounts and enables QR code payments and fast transactions. Global Digital Bank has only one branch office as it is fully automated; the bank's applications are cloud-based.
Scope
Outer perimeter:
combs.stf 10.119.10.64/26
centralb.stf 10.119.10.128/26
firstpb.stf 10.119.10.192/26
glodb.stf 10.119.11.0/26
combs.stf 10.119.10.64/26
centralb.stf 10.119.10.128/26
firstpb.stf 10.119.10.192/26
glodb.stf 10.119.11.0/26
Inner perimeter:
combs.stf 10.149.2.0/23
centralb.stf 10.149.4.0/23
firstpb.stf 10.149.6.0/23
glodb.stf 10.149.8.0/23
combs.stf 10.149.2.0/23
centralb.stf 10.149.4.0/23
firstpb.stf 10.149.6.0/23
glodb.stf 10.149.8.0/23
Out of scope:
- all servers named logc.<office>.stf
- network 10.119.1.0/24
- SC SERVERS, SC USERS networks: 10.149.2.0/26, 10.149.4.0/26, 10.149.6.0/26, 10.149.8.0/26, 10.149.10.0/26, 10.149.12.0/26, 10.149.14.0/26, 10.149.16.0/26, 10.149.18.0/26, 10.149.20.0/26, 10.149.22.0/26, 10.149.24.0/26
- Accounts starting with "pt*"
Vulnerability reports
The tasks indicate where the vulnerabilities are located: on Gate hosts or in the DMZ and further within the infrastructure. Reports on vulnerabilities found in Gate are automatically verified upon flag submission. Reports on vulnerabilities found in the DMZ and within the infrastructure are verified by the jury.
When reporting a vulnerability, make sure to note where it was found. If it was discovered on Gate hosts, open the report in the relevant tab, select the vulnerability, and submit the flag. If it was found in the DMZ and further within the infrastructure, fill out a report for the jury.
Attacker metrics
Critical events
84reports
submitted
submitted
69critical events
triggered
triggered
Loading data
Difficulty:
Low
Medium
High
Master
Vulnerabilities
0vulnerabilities
discovered
discovered
Severity:
Critical: undefined
High: undefined
Medium: undefined
Low: undefined
Defender metrics
0
incidents
recorded
recorded
0
critical events
investigated
investigated
Results
Rank
Team
Triggered events
Event points
Discovered vulnerabilities
Vulnerability points
Bonus and penalty points
Total points
1
Codeby Pentest
12
70,250
0
0
70,250
2
RHTxSH13LD
12
43,314
0
0
43,314
3
True0xA3
11
40,372
0
0
40,372
4
ДРТ & ℭ𝔲𝔩𝔱
6
25,293
0
0
25,293
5
GISCYBERTEAM
7
18,544
0
0
18,544
6
Kibers
6
12,239
0
0
12,239
7
Jet_Infosystems
3
10,306
0
0
10,306
8
TSARKA
4
6,917
0
0
6,917
9
EvilBunnyWrote
2
5,680
0
0
5,680
10
Wardagen
2
3,805
0
0
3,805
11
SPbCTF
2
2,109
0
0
2,109
12
Invuls
1
1,305
0
0
1,305
13
Wetox
1
1,000
0
0
1,000