White hat hackers and defense experts test their limits online and offline in this year's biggest cyberbattle at PHDays Fest 2

cyber_battle

Standoff 13 main stage

Earn points by finding vulnerabilities in systems. Points are awarded separately for each system, and you can report only one vulnerability of each type per system.

NoT1meToSleep

The company provides hosting services and develops software for organizations across various sectors. For instance, it maintains a ticket sales service and a platform for interaction between citizens and government authorities.

## Scope
Outer perimeter:
it.stf 10.119.12.0/26,
hosting.stf 10.119.12.64/26,
10.119.14.0/24 
Inner perimeter:
hosting.stf 10.149.18.0/23,
it.stf 10.149.16.0/23

## Out of scope: 
1) all servers named logc.&lt;office&gt;.stf
2) network 10.119.1.0/24
3) SC SERVERS, SC USERS networks: 10.149.2.0/26, 10.149.4.0/26, 10.149.6.0/26, 10.149.8.0/26, 10.149.10.0/26, 10.149.12.0/26, 10.149.14.0/26, 10.149.16.0/26, 10.149.18.0/26, 10.149.20.0/26, 10.149.22.0/26, 10.149.24.0/26
4) Accounts starting with "pt*"

## Vulnerability reports
The tasks indicate where the vulnerabilities are located: on Gate hosts or in the DMZ and further within the infrastructure. Reports on vulnerabilities found in Gate are automatically verified upon flag submission. Reports on vulnerabilities found in the DMZ and within the infrastructure are verified by the jury.  
 
When reporting a vulnerability, make sure to note where it was found. If it was discovered on Gate hosts, open the report in the relevant tab, select the vulnerability, and submit the flag. If it was found in the DMZ and further within the infrastructure, fill out a report for the jury.

STFware

IDDQD

The company produces, refines, stores, and markets oil and gas. Among its assets are a production field, an oil refinery, pipelines with pumping stations, tankage facilities, an oil-product loading station for rail transportation, and a gas distribution station

## Scope
Outer perimeter: 
10.119.11.128/26 
Inner perimeter:
10.149.12.0/23

## Out of scope: 
1) all servers named logc.&lt;office&gt;.stf
2) network 10.119.1.0/24
3) SC SERVERS, SC USERS networks: 10.149.2.0/26, 10.149.4.0/26, 10.149.6.0/26, 10.149.8.0/26, 10.149.10.0/26, 10.149.12.0/26, 10.149.14.0/26, 10.149.16.0/26, 10.149.18.0/26, 10.149.20.0/26, 10.149.22.0/26, 10.149.24.0/26
4) Accounts starting with "pt*"

## Vulnerability reports
The tasks indicate where the vulnerabilities are located: on Gate hosts or in the DMZ and further within the infrastructure. Reports on vulnerabilities found in Gate are automatically verified upon flag submission. Reports on vulnerabilities found in the DMZ and within the infrastructure are verified by the jury.  
 
When reporting a vulnerability, make sure to note where it was found. If it was discovered on Gate hosts, open the report in the relevant tab, select the vulnerability, and submit the flag. If it was found in the DMZ and further within the infrastructure, fill out a report for the jury.

Tube

tSOC

Heavy Logistics manages transport infrastructure and operates the traffic light system in State F. The company is also in charge of airport customs, a temporary storage warehouse, an airport express train station, and an automated parking facility for airport visitors and passengers.

State F will face catastrophic consequences if hackers break into Heavy Logistics systems and seize control. For example, they could cause a passenger information system failure, disrupt traffic, and contribute to flight delays or runway overruns.
 
Heavy Logistics is featured in the "Transport" 3D model.

Logistics

Command_and_Defend

The Central Bank of Standoff is the country's financial regulator. Consumer financial services are provided by three commercial banks. The Commercial Bank of Standoff, which has many offices across the country, caters to companies and organizations. First Partner Bank manages merchant accounts and enables QR code payments and fast transactions. Global Digital Bank has only one branch office as it is fully automated; the bank's applications are cloud-based.

## Scope
Outer perimeter:
combs.stf 10.119.10.64/26
centralb.stf 10.119.10.128/26
firstpb.stf 10.119.10.192/26
glodb.stf 10.119.11.0/26

Inner perimeter:
combs.stf 10.149.2.0/23
centralb.stf 10.149.4.0/23
firstpb.stf 10.149.6.0/23
glodb.stf 10.149.8.0/23

## Out of scope: 
1) all servers named logc.&lt;office&gt;.stf
2) network 10.119.1.0/24
3) SC SERVERS, SC USERS networks: 10.149.2.0/26, 10.149.4.0/26, 10.149.6.0/26, 10.149.8.0/26, 10.149.10.0/26, 10.149.12.0/26, 10.149.14.0/26, 10.149.16.0/26, 10.149.18.0/26, 10.149.20.0/26, 10.149.22.0/26, 10.149.24.0/26
4) Accounts starting with "pt*"

## Vulnerability reports
The tasks indicate where the vulnerabilities are located: on Gate hosts or in the DMZ and further within the infrastructure. Reports on vulnerabilities found in Gate are automatically verified upon flag submission. Reports on vulnerabilities found in the DMZ and within the infrastructure are verified by the jury.  
 
When reporting a vulnerability, make sure to note where it was found. If it was discovered on Gate hosts, open the report in the relevant tab, select the vulnerability, and submit the flag. If it was found in the DMZ and further within the infrastructure, fill out a report for the jury.

Banking system

Your shell not pass

Electricity is generated at thermal and hydroelectric power plants, as well as by wind turbines and a solar power plant. The generated electricity is delivered through power lines to substations that feed cities, factories, and transport. All substations are managed by a dispatch control center. Smart meters send readings directly to the energy company.

## Scope
Outer perimeter: 
10.119.10.0/26
Inner perimeter:
10.149.0.0/23

## Out of scope: 
1) all servers named logc.&lt;office&gt;.stf
2) network 10.119.1.0/24
3) SC SERVERS, SC USERS networks: 10.149.2.0/26, 10.149.4.0/26, 10.149.6.0/26, 10.149.8.0/26, 10.149.10.0/26, 10.149.12.0/26, 10.149.14.0/26, 10.149.16.0/26, 10.149.18.0/26, 10.149.20.0/26, 10.149.22.0/26, 10.149.24.0/26
4) Accounts starting with "pt*"

## Vulnerability reports
The tasks indicate where the vulnerabilities are located: on Gate hosts or in the DMZ and further within the infrastructure. Reports on vulnerabilities found in Gate are automatically verified upon flag submission. Reports on vulnerabilities found in the DMZ and within the infrastructure are verified by the jury.  
 
When reporting a vulnerability, make sure to note where it was found. If it was discovered on Gate hosts, open the report in the relevant tab, select the vulnerability, and submit the flag. If it was found in the DMZ and further within the infrastructure, fill out a report for the jury.

Electric power industry

Maybe False

ОЦК Минпромторга России

The factory has an onsite ore-blending plant with a bucket-wheel excavator and conveyor, a blast furnace, an oxygen-converter section, a rolling mill, and a continuous casting machine. Rolled metal is transported to customers from the finished product storage area

## Scope
Outer perimeter:
10.119.11.64/26
Inner perimeter:
10.149.10.0/23

## Out of scope: 
1) all servers named logc.&lt;office&gt;.stf
2) network 10.119.1.0/24
3) SC SERVERS, SC USERS networks: 10.149.2.0/26, 10.149.4.0/26, 10.149.6.0/26, 10.149.8.0/26, 10.149.10.0/26, 10.149.12.0/26, 10.149.14.0/26, 10.149.16.0/26, 10.149.18.0/26, 10.149.20.0/26, 10.149.22.0/26, 10.149.24.0/26
4) Accounts starting with "pt*"

## Vulnerability reports
The tasks indicate where the vulnerabilities are located: on Gate hosts or in the DMZ and further within the infrastructure. Reports on vulnerabilities found in Gate are automatically verified upon flag submission. Reports on vulnerabilities found in the DMZ and within the infrastructure are verified by the jury.  
 
When reporting a vulnerability, make sure to note where it was found. If it was discovered on Gate hosts, open the report in the relevant tab, select the vulnerability, and submit the flag. If it was found in the DMZ and further within the infrastructure, fill out a report for the jury.

MetalliKO

Grep_Tribe

Cyber1000

WithoutP@$$w0rd

City Housing & Utilities provides communal and public services in State F. In particular, it is in charge of street lighting, building maintenance, digital billboards, and public transportation. The company also manages shopping malls and business centers, parking lots, a multifunctional public service center, and information desks. In addition, City Housing & Utilities connects residential apartments to the city's broadcasting network and provides entertainment and leisure activities for citizens.

Cyberattacks on the company could affect citizens significantly, leaving them without online pharmacy orders, street lighting, and access to public services, or even causing panic and chaos with false evacuation alerts.

City Housing & Utilities is featured in the "Urban services" 3D model.

Urban infrastructure

GreenWallTeam

The company owns a nuclear power plant with a single power unit and a uranium enrichment plant. The energy generated by the nuclear power plant is delivered to consumers through substation 3. The plant has centrifuges that separate uranium-235 from uranium-238

## Scope
Outer perimeter:
10.119.12.128/26
Inner perimeter:
10.149.20.0/22

## Out of scope: 
1) all servers named logc.&lt;office&gt;.stf
2) network 10.119.1.0/24
3) SC SERVERS, SC USERS networks: 10.149.2.0/26, 10.149.4.0/26, 10.149.6.0/26, 10.149.8.0/26, 10.149.10.0/26, 10.149.12.0/26, 10.149.14.0/26, 10.149.16.0/26, 10.149.18.0/26, 10.149.20.0/26, 10.149.22.0/26, 10.149.24.0/26
4) Accounts starting with "pt*"

## Vulnerability reports
The tasks indicate where the vulnerabilities are located: on Gate hosts or in the DMZ and further within the infrastructure. Reports on vulnerabilities found in Gate are automatically verified upon flag submission. Reports on vulnerabilities found in the DMZ and within the infrastructure are verified by the jury.  
 
When reporting a vulnerability, make sure to note where it was found. If it was discovered on Gate hosts, open the report in the relevant tab, select the vulnerability, and submit the flag. If it was found in the DMZ and further within the infrastructure, fill out a report for the jury.

Standoff 13 main stage

Tube

Scope

Out of scope:

Vulnerability reports

Attacker metrics

Defender metrics

Results