Positive Hack Days

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Positive Hack Days (PHDays) is a computer security conference held every year in Moscow. The first conference was held in 2011. The conference addresses such topics as zero-day attacks and digital investigations, cryptography and cyberwarfare, the security of a person and a state in the cyberworld. Attendance fee is required. Free tickets are available for winners of special hacking contests[1] and for students who participated in the Positive Education program.

PHDays is aimed at a wide range of audience, from hackers and technical experts to businessmen and politicians. Presentations are given in Russian and English.

PHDays 2011: Who will Win — Them or Us?[edit]

The first conference was held on May 19, 2011.

PHDays 2011 visitors

Reports and workshops covered such topics as government control of information security in Russia, internet banking system safety, secure connection in VoIP, protection of data in the cloud, virtualization system security. The keynote speaker of the event was Dmitry Sklyarov.

During the conference, a capture the flag (CTF) competition was held among information security specialists from different countries. The U.S. team PPP[2] was the winner.[3]

There were other hacking contests, and during one of them a participant detected a zero-day vulnerability in Safari for Windows.[4]

Among other speakers were experts from Kaspersky Lab, Russian Agricultural Bank, VimpelCom, Rostelecom, Cisco Systems, Leta IT-Company, Positive Technologies, PwC. About 500 people attended the one-day event.

PHDays 2012: Future Now[edit]

The second conference was conducted during May 30 and 31, 2012 at the Digital October center of new technologies.[5] Along with six parallel streams of presentations and workshops, a CTF competition and security-related contests were held again.

Alexander Peslyak (Solar Designer) at PHDays 2012

Topics were divided into two areas: technical (exploiting radio noise, password protection, telecom security, usage of sqlmap) and business (internet banking security, data leakage in government, seeking specialists in information security).

The conference featured Bruce Schneier, an American cryptographer, the author of Applied Cryptography, Datuk Mohd Noor Amin (from IMPACT, UN), and Alexander Peslyak (known as Solar Designer), the creator of the password cracking tool John the Ripper.

Significant events include: demonstration of zero-day vulnerabilities in Windows XP and FreeBSD 8.3, cracking iPhone 4S, and contests in taking control over AR.Drone and analyzing internet banking system security.

Young School, a competition of young scientists' research papers, took place for the first time.

Among the conference's participants were representatives of Kaspersky Lab, National Agency for Computer Security of Tunisia, Cisco Systems, Eset, Openwall Project, Highload Lab, and other companies. PHDays 2012 gathered 2,000 people.

PHDays III: From Both Sides of the Barricade[edit]

A participant getting over the laser field of the Labyrinth

The third conference was held on May 23 and 24 at the World Trade Center.[6] Among main topics: ICS protection, web application and mobile application security, preventing attacks against banking systems, cooperation between government, researchers and information society.

Marc "van Hauser" Heuse, the creator of THC-Hydra, Amap and SuSEFirewall and the founder of The Hacker Choice, became the leading speaker.[7]

Significant events include: a report from SCADA Strangelove [8] about the security of Siemens SIMATIC software, a workshop on hacking ATM, a workshop from The Open Organisation Of Lockpickers (experts in nondestructive lock opening), a model railroad controlled by real industrial systems, the Labyrinth's rooms with laser field and motion detectors.[9]

George Hotz (geohot) participated in the CTF contest as a member of PPP. He was the first to unlock iPhone, which allowed using it with other providers besides AT&T. George Hotz also won 2drunk2hack, a contest, where participants should hack web applications and have a strong drink when fail.

Specialists from Kaspersky Lab, Cisco Systems, Nokia, RSA, IPONWEB, Qualys visited the conference. PHDays III saw about 2,500 attendees.[10]

A movie about preparation for the conference was released in 2013.[11]

PHDays IV: IT Gazes You[edit]

A model railroad connected to real SCADA systems

The conference took place on May 21 and 22, 2014 at Digital October. Among main topics: protection of ICS and critical infrastructure components, internet banking system security, the internet of things, regulation of the information security industry, cyberwarfare.

Alisa Shevchenko detected several zero-day vulnerabilities in Indusoft Web Studio 7.1 during a contest in analyzing ICS security.[12] Significant events include: a contest in identifying threats of a smart home,[13] discussion of the security of telecommunications companies and the lack of really smart grids in the power industry.

During a security-related competition, its participants managed to withdraw money from a banking system[14] that had been developed especially for the competition and filled with vulnerabilities that commonly occur in real internet banking systems.

Specialists from Kaspersky Lab, Cisco Systems, ReVuln, TOOOL, Parameter Security took part in the conference. PHDays IV drew more than 2,500 attendees.

PHDays V: Singular Point[edit]

The conference was held from 26 to 27 May, 2015 at World Trade Center, Moscow, Russia.

PHDays VI: The Standoff[edit]

The conference was held from 17 to 18 May, 2016 at World Trade Center, Moscow, Russia.

PHDays VIII: Enemy Inside[edit]

The conference was held from 23 to 24 May, 2017 at World Trade Center, Moscow, Russia.

PHDays VIII: Digital Bet[edit]

The conference was held from 15 to 16 May, 2018 at 12 Krasnopresnenskaya Embankment, Moscow, Russia.

PHDays IX: Breaking the Constant[edit]

The conference was held from 21 to 22 May, 2019 at the Crocus Expo International Exhibition Center, Moscow, Russia.


Technical reports, workshops, competitions, discussions about regulation of the IT industry and about business development are commonly held during PHDays. However, the feature of the conference is providing special activities that are aimed at creating an open and cyberpunk atmosphere. The conference always ends with live performances of popular Russian rock bands. In 2014, cyberpunk movies were played during the night between the two days of the conference.[15]


  1. ^ "PHDays — Positive Hack Days. CTF". Phdays.com. Retrieved 16 December 2014.
  2. ^ ":: Plaid Parliament of Pwning ::". Ppp.cylab.cmu.edu. Retrieved 16 December 2014.
  3. ^ "CTF Results". 2011.phdays.com. Retrieved 16 December 2014.
  4. ^ "Positive Research Center". Blog.ptsecurity.com. Retrieved 16 December 2014.
  5. ^ "Digital October". Digital October. Retrieved 16 December 2014.
  6. ^ "About WTC Moscow". Wtcmoscow.ru. Retrieved 16 December 2014.
  7. ^ "Positive Hack Days". Blog.phdays.com. Retrieved 16 December 2014.
  8. ^ "SCADA Strange Love". Scadastrangelove.org. Archived from the original on 31 December 2012. Retrieved 16 December 2014.
  9. ^ "Positive Hack Days". Blog.phdays.com. Retrieved 16 December 2014.
  10. ^ "Forum Helps Hackers to Obey Law - Business". The Moscow Times. Retrieved 16 December 2014.
  11. ^ "PHDays III Documentary". YouTube. Retrieved 16 December 2014.
  12. ^ "PHDays — Positive Hack Days. Smart City Hacked at PHDays IV". 2014.phdays.com. Retrieved 16 December 2014.
  13. ^ "PHDays — Positive Hack Days. Survive Hacking at PHDays. Cyber Threats of a Common Apartment". 2014.phdays.com. Retrieved 16 December 2014.
  14. ^ "PHDays — Positive Hack Days. The $natch Contest Is Over". 2014.phdays.com. Retrieved 16 December 2014.
  15. ^ "Positive Hack Days". Blog.phdays.com. Retrieved 16 December 2014.

External links[edit]